Best Practices for Cloud Compliance Introduction In today’s data-driven landscape, businesses are embracing cloud computing technology for its efficiency and scalability. A Cloud Security Alliance (CSA) report revealed that 98% of organizations worldwide use cloud services. Yet, more than 1/3rd of those organizations may not be using key security frameworks like CSA’s CCM and CAIQ, which raises questions about how […]
https://blog.qualys.com/produc....t-tech/2024/11/14/be

Attestations: A new generation of signatures on PyPI Read the official announcement on the PyPI blog as well! For the past year, we’ve worked with the Python Package Index (PyPI) on a new security feature for the Python ecosystem: index-hosted digital attestations, as specified in PEP 740. These attestations improve on traditional PGP signatures (which have been disabled on PyPI) by providing key […]
https://blog.trailofbits.com/2....024/11/14/attestatio

Non-Human Identity Management Program: Guide Step-by-Step Originally published by Oasis Security.Written by Marta Dern.We’ve covered the ins and outs of Non-Human Identity (NHI) Management—what it is, why it matters, and the best practices for handling these digital identities. But how do you translate theory into action? What does the deployment of an effective NHI Management program look like in practice?Just like any successful initiative, a solid plan is the foundation. As Antoine de Saint-Exupéry said, "A goal without a plan is just a wish"—and...
https://cloudsecurityalliance.....org/articles/non-hum

6 Top Benefits of Managed Cloud Security Originally published by Tamnoon.As businesses continue migrating to the cloud and expanding their cloud footprint, scaling remediation of misconfigurations and reducing cloud threat exposure becomes a continuous battle for SecOps teams. Managed cloud security services offer the much-needed solution for cloud security teams; what MDR is to SOC teams, managed cloud security services are to security engineers. In this post, we’ll explore six key benefits of managed cloud security in 2024, and wh...
https://cloudsecurityalliance.....org/articles/6-top-b

Cloud Security Alliance Issues Comprehensive Guidelines for Auditing Artificial Intelligence (AI) Systems, Beyond Compliance Paper presents a holistic overview and applicable methodology for impartially assessing intelligent systemsSEATTLE – Nov. 14, 2024 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Artificial Intelligence (AI) Risk Management: Thinking Beyond Regulatory Boundaries. Drafted by CSA’s AI Governance & Compliance Working Group, the document...
https://cloudsecurityalliance.....org/articles/csa-iss