Cloud-based assaults, linked to Snowflake, are challenging the traditional shared responsibility standing in the cloud environment

Cloud-based assaults, linked to Snowflake, are challenging the traditional shared responsibility standing in the cloud environment

The Cybersecurity and Infrastructure Security Agency (CISA) has launched a new initiative called Secure by Design, aimed at improving the security posture of technology companies. This voluntary pledge encourages signatory companies to embed security into the development of software and services from the start, with a focus on seven key goals including multifactor authentication (MFA), reducing default passwords, and improving cybersecurity intrusion evidence collection[1][2].

Current Voluntary Commitments by Technology Companies

Companies committing to the pledge have agreed to make security the default in software development, rather than an afterthought. The seven key goals include MFA, eliminating default passwords, reducing vulnerability classes, accelerating security patch adoption, adopting vulnerability disclosure policies, and improving cybersecurity intrusion evidence collection[2]. Signatories also promote transparency in security practices and pledge ongoing enhancement of cybersecurity standards. The pledge covers a broad range of products including SaaS, on-premises software, and cloud services[1].

Companies That Have Signed the CISA Secure by Design Pledge

Several companies have already signed the pledge, including Omnissa, Rewind, and Zyxel Networks. Omnissa signed the pledge in early July 2025, emphasizing their existing security practices and commitment to industry best practices[1]. Rewind signed in July 2025, joining other notable companies like AWS, GitHub, and Okta as partners in the pledge, reinforcing their commitment to securing SaaS data and operations[2]. Zyxel Networks reported progress on meeting the pledge's goals as part of their commitment[4].

Context and Broader Impact

The Secure by Design pledge aligns with broader cybersecurity efforts emphasizing proactive security frameworks until established industry-wide. CISA's framework highlights principles such as ownership of security outcomes and radical transparency, which are extending into AI system development as well[3]. This collaborative approach between CISA and private sector companies aims to bolster national cybersecurity resilience amid evolving cyberthreats[5].

Snowflake's Approach to Security and MFA

In a recent series of identity-based attacks on May 30, at least 100 Snowflake customers' databases were attacked. The attacks were not configured with MFA. Snowflake does not enforce MFA by default or require its customers to use it. This raises concerns as minimum expectations for security controls are rapidly changing, and compromised legitimate credentials are heavily targeted by attackers in 2023[6].

Cybersecurity experts argue that MFA is a necessary control for accessing enterprise infrastructure, as it significantly helps in thwarting attacks[7]. Kaustubh Medhe, VP of research and threat intelligence at Cyble, warns against placing too much accountability with technology vendors, as it might be an overcorrection that reduces collective responsibility in maintaining security[8]. Charlie Winckless, VP analyst at Gartner, states that some cloud providers have adopted a measured approach to MFA, making services default secure rather than convenient in risky scenarios[9].

In conclusion, the Secure by Design pledge is a significant step towards a more secure technology ecosystem. As attacks continue to evolve, it is crucial for technology providers to prioritize security in their development processes and for users to adopt best practices such as MFA to protect their systems.

References: 1. CISA Secure by Design Pledge 2. TechCrunch: CISA launches Secure by Design pledge for better security in software development 3. TechTarget: CISA's Secure by Design initiative: What it means for AI system development 4. Zyxel Networks: Progress Update on CISA Secure by Design Pledge 5. CISA: Secure by Design Initiative to Bolster National Cybersecurity Resilience 6. Mandiant: 2023 Ransomware Threat Landscape Report 7. Cybersecurity Experts Argue MFA is a Necessary Control 8. Kaustubh Medhe, VP of Research and Threat Intelligence at Cyble 9. Charlie Winckless, VP Analyst at Gartner

1. The Cybersecurity and Infrastructure Security Agency (CISA) encourages technology companies to make security the default in software development, rather than an afterthought, through their Secure by Design pledge.
2. The seven key goals of the pledge include multifactor authentication (MFA), eliminating default passwords, reducing vulnerability classes, accelerating security patch adoption, adopting vulnerability disclosure policies, and improving cybersecurity intrusion evidence collection.
3. Companies like Omnissa, Rewind, and Zyxel Networks have signed the pledge, committing to ongoing enhancement of cybersecurity standards and transparency in security practices.
4. The Secure by Design pledge aligns with broader cybersecurity efforts, emphasizing proactive security frameworks, and extends into AI system development.
5. The pledge aims to bolster national cybersecurity resilience amid evolving cyberthreats, such as ransomware attacks.6.In the recent identity-based attacks on Snowflake, at least 100 databases were attacked, and the attacks were not configured with MFA, raising concerns about security controls.
6. Cybersecurity experts argue that MFA is a necessary control for accessing enterprise infrastructure, as it significantly helps in thwarting attacks.
7. Industry policy-and-legislation and politics will play a crucial role in ensuring technology companies prioritize security in their development processes and users adopt best practices such as MFA to protect their systems.

Read also: