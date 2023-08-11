The CSRB will focus its next report around cloud infrastructure and security. Credit: OleksSH/shutterstock.com

The US’ Secretary of Homeland Security Alejandro Mayorkas has announced that the Cyber Safety Review Board (CSRB) will conduct a review into the security and targeting of cloud computing environments.

The review will look into procedures that governments, Cloud Service Providers (CSPs) and industries can take to consolidate identity management and authentication within the cloud.

The CSRB will centre its report around the recent Microsoft security breach and take a broader look at its authentication infrastructure.

Despite Senator Wyden’s recent calls for Microsoft to be held accountable for the hack, the Department stated that it had already begun to consider Microsoft’s hack as the central subject of its next review immediately upon learning of the event.

Microsoft has been under increasing scrutiny over its cloud security after a China-based hacking group was able to access over 25 email accounts of government agencies and remained undetected for approximately a month.

“Cloud security is the backbone of some of our most critical systems,” Mayorkas stated, “from our e-commerce platforms to our communication tools to our critical infrastructure.”

Just today (11 August 2023) Microsoft have already announced plans to partner with healthcare providers to manage electronic health record databases using cloud-hosted infrastructure.

Speaking on the widespread use of cloud computing, CSRB Chair Rob Silvers stated that the US must “acknowledge the increasing criticality of cloud infrastructure”.

In its 2022 thematic report into cloud computing, GlobalData stated that the cloud is now the dominant model for delivering and maintaining enterprise IT resources.

When asked when the CSRB’s report may be published, principal analyst David Bicknell stated that the board appears to work on an eight month time frame.

“The previous Cyber Safety Review Board investigation into the threat actor group Lapsus$ was announced in early December 2022,” Bicknell explains, “and it was only reported yesterday.”

Since this review has a broad scope, Bicknell stated that he would not be surprised if the CSRB took until Easter 2024 before publishing its findings.