Should there be minimum security standards?

Where does the board fit in monitoring Service Compliance?

NAB has approached the Dept of Home Affairs requesting that the Australian government obliges critical IT Service providers to meet minimum security standards.​

Source: https://www.itnews.com.au/news/nab-wants-government-set-security-standards-for-cloud-providers-600246

Key Points:​

NAB asserts that currently there is little incentive for mission critical cloud service providers to offer enhanced security and therefore the liability for security compliance is falling largely to the customer.​

Cloud service providers only offer the most basic terms of service on a ‘take it or leave it’ basis which is seeking to minimise the IT Provider’s responsibility.​​

NAB recommends that the basis of obligations which the govt should impose on IT service providers, could align with the ACSC’s Essential Eight security framework.​​

Ikara’s Essential Eight Security Compliance module provides bi-directional reporting of current state compliance with Essential Eight obligations, directly from the reporting and management platforms which both customers and service providers own today.​​

If you are responsible for security compliance within a government organisation, or your organisation is a supplier to government organisations which are seeking to achieve Essential Eight compliance, Ikara has pre-built connectors via API which can rapidly report your current state compliance, in line with Essential Eight Security Compliance obligations.