Published on 17 Oct 2023
Companion guides will help more understand risks and responsibilities of using cloud, achieve national cybersecurity standards
[Singapore, 17 Oct 2023] The Cyber Security Agency of Singapore and the Cloud Security Alliance have launched two Cloud Security Companion Guides to support Cyber Essentials and Cyber Trust, which are national cybersecurity standards developed by the Agency. The launch was announced by Mr Tan Kiat How, Senior Minister of State for Communications and Information and for National Development at the Singapore International Cyber Week 2023.
2. The companion guides were developed in close partnership with major cloud service providers in Singapore – Amazon Web Services, Google Cloud and Microsoft. The providers gave insights based on their experience with their customers, contributed relevant findings and statistics, and validated the content of the companion guides.
3. Over the years, enterprise cloud adoption has risen significantly. Cybercriminals are also increasingly targeting organisations’ cloud environment, with considerable growth in cloud-based attacks reported over the last two years. The companion guides provide advisories for cloud customers, including small-medium enterprises (SMEs), to better understand their cloud-specific risks and responsibilities, as well as the necessary steps to take. These include employee training on their roles in cloud security and how they can operate securely in the cloud and implement mechanisms to track and monitor the inventory of its cloud services.
4. One of the common areas of confusion when organisations use the cloud is the division of responsibility between themselves as cloud users, and that of their cloud providers. In an on-premise deployment, the organisation is solely responsible for its cybersecurity. However, in a cloud deployment, there is shared responsibility, and organisations may not be fully aware of the areas they are responsible for. This may increase the likelihood of misconfigurations, malicious attacks and/or data breaches.
5. The companion guide for Cyber Essentials, targeted at SMEs, uses a shared responsibility model to help organisations to understand what they and their providers each need to take care of to secure the cloud environment.
6. The companion guide for Cyber Trust, targeted at larger or more digitalised organisations, maps each of the cybersecurity preparedness domain in the Cyber Trust mark, such as cyber governance and oversight and cyber education, to the framework published by the Cloud Security Alliance. This mapping provides a useful and convenient reference for organisations, making it easier for them to implement the measures necessary to attain the Cyber Trust mark.
7. As part of the close partnership in developing the companion guides, Amazon Web Services, Google Cloud and Microsoft have also developed provider-specific guides that are organised based on the measures listed in the Cyber Essentials and Cyber Trust marks.
8. The companion guides are available for free on the Cyber Security Agency of Singapore’s website from today. Cloud providers, Chief Information Security Officer-as-a-Service providers onboarded by the Agency to develop cybersecurity health plans for organisations as well as certification bodies appointed for Cyber Essentials and Cyber Trust will also be sharing them with their respective customers. The companion guides are expected to benefit about 27% of businesses in Singapore using cloud computing services in 2022, a statistic gleaned from the Infocomm Media Development Authority’s Survey on Infocomm Usage by Enterprises. For more information on the companion guides, please refer to Annex A and B.
9. Dan Yock Hau, Assistant Chief Executive, Cyber Security Agency of Singapore, said “These companion guides are intended to help enterprises be cyber safe when using the cloud and help them achieve the Cyber Essentials and Cyber Trust marks. In doing so, their customers will have greater peace of mind when transacting with them. It will be a win-win situation for both enterprises and their customers.”
10. Daniele Catteddu, Chief Technology Officer for Cloud Security Alliance, said “It is clear that all organisations and users have a role to play to protect themselves against cyber-attacks in the cloud. We salute the Cyber Security Agency of Singapore for their leadership in delivering timely and pragmatic guidance that clearly articulates the shared responsibility for security among members of the cloud ecosystem. Cloud Security Alliance is honoured to collaborate on this important work. By contributing our Cloud Controls Matrix mappings to the companion guide for Cyber Trust, these best practices in the matrix are very relevant for both Singapore and the global market.”
11. Mark Johnston, Director, Office of the CISO, Google Cloud, said, "The Cloud Security Companion Guides are a valuable resource for organisations looking to adopt cloud services more confidently and securely. As part of our commitment to partner with the Cyber Security Agency of Singapore and our customers to make Google Cloud the most secure and reliable platform for innovation, the Google Workspace Security Companion Guide for Cyber Essentials demonstrates how Google's security-by-default approach supports our customers' journey towards enhanced cyber resilience."
12. Dennis Chung, Singapore Chief Security Officer, Microsoft, said, “Since becoming Advocate Partners in the SG Cyber Safe Programme in 2021, we have built momentum to create a resilient, digitally inclusive Singapore through our deep partnership with CSA as cyber threats continue to evolve. The Cloud Security Companion Guide complements our work with businesses, local government bodies and regulators, as we strengthen our security advocacy and innovation, promote good cyber hygiene practices, and create a safer online world for all.”
About the Cyber Security Agency of Singapore
Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cybersecurity awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes. CSA is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information. For more news and information, please visit www.csa.gov.sg.
About the Cloud Security Alliance
The Cloud Security Alliance is the world’s leading organisation dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. The Cloud Security Alliance harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. The activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org.