Keynote panel - Digital Sovereignty is Impossible without Big Tech

In this panel we discussed the recent call to implement cloud security by default to unburden user organisations of the many duplicative efforts of verifying, implementing, and maintaining recommended security baselines for the benefit of society at large.

By now most organizations are dependent on cloud infrastructure and services from a few CSPs. In the traditional CSP "shared responsibility" model, user organisations are responsible for the security of their environment in the cloud. 

There is a lot of good guidance available, from controls, to implementation guides, to best practices. But the users are on their own to find the guidance, to read it, and to implement it. This is beyond the capacity of most organisations as highlighted in the introductory statements by Lokke Moerel and Freddy Dezeure. 

Representatives of industry (ASMl, DCSO), public authorities (ENISA, CISA, NCSC-NL) and Microsoft debated on practical ways to implement security by default in the cloud.