Expert analysis

The WhatsApp of secure computation
A key term when discussing encryption these days is end-to-end (E2E) encryption. The idea with E2E encryption is that data is kept confidential between the encryptor and the …

May 2023 Patch Tuesday forecast: Dealing with End-of-Support (EOS)
The April Patch Tuesday releases were unusual because we saw a whopping 62 vulnerabilities addressed in the Microsoft Server 2012 KBs. Granted there was a lot of overlap with …

5 API security best practices you must implement
As outside economic pressures continue to shape how organizations think and allocate resources, data security continues to be a high priority. Due to their dependence on data …

The warning signs for security analyst burnout and ways to prevent
Security analysts face the demanding task of investigating and resolving increasing volumes of alerts daily, while adapting to an ever-changing threat landscape and keeping up …

Using just-in-time access to reduce cloud security risk
Excessive privileges are a continuing headache for security professionals. As more organizations migrate assets to the cloud, users with excessive permissions can expand the …

The double-edged sword of generative AI
Generative AI has captured the imagination of millions worldwide, largely driven by the recent success of ChatGPT, the text-generation chatbot. Our new research showed that …

Generative AI and security: Balancing performance and risk
Are we moving too fast with AI? This is a central question both inside and outside the tech industry, given the recent tsunami of attention paid to ChatGPT and other …

Are you ready for PCI DSS 4.0?
In just under a year’s time, organizations will have had to comply with several new requirements under version 4.0 of the Payment Card Industry Data Security Standard (PCI …

The silent killers in digital healthcare
As digital transformation revolutionizes the healthcare industry, its use of API (application programming interfaces) technology is skyrocketing. APIs, which help users and …

A third-party’s perspective on third-party InfoSec risk management
More than ever, organizations are relying on third parties to streamline operations, scale their business, expand and leverage expertise, and reduce costs. In the complex and …

The staying power of shadow IT, and how to combat risks related to it
There was a time, not too long ago, when most IT leaders believed shadow IT was a negligible element in their companies. They felt their IT organizations were so in control of …

The biggest data security blind spot: Authorization
Too many people have access to company data they don’t need. Also, too many companies focus on authentication (verifying identity) as a security measure and overlook the …