(Singapore, 17 October 2023) The Cybersecurity Agency of Singapore and the Cloud Security Alliance have launched two cloud security companion guides to support Cyber Essentials and Cyber Trust, which are national cybersecurity standards developed by the agency. The launch was announced by Mr Tan Kiat Haw, Senior Minister of State for Communications, Information and National Development at Singapore International Cyber Week 2023.
2. The accompanying guides were developed in close partnership with the leading cloud providers in Singapore – Amazon Web Services, Google Cloud and Microsoft. Service providers provided insights based on their experience with their clients, contributed relevant findings and statistics, and validated the content of the accompanying evidence.
3. Over the years, enterprise cloud adoption has risen significantly. Cybercriminals are increasingly targeting enterprise clouds, with significant growth in cloud-based attacks reported over the past two years. The accompanying guides provide tips for cloud customers, including small and medium enterprises (SMEs), to better understand cloud-specific risks and responsibilities, as well as necessary steps to take. This includes training employees on their roles in cloud security and how they can work securely in the cloud and implementing mechanisms to track and monitor the inventory of its cloud services.
4. One common area of confusion when organizations use the cloud is the division of responsibility between themselves as cloud users, and the responsibility of cloud service providers. In an on-premise deployment, the organization is solely responsible for its cybersecurity. However, in cloud deployment, there is shared responsibility, and organizations may not be fully aware of the areas they are responsible for. This may increase the possibility of misconfigurations, malicious attacks, and/or data breaches.
5. The Cyber Essentials companion guide, aimed at SMBs, uses a shared responsibility model to help organizations understand what they and their service providers need to pay attention to to secure their cloud environment.
6. The Cyber Trust's companion guide, aimed at larger or more digital organizations, maps each of the cybersecurity preparedness areas in the Cyber Trust brand, such as governance, cyber oversight and cyber education, to the framework published by the Cloud Security Alliance. This designation provides a useful and convenient reference for organizations, making it easier for them to implement the necessary measures to obtain the Cyber Trust label.
7. As part of a close partnership in developing the accompanying guides, Amazon Web Services, Google Cloud, and Microsoft have also developed provider-specific guides organized based on measures included in the Cyber Essentials and Cyber Trust labels.
8. The accompanying guides are available free of charge on the Cyber Security Agency of Singapore's website from today. Cloud service providers, key information security service providers used by the agency to develop cybersecurity health plans for organizations as well as designated certification bodies for Cyber Essentials and Cyber Trust, will also share them with their clients. The accompanying guides are expected to benefit about 27% of companies in Singapore using cloud computing services in 2022, a statistic derived from the Infomedia Development Authority's survey on the use of information and communications by companies. For more information on the accompanying evidence, please refer to Appendices A and B.
9. Dan Yeok How, Assistant Chief Executive of the Cyber Security Agency of Singapore, said: “These accompanying guides aim to help organizations be cyber-secure when using the cloud and help them achieve the Cyber Essentials and Cyber Trust marks. In doing so , their customers will have greater peace of mind when dealing with them. This will be a win-win situation for both companies and their customers.
10. “It is clear that all organizations and users have a role to play in protecting themselves from cyber attacks in the cloud,” said Daniel Katido, CTO at Cloud Security Alliance. We applaud the Cybersecurity Agency of Singapore for its leadership in providing timely and practical guidance that clearly articulates shared responsibility for security among members of the cloud ecosystem. The Cloud Security Alliance is honored to collaborate on this important work. By contributing our Cloud Control Matrix mappings to the Cyber Trust companion guide, the best practices in the matrix are relevant to both the Singapore and global market.
11. “The accompanying guides to cloud security are a valuable resource for organizations looking to adopt cloud services more confidently and securely,” said Mark Johnston, Director of the Office of the Chief Information Security Officer at Google Cloud. “As part of our commitment to partner with the Cybersecurity Agency of Singapore and our customers to make Google Cloud the The most secure and reliable foundation for innovation, the Google Workspace Security Companion for Cyber Essentials explains how Google's default security approach supports our customers' journey toward cyber resilience.
12. Dennis Chong, Chief Security Officer, Singapore, Microsoft, said: “Since becoming SG Cyber Safe partner partners in 2021, we have built momentum to create a digitally resilient and inclusive Singapore through our deep partnership with the CSA as cyber threats continue. To develop. The Cloud Security Companion Guide complements our work with businesses, local government agencies, and regulators, as we strengthen our security and innovation advocacy, promote good cyber hygiene practices, and create a safer online world for everyone.
About the Cyber Security Agency of Singapore
Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore's cyberspace safe and secure to support our national security, boost the digital economy, and protect our digital way of life. It maintains oversight of national cybersecurity functions and works with sector leaders to protect Singapore's critical information infrastructure. CSA is also collaborating with various stakeholders to raise cybersecurity awareness, build a vibrant cybersecurity ecosystem supported by a strong workforce, pursue international partnerships and drive regional capacity building programs in cybersecurity. CSA is part of the Prime Minister's Office and is administered by the Ministry of Communications and Information. For more news and information, please visit www.csa.gov.sg.
About the Cloud Security Alliance
The Cloud Security Alliance is the world's leading organization dedicated to identifying and raising awareness of best practices to help ensure a secure cloud computing environment. The Cloud Security Alliance harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to deliver cloud security research, education, training, certifications, events, and products. The activities, knowledge and extensive network benefit the entire cloud-affected community – from service providers and customers to governments, entrepreneurs and the assurance industry – and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For more information, visit us at www.cloudsecurityalliance.org.
