ChannelLife UK - Industry insider news for technology resellers
United Kingdom
Flux result 687a8158 99e4 49e5 abb4 ead2e3a4af6b
#
Hybrid Cloud
#
Digital Transformation
#
MFA

Cloudhouse launches Cyber Essentials readiness check

Mon, 27th Apr 2026 (Today)
Author image
By Joseph Gabriel Lagonsin, News Editor

Cloudhouse has launched a free readiness assessment for organisations preparing for updated Cyber Essentials requirements, warning that the new rules could lead to more certification failures.

The revised framework introduces automatic failure if organisations miss a 14-day deadline for applying critical patches or do not enforce multi-factor authentication across cloud services where it is available. It also expands the scope of certification to cover all cloud services that store or process organisational data.

These changes mark a shift in how businesses are assessed under the UK cyber security scheme. Rather than treating certification as a periodic exercise, organisations will need to show they can maintain patching and identity controls in day-to-day operations.

The tighter requirements may prove difficult for companies running large or distributed IT estates, where patching schedules and access controls vary across systems. Businesses with legacy applications and complex dependencies may face particular pressure in meeting the 14-day patching window.

The readiness check is designed to help organisations identify gaps before certification. It assesses patching gaps, configuration drift and weak identity controls that could trigger an automatic failure under the revised rules.

Rule changes

Cyber Essentials is widely used by UK organisations as a baseline cyber security certification. The latest changes place greater emphasis on operational consistency, particularly around software updates and the use of multi-factor authentication in cloud environments.

Under the revised framework, missing a critical patching deadline becomes a direct reason for failure rather than a weaker indicator of non-compliance. The same applies when MFA is not in place across relevant cloud services, raising the stakes for organisations with uneven implementation across departments or platforms.

The expanded scope also adds to the workload for internal technology teams. By bringing all systems that handle organisational data into the assessment, the framework increases the number of assets and services that must be reviewed ahead of certification.

This may be especially challenging for businesses that rely on a mix of older applications, cloud platforms and third-party services. In such environments, applying critical patches quickly can be constrained by compatibility issues, testing requirements or operational dependencies.

Mat Clothier, Chief Executive Officer at Cloudhouse, said the updated rules mean organisations can no longer approach certification as a one-off audit task. "Cyber Essentials has stopped being a point-in-time exercise and has become a test of day-to-day operational control. The risk is that organisations assume they're compliant, only to fail instantly because of a missed patch or a gap in MFA coverage. That's exactly why we're offering the readiness assessment - to give teams a clear view of where they stand before they're tested."

Operational pressure

For many organisations, the main challenge will be not understanding the rules but applying them consistently across complex estates. Patching policies may exist on paper, but proving that every relevant system has been updated within the required timeframe is often harder in practice.

Configuration drift is another area likely to come under scrutiny under the tougher framework. Changes introduced over time across servers, cloud environments and user settings can create compliance gaps, even when an organisation believes it has standard controls in place.

Identity management is also facing closer scrutiny as cloud services become more central to business operations. Incomplete MFA coverage can emerge when different teams adopt separate services or when older accounts remain outside current access policies.

Cloudhouse, founded in 2010, focuses on application estates and operational control across complex IT environments. The readiness check is intended to give organisations a practical starting point for reviewing exposure and prioritising the controls needed under the revised Cyber Essentials standard.

The company works with organisations including GE Healthcare, National Australia Bank and HM Government. The assessment is designed to help teams identify where they may be vulnerable to automatic failure because of missed patches, configuration drift or weak identity controls.

Related stories
Poland expands SENT monitoring to clothing & footwear
NSSLGlobal backs Royal Norwegian Naval Academy row
TCS expands Google Cloud tie-up with four AI offerings
Brivo opens London office to boost UK security push
Software Improvement Group sets out AI governance guide

Top stories

Teads & LG Ad Solutions expand CTV pact across APAC
TCS deepens Siemens Energy tie-up on AI data centres
mhance appoints Andy Cowdrill as Chief Revenue Officer
NMITE wins IET accreditation for engineering degrees
NUWAVE adds Tollring analytics to unified communications