The cloud is a key tool in shifting the burden of cyber risk away from small, under-resourced customers, Acting National Cyber Director Kemba Walden, said Wednesday during a fireside chat at the AWS Summit Washington, DC.
As the Biden administration inches closer to unveiling the implementation plan for the national cybersecurity strategy, Walden discussed the role cloud services will play in the effort to improve U.S. cyber resilience.
While shifting the burden of risk is important, the last thing officials want to see is a catastrophic cyberattack against a cloud services provider, said Walden, speaking to David Levy, VP of U.S. government, nonprofit and healthcare at AWS.
“So on the one hand, we want to encourage the shifting of risk to those that are more capable of handling it, and I would include cloud service providers in that space,” Walden said. “But on the other hand, we want to make sure that those cloud services are secure by design, at the end of the day.”
“We recognize that we operate in a complicated global landscape and dynamic threat environment that necessitates a dynamic approach to security,” Mark Ryland, director of the Office of the CISO at AWS said in the blog.
Cloud service providers may need to go a step further in making sure they meet minimum standards to ensure they are fully secure, Walden said.
While financial services are already pretty well regulated, the acting director noted other sectors are not regulated at nearly the same levels.
“There are some industries that are going to need help raising baseline cybersecurity requirements and that is going to require regulatory work,” Walden said.
In other cases, instead of regulatory changes there may be additional guidance, using regulatory authorities from sector risk management agencies. Industries like the cloud, will have to leverage that across various sectors, said Walden.