In this panel we will discuss with the large cloud providers the recent call of their user organizations to implement cloud baseline security by default in order to unburden their customers of the many duplicative efforts of verifying, implementing, and maintaining recommended security baselines for the benefit of society at large.
By now most organizations are dependent on cloud infrastructure and services from Microsoft, Amazon, and Google. In turn, our societies are reliant on their effective operations and ramifications are felt across our economies and societies. The cloud offers advantages in terms of availability and scalability, but the technical complexity of configuring and securing the cloud is beyond the capacity of most user organizations. Sane security options currently must be enabled by customers and maintained on a continual basis
or are only available as a separate service, if customers are even aware of them at all. The system whereby we rely on customers to implement secure configurations, controls, and policies results in our infrastructure being ill-configured and insecure by default. Few have the means to overcome
this challenge; most do not. Existing initiatives to support customers with this burden are not comprehensive, consistent, or transparent enough to ensure the baseline level of security. This leaves the customers vulnerable to malicious attacks and breaches and creates unwarranted risk, while the cloud providers have the experience, capabilities, and reach to implement
cloud baseline security by default.
Where implementation of security by default is well feasible for new customers going forward, we will discuss the issues presented when implementing for existing customers and how these may be addressed.
