Trouble ahead for Cyber Essentials?
You may have seen that the UK government's Cyber Essentials was overhauled last month.
Two changes stood out.
Great. It makes perfect sense. So, where's the issue?
If you and your team only use enterprise cloud vendors - Adobe, Google, Microsoft, Salesforce - you will essentially be fine (except for 😒... Yammer).
But if your teams are trying out innovative alternatives...
Todo lists on todoist?
Collaboration using Notion?
Jobs on Monster?
and so on...
You may have trouble ahead.
The above and a large swath of mid-tier cloud services haven't quite learnt the value of multi-factor authentication.
So what's the solution?
Three possible scenarios:
- From the NCSC's own review of Yammer, we may head into a world of slippery words and narrowly defined exception clauses. "It does support MFA if you just look at it like..."
- Innovative features may be off the table until everyone agrees that MFA is the future. Or the features are picked up by the enterprise cloud vendors.
- The might of the UK market and wholesale adoption of Cyber Essentials may result in all mid-tier cloud services deciding to implement MFA within the next 11 months.
In any event, Fresh Security will be carefully watching our cloud renewals; and asking questions of the NCSC and cloud services.