Should there be minimum security standards?
Securing Australia’s IT Services: A Call for Mandatory Security Standards
NAB Advocates for Government-Enforced Security Compliance in Cloud Services
National Australia Bank (NAB) has urged the Department of Home Affairs to mandate that critical IT service providers adhere to minimum security standards. Currently, the responsibility for security compliance heavily falls on customers, as cloud service providers often offer basic terms of service with limited accountability. NAB suggests aligning these obligations with the ACSC’s Essential Eight security framework.
For organisations tasked with ensuring security compliance, Ikara’s Essential Eight Security Compliance module offers seamless integration and real-time reporting, enabling both customers and service providers to maintain and demonstrate compliance effectively.
Where does the board fit in monitoring Service Compliance?
NAB has approached the Dept of Home Affairs requesting that the Australian government obliges critical IT Service providers to meet minimum security standards.
Source: https://www.itnews.com.au/news/nab-wants-government-set-security-standards-for-cloud-providers-600246
Key Points:
NAB asserts that currently there is little incentive for mission critical cloud service providers to offer enhanced security and therefore the liability for security compliance is falling largely to the customer.
Cloud service providers only offer the most basic terms of service on a ‘take it or leave it’ basis which is seeking to minimise the IT Provider’s responsibility.
NAB recommends that the basis of obligations which the govt should impose on IT service providers, could align with the ACSC’s Essential Eight security framework.
Ikara’s Essential Eight Security Compliance module provides bi-directional reporting of current state compliance with Essential Eight obligations, directly from the reporting and management platforms which both customers and service providers own today.
If you are responsible for security compliance within a government organisation, or your organisation is a supplier to government organisations which are seeking to achieve Essential Eight compliance, Ikara has pre-built connectors via API which can rapidly report your current state compliance, in line with Essential Eight Security Compliance obligations.