We also have increasing geo-redundancy for critical data. This came just after the 2020 Solarwinds attack, and is likely related. So they want more data on the end users stored by the cloud providers. It says the problem is that attackers often wipe their systems after using them, making it hard to determine who they are when those systems are analyzed the EO notes the same dynamic. The strategy references the order to avoid the misuse of US-based infrastructure. It particularly calls out foreign resellers, the idea to make them more liable and incentivized to prevent abuse. The Biden administration is now looking at implementing this EO but explains for slightly different reasons in the cybersecurity strategy. The most contentious strategic objective in the National Cybersecurity Strategy outlines the intent to implement EO 13984, which was published but never implemented in the final days of the Trump administration. cloud providers by enforcing stronger “know your customer” checks. Register today!Įxecutive Order 13984 makes it harder for attackers to host their malware and attacks on U.S. For example, “software as a service” and “infrastructure as a service” differ.įederal News Network's Cyber Leaders Exchange: Discover the ways that agencies lead the way as the government “fundamentally re-imagines America’s cyber social construct”. Additionally, the cloud is used relatively interchangeably in parts of the document.
Although that only raises the bar on the importance of enhancing security in the cloud. The first strategic objective suggests using cloud-based services to improve the cybersecurity of critical sectors. The National Cybersecurity Strategy starts positively and discusses how the cloud can help security. For all the talk of cyber attacks against cloud providers, the most significant impacts from cloud services going down have resulted from a power outage at AWS and when a data center at OVH burnt down. Most critical infrastructure entities need to be able to go entirely multi-cloud, limiting points of exposure. Critical infrastructure entities modernizing towards the cloud must consider disaster recovery plans. The financial services industry is an example of how a sector diversifies activity across multiple cloud providers to avoid any points of failure. The biggest threat right now to cloud infrastructure is more physical disasters than technical failures. Several reports have been on possible incoming regulations impacting cloud providers. Adding know-your-customer requirements to cloud providers is well-intentioned but pushing attackers to use services further from the reach of law enforcement. government “knows better” regarding regulation and security guidance. The major cloud service providers are the world’s best at managing and securing cloud infrastructure.
economy is growing too reliant on a small number of companies whose risk management processes no one, at least not anyone outside the companies, seems to have much insight into. Above all, there is increasing concern within the White House that the U.S. The White House seeks to narrow the growing chasm between the immense power companies like Microsoft, Amazon, Google and Oracle wield over the country’s digital fortunes and the few tools the government has to ensure their cybersecurity practices keep more than their pocketbooks in mind. economy is growing too reliant on a small number of companies whose risk management processes no one.
0 kommentar(er)
