The Biden Administration is preparing to regulate cloud security, viewing the industry as too great a security risk to ignore.
Cloud computing has become an increasingly integral part of daily life for companies, government organizations, and individuals alike. There’s hardly any aspect of daily life that isn’t touched by the cloud in some way. That ubiquity is a source of concern, especially with the growing number and scope of cybersecurity threats.
According to Politico, the Biden Administration now views the cloud industry as “too big to fail” and is beginning the process of regulating cloud computing security.
The industry has “become essential to our daily lives,” Kemba Walden, acting national cyber director, told Politico. “If it’s disrupted, it could create large potentially catastrophic disruptions to our economy and to our government.”
Industry veterans echoed those concerns.
“A single cloud provider going down could take down the internet like a stack of dominos,” said Marc Rogers, chief security officer at Q-Net Security and former Cloudflare head of information security.
Unfortunately while companies have raced to deploy cloud platforms and services, cloud security has often lagged behind, leaving organizations and individuals vulnerable. Even worse, critical infrastructure has come under attack as a result of cloud security lapses.
“The reality is that today cloud security is often separate from cloud,” said Anne Neuberger, the deputy national security adviser for cyber and emerging technology. “We need to get to a place where cloud providers have security baked in with that.”
Her sentiments echo those of Google executives, who recently penned a blog post calling for companies to be held accountable for cybersecurity:
“The bottom line: People deserve products that are secure by default and systems that are built to withstand the growing onslaught from attackers,” the executives wrote.
The Biden Administration agrees:
“In the United States, we don’t have a national regulator for cloud. We don’t have a Ministry of Communication. We don’t have anybody who would step up and say, ‘It’s our job to regulate cloud providers,’” said Rob Knake, deputy national cyber director for strategy and budget. The cloud, he said, “needs to have a regulatory structure around it.”