It appears, someone wants to overhaul cloud security and embed security apparently:
"So far, cloud providers have haven’t done enough to prevent criminal and nation-state hackers from abusing their services to stage attacks within the U.S., officials argued, pointing in particular to the 2020 SolarWinds espionage campaign, in which Russian spooks avoided detection in part by renting servers from Amazon and GoDaddy. For months, they used those to slip unnoticed into at least nine federal agencies and 100 companies."
My thoughts are those professional providers, who have to comply with the SOX Act, know exactly what pain you have to go through every 90 days to ensure compliance within their respective organisations. Non compliance is very expensive indeed, which covers everything from infrastructure to application security.
Is the administration now asking providers to vet the intentions of the clients? I am not sure that further regulations will meet their goals at all.
Perhaps this is about ethics, and moral judgement of the Providers?