Cloud Security
By Default to enable a more secure world

Manifesto

Many organizations worldwide are by now dependent on cloud infrastructure and services. Our societies, economies, health, and national security are reliant on their effective and secure operations.

The cloud brings important advantages in terms of availability and scalability and, if properly configured, security and resilience.

In the current situation, Cloud Service Providers (CSPs) require their customers to implement secure configurations, controls, and policies by selecting and activating appropriate options and designs to ensure adequate baseline security in their own environments.

The technical complexity of configuring and securing the cloud is, however, beyond the capacity of most user organizations. Existing initiatives to support customers with this burden are not comprehensive, consistent, or transparent enough to ensure the baseline level of security in customer-managed tools and environments. This leaves the customers vulnerable to malicious attacks and breaches and creates unwarranted risk.

The Cloud Security by Default initiative addresses this gap by bringing CSPs and their customers together in two-way conversations to validate, challenge, and support principles to establish out-of-the-box CSP offerings with appropriate baseline security by default.

The Manifesto, that you can download from the top of this page, was prepared to gather community support for the Cloud Security by Default iniative. If you want to join the community, please sign this document and return it to us by email.

Supporting organizations

Publications

Feb 10, 2025
Draft secure baselines for Microsoft Azure and M365

The Stakeholders Group has issued draft secure baselines (in the attached xls files) for Microsoft Azure and M365 and a summary document explaining the purpose and the guiding principles. The CIS benchmarks to which the baselines make reference are also attached. Please download all the attachments to have a complete package.
Read Download PDF | 294.8 kB Download XLSX | 23.4 kB Download XLSX | 23.0 kB Download PDF | 2.8 MB Download PDF | 4.8 MB
Feb 07, 2025
Manifesto Baseline Cloud Security by Default

This Manifesto was prepared to gather community support for the Cloud Security by Default iniative. If you want to join the community, please sign this document and return it to us by email.
Read Download PDF | 49.8 kB
Feb 16, 2024
Improving the World's Cyber Resilience, at Scale

This publication is a follow-up of our article “Digital Sovereignty Is Impossible Without Big Tech”, calling upon the large cloud providers Microsoft, Amazon, and Google to “improve cybersecurity worldwide by implementing baseline security by default”.
Read Download PDF | 368.6 kB

View all publications

Events

Oct 01, 2024 ONE Conference The Hague

Keynote panel - Digital Sovereignty is Impossible without Big Tech

In this panel we discussed the recent call to implement cloud baseline security by default in order to unburden user organisations of the many duplicative efforts of verifying, implementing, and maintaining recommended security baselines.
Read

Cloud Security By Default to enable a more secure world

Manifesto

Supporting organizations

Publications

Draft secure baselines for Microsoft Azure and M365

Manifesto Baseline Cloud Security by Default

Improving the World's Cyber Resilience, at Scale

Events

Keynote panel - Digital Sovereignty is Impossible without Big Tech

Cloud Security
By Default to enable a more secure world