May 2025

Ensuring Secure Use of Cloud Platforms Overview of this Guidance Adapting to Cloud Environments User Identity Authentication Service Identity Authentication Implementing Access Controls Automating Security Enforcement Creating an Organisational Framework Effective Use of Workspaces Securing Networked Services Enhancing Observability Incident Preparedness Safeguarding Secrets Data Protection Protocols Ongoing Security Vigilance This guidance provides insights into configuring…

Remote access is a vital component of modern IT and operational technology environments. As organizations work towards resilience and redundancy, or manage resources across diverse locations, the necessity for secure remote access continues to grow. However, this capability brings significant risks: if legitimate users can access resources from remote locations, so can malicious actors. The…

Recently, the NCSC has been enhancing its strategy for data-driven cyber (DDC). Our objective is to promote the adoption of an evidence-based approach in cyber security decision-making, both in the guidance we provide to external organizations and in our internal security measures. We recognize that enterprise cyber security is becoming more intricate, leading many teams…

In recent months, the NCSC has intensified its commitment to data-driven cyber (DDC). Our aim is to promote an evidence-based methodology in cyber security decisions, both in our advice to external organizations and in our internal security measures. We recognize that enterprise cyber security is growing increasingly complicated, with many teams hesitant to incorporate an…

Recently, the NCSC has been enhancing its approach to data-driven cybersecurity (DDC). The aim is to foster an evidence-based mindset for cybersecurity decisions, both in offering guidance to external organisations and in managing our internal security protocols. The complexity of enterprise cybersecurity is on the rise, leading many teams to hesitate in integrating an extra…

Recently, the NCSC has intensified its focus on data-driven cyber strategies (DDC). Our primary aim is to promote the implementation of an evidence-based approach to cyber security decisions, both in our guidance to external organizations and in our internal security measures. We recognize that enterprise-level cyber security is increasingly complex, leading many teams to hesitate…

This content was last reviewed on 05/03/2025 The security of software development is a frequently discussed topic, particularly by the NCSC. However, one critical area that often goes unnoticed is the software build process. This article discusses the significance of your build pipeline as a key element of your system’s overall security and emphasizes the…

This content was last reviewed on 05/03/2025 The National Cyber Security Centre (NCSC) often receives inquiries about security for software developers, particularly regarding the software build process. This blog emphasizes the importance of securing your build pipeline as a fundamental aspect of your system’s security, and why it deserves careful consideration. For additional insights on…

This content was last reviewed on 05/03/2025 Software security is a common inquiry for developers; however, the software build process is often underestimated. This article highlights the significance of the build pipeline as a critical element of your system security and emphasizes the importance of focusing on it. Additionally, check our guidance for other essential…

In the NCSC’s 2024 Annual Review, we highlighted the essential need to address ‘foundational vulnerabilities’ in software code to enhance global digital resilience. The publication, titled ‘Market incentives and the future of technology security‘, emphasized the urgency of rectifying years of misaligned incentives that have favored ‘features’ and ‘rapid deployment’ over rectifying vulnerabilities that can…