The National Cyber Security Centre (NCSC) has published new guidance on how to use a cloud service securely.
Published as part of the NCSC’s broader cloud security guidance, the new section places an emphasis on the configuration of services, focusing on the use of software-as-a-service (SaaS), cloud platforms, architecting services in the cloud and platform guidance.
Writing in a blogpost, NCSC principal security researcher Jamie H said: “The security expectations on any cloud provider are broadly similar, which we cover in our guidance on choosing a cloud provider.
“However, when it comes to using a cloud service, the kind of service can have a big impact on your security responsibilities, most security incidents we see in the cloud boil down to configuration issues in use of the service.”
Requirements with SaaS
He adds that the main focus when using SaaS is configuring identity and access controls to be sufficiently secure in an excellent user experience, and that the most common sources of security issues in the use of SaaS applications are poor authentication and authorisation configuration.
The new guidance responds with a focus on building strong observability and using automation to implement a security approach.
“We believe that by applying our refreshed Cloud Security Principles and the new cloud platform and SaaS guidance in tandem, you should be protected from most common cyber attacks we see,” Jamie H said. “With this guidance, you can embrace the opportunities and benefits of cloud services with confidence.”
