Fresh Thoughts #1: Trouble Ahead for Cyber Essentials?
- Newsletter
Trouble ahead for Cyber Essentials?
You may have seen that the UK government's Cyber Essentials was overhauled last month.
Two changes stood out.
- All cloud services are now in scope. Perfect. 67% of Microsoft Exchange email servers are now in the cloud.(pdf)
- By next January, all cloud services need to use multi-factor authentication (MFA).
Great. It makes perfect sense. So, where's the issue?
If you and your team only use enterprise cloud vendors - Adobe, Google, Microsoft, Salesforce - you will essentially be fine (except for 😒... Yammer).
But if your teams are trying out innovative alternatives...
Todo lists on todoist?
Collaboration using Notion?
Jobs on Monster?
and so on...
You may have trouble ahead.
The above and a large swath of mid-tier cloud services haven't quite learnt the value of multi-factor authentication.
So what's the solution?
Three possible scenarios:
- From the NCSC's own review of Yammer, we may head into a world of slippery words and narrowly defined exception clauses. "It does support MFA if you just look at it like..."
- Innovative features may be off the table until everyone agrees that MFA is the future. Or the features are picked up by the enterprise cloud vendors.
- The might of the UK market and wholesale adoption of Cyber Essentials may result in all mid-tier cloud services deciding to implement MFA within the next 11 months.
In any event, Fresh Security will be carefully watching our cloud renewals; and asking questions of the NCSC and cloud services.
February 7, 20221 Minutes Read
