UK’s Cybersecurity Policy For Business

The British Government has decided to embrace cloud computing as a way of combating cyber-attacks.

The UK Government is a global leader in promoting public sector use of cloud technology for example, Transport for London's contactless payment system was introduced far ahead of similar public transportation networks across the world. 

However, like all organisations, it is under increasing pressure to generate cost savings, increase efficiencies and improve services, which are a few of the reasons why the Government has decided to embrace cloud computing as a way of combatting cyber-attacks.

In truth, cyber-security related issues now cost British businesses a total of £34 billion a year, according to a joint study undertaken in 2015 by the Centre for Economics and Business Research (Cebr) and Veracode. Nearly £18 billion of that figure is attributed to lost revenue, while £16 billion relates to increased IT spend as a result of breaches. Equally worrying is that 34 percent of cyber-crime aimed at UK organisations relates to intellectual property ‘IP' theft, a ‘crown jewel' for many businesses.

It is statistics like these that have led the UK Government to significantly increase its cyber-crime budget. However, the message remains clear, that all organisations, including those in the private sector, must take charge of their own security, through both use of technology and by promoting higher levels of employee awareness. Here are 14 suggestions that everyday businesses can learn from the Government and should consider when creating their own cyber-security protection framework:

1.     Protecting moving data - Consumer data moving in-between networks should be adequately protected against tampering and eavesdropping, through a combination of network protection and encryption

2.     Asset protection and resilience - Consumer data, and the assets storing or processing it, should be protected against physical tampering, loss, damage or removal

3.     Separation between consumers - Separation should exist between different consumers of the service to prevent one malicious or compromised consumer from affecting the service or data of another

4.     Governance framework - The service provider should have a security governance framework in place that coordinates and directs their overall approach to the management of the service and information

5.     Operational security - The service provider should have processes and procedures in place to ensure the operational security of the service

6.     Personnel security - Service provider staff should be subject to personnel security screening and security education before starting their role

7.     Secure development - Services should be designed and developed to identify and mitigate threats to their security

8.     Supply chain security - The service provider should ensure that its supply chain supports all security principles that need to be implemented

9.     Secure consumer management - Consumers should be provided with the tools required to help them securely manage their service

10.  Identity and authentication - Access to all service interfaces (for consumers and providers) should be controlled to authorised individuals

11.  External interface protection - All external or less trusted interfaces of the service should be identified and have appropriate protections to defend against attacks through them

12.  Secure service administration - The methods used by the service provider's administrators to manage the operational service should be designed to mitigate any risk of exploitation that could undermine the security of the service

13.  Audit information provision to consumers - Consumers should be provided with the audit records they need to monitor access to their service and the data held within it

14.  Secure use of the service by the consumer - Consumers have certain responsibilities when using a cloud service in order for this use to remain secure, and for their data to be adequately protected

While designed for public sector organisations, these principles provide a solid framework for supporting secure cloud adoption across all industries. Trust and security remain paramount drivers, alongside industry-specific requirements, with the list above providing a solid framework for selecting a cloud services provider.

It's clear that Government IT projects are moving to the cloud, but security still remains front of mind throughout this transformation. At a time when doing more with less is essential, policy myths and data classification confusion are slowing cloud adoption. The announcement of the EU-US privacy shield represents a vital step in maintaining data flows and strengthening confidence around security in the cloud.

SC Magazine

« Preliminary Agreement On Airline Cybersecurity
Video-Gaming Is The Next Cybercrime Target »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Hyve

Hyve

Hyve provide a wide range of managed web hosting services including private, hybrid and public VMware cloud hosting.

edgescan

edgescan

edgescan is a cloud-based continuous vulnerability management and penetration testing solution.

Cobalt Strike

Cobalt Strike

Cobalt Strike is penetration testing software designed to execute targeted attacks.

SafeBreach

SafeBreach

SafeBreach's platform simulates hacker breach methods across the entire kill chain to identify breach scenarios in your environment before an attacker does.

MBL Technologies

MBL Technologies

MBL Technologies specializes in information assurance, enterprise security, privacy, and program/project management.

Atempo

Atempo

Atempo is a leading independent European-based software vendor with a global presence. We provide solutions to protect, store, move and recover all your data.

Cansure

Cansure

Cansure is a leading insurance provider in Canada offering a broad range of property & casualty insurance solutions including Cyber & Data Breach insurance.

Infortec

Infortec

Infortec provide consultancy and solutions for the protection of digital information and the management of computer resources.

DNX Ventures

DNX Ventures

Based in Silicon Valley and Tokyo, DNX Ventures is an early stage VC for B2B startups in sectors including Cybersecurity.

Avancer Corporation

Avancer Corporation

Avancer Corporation is a multi-system integrator focusing on Identity and Access Management (IAM) Technology. Founded in 2004.

Radius Technologies

Radius Technologies

Radius Technologies is trusted by progressive SMEs to deliver world-class cloud, IT solutions, IT and data security, and telecoms systems.

Threat Con

Threat Con

Threat Con is a one of its kind event in Nepal, a series of annual international security conventions similar to the famous Black Hat and DEF CON conferences.

Vultara

Vultara

Vultara provides web-based product security risk management tools for electronics manufacturers.

TeamT5

TeamT5

TeamT5 Inc. is a leading cybersecurity company dedicated to cyber threat research and solutions.

Liverton Security

Liverton Security

Liverton Security is a New Zealand-owned cyber security provider offering consultancy and security-related products to government and commercial customers throughout New Zealand.

Syteca

Syteca

Syteca is specifically designed to secure organizations against threats caused by insiders. It provides full visibility and control over internal risks.