Cloud industry pushing back on Know-Your-Customer executive order

April 27, 2024
1 min read

TLDR:

  • A controversial executive order requiring U.S. cloud companies to monitor customer identities faces opposition from the industry due to logistical and financial concerns.
  • The order aims to address cybersecurity threats from foreign hackers exploiting U.S. cloud infrastructure but industry players argue it may be ineffective.

Suzanne Smalley’s article discusses a proposed executive order that would mandate closer monitoring of customer identities by U.S. cloud companies, in response to cybersecurity threats posed by foreign hackers utilizing domestic infrastructure. The White House’s initiative seeks to mitigate the risk of cyberattacks and vulnerabilities, particularly from Chinese and Russian actors who rent cloud space for nefarious activities. However, cloud industry representatives have pushed back against the order, highlighting the immense operational and financial burdens it could impose. Critics argue that sophisticated threat actors could easily bypass identity verification measures, rendering the effort futile.

NetChoice, a technology industry association representing major cloud providers like Amazon and Google, voiced concerns over the rule’s impact on competition and government reliance on Microsoft products. Proponents of the executive order stress the urgency of reining in cloud companies, citing a report on their sales to the Chinese government and military. National security experts emphasize the critical role of cloud services in safeguarding sensitive data and infrastructure, advocating for tighter regulatory controls.

A recent Cyber Safety Review Board report scrutinized Microsoft’s security lapses following a cloud-enabled intrusion by Chinese hackers, underscoring the need for enhanced cloud security measures. Former DHS official Paul Rosenzweig emphasized the vulnerability posed by prevalent cloud-based systems, urging proactive measures to counter foreign cyber threats. As debates continue over the executive order’s efficacy and industry implications, the overarching goal remains to bolster national security and protect critical assets from malicious actors.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and