Publications

The Stakeholders Group has issued draft secure baselines (in the attached xls files) for Microsoft Azure and M365 and a summary document explaining the purpose and the guiding principles. The CIS benchmarks to which the baselines make reference are also attached. Please download all the attachments to have a complete package.

This Manifesto was prepared to gather community support for the Cloud Security by Default iniative. If you want to join the community, please sign this document and return it to us by email. 

This publication is a follow-up of our article “Digital Sovereignty Is Impossible Without Big Tech”, calling upon the large cloud providers Microsoft, Amazon, and Google to “improve cybersecurity worldwide by implementing baseline security by default”.

Most European companies and governments use the cloud infrastructure of three U.S. providers—Amazon, Microsoft, and Google. The widespread dependence on these ‘big tech’ companies for our cybersecurity - and therefore our national security - poses a threat to the digital sovereignty of the EU and its member states. Given the pervasiveness and impact of cyber threats, any form of EU digital sovereignty is only possible if we can leverage the scale of big tech as an opportunity. The publication calls upon big tech to use their massive infrastructure and their insight on cyber threat actors and their modus operandi to improve cybersecurity worldwide, by implementing baseline security controls as a default, and on EU and US governments to facilitate a self-regulatory discussion towards this goal.