Twenty-three industry groups across Europe last Friday urged EU tech chief Henna Virkkunnen to adopt a draft cybersecurity certification scheme (EUCS) for cloud services that was tweaked last year in favor of Amazon, Google, and Microsoft, according to Reuters.
The European Cybersecurity Certification Scheme for Cloud Services is a certification program that operates under the framework of the Cybersecurity Act (CSA). The EUCS was established by the EU to assess and validate the cybersecurity level of cloud services offered within the European market, aiming to increase trust and security standards for cloud providers by providing a recognized certification for their services.
The call came amid signs that the European Commission may delay adopting or even scrap the proposal, which has undergone several changes since it was unveiled by the EU cybersecurity agency ENISA in 2020. The 2024 changes included scrapping provisions that would require U.S. tech giants to set up a joint venture or cooperate with an EU-based company to store customer data in the bloc in exchange for the highest level of the cybersecurity label.
Signatories to the letter include Allied for StartUps, the American Chamber of Commerce in Estonia, Finland, Italy, Romania and Spain, the Association of German Banks, Germany's Association of the Internet Industry and Italian startup group InnovUp, Reuters reported.
The Irish Business and Employers Confederation, Dutch group Nederland Digitaal and Portugal's Association for the Promotion and Development of the Information Society also signed the letter.
Now, here's today's MSSP update. Drop me a line at sharon.florentine@cyberriskalliance.com if you have news to share or want to say hi!
Today's MSSP Update
1. ArmorCode launches new apps in ServiceNow store: AI-powered application security posture management firm ArmorCode today announced new apps available in the ServiceNow store. The integrations expand ArmorCode's capabilities into ServiceNow Security Operations, building on existing integrations with ServiceNow Configuration Management Database (CMDB) for ingesting asset inventory and ServiceNow IT Service Management (ITSM) for ticketing workflows. This enables the application of AI-driven analytics to automatically correlate, deduplicate, and prioritize vulnerabilities.
2. Silverfort unveils Runtime Access Protection: Identity security firm Silverfort last week unveiled its newly patented Runtime Access Protection (RAP) technology. RAP natively integrates into an enterprise's identity infrastructure, and the company said it deploys 17 times faster than traditional identity security solutions. RAP works from within to remove the complexity of securing every identity, and covers non-human identities (NHIs), legacy systems, command line tools, and more.
3. Keeper names new member of Federal Advisory Board: Last week, Keeper Security named David Epperson, former CISO of CISA and CIO of the U.S. Department of Homeland Security, to its Federal Advisory Board. Keeper provides privileged access management (PAM), password management and secrets management solutions to federal agencies and private sector organizations, ensuring compliance with FedRAMP, NIST and other security frameworks. Epperson will support Keeper on its mission to enhance zero-trust security across the public sector. Congratulations!
4. Rapid7 launches enhancements to its Command platform: Rapid7 has launched new capabilities in its exposure management offering, the company said. These latest features include improved attack surface visibility and context, which gives continuous visibility into sensitive data stored in multi-cloud environments for better prioritization and remediation of threat exposures.
5. Outpost24 CyberFlex: Outpost24 today launched Outpost24 CyberFlex, an application security solution that combines attack surface management (ASM) and penetration testing as a service (PTaaS) to manage and secure an organization's external-facing applications and improve visibility. According to Outpost24, the solution continuously monitors internet-facing web applications via a SaaS delivery model. The solution can be fully customized, and vulnerability findings are produced by Outpost24's in-house testing team and peer-reviewed by a senior pen tester. There's also an interactive portal for users to connect directly with security experts for validation and remediation guidance.
