<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
     xmlns:content="http://purl.org/rss/1.0/modules/content/"
     xmlns:dc="https://purl.org/dc/elements/1.1/"
     xmlns:dcterms="http://purl.org/dc/terms/"
     xmlns:media="http://search.yahoo.com/mrss/"
     xmlns:atom="http://www.w3.org/2005/Atom"
>
    <channel>
                    <atom:link href="https://www.itpro.com/feeds/tag/zero-trust" rel="self" type="application/rss+xml" />
                            <title><![CDATA[ Latest from ITPro in Zero-trust ]]></title>
                <link>https://www.itpro.com/tag/zero-trust</link>
        <description><![CDATA[ All the latest zero-trust content from the ITPro team ]]></description>
                                    <lastBuildDate>Fri, 27 Feb 2026 11:56:26 +0000</lastBuildDate>
                            <language>en</language>
                                <item>
                                                            <title><![CDATA[ Forescout and Netskope partner to bolster zero trust security ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/cloud/cloud-security/forescout-and-netskope-partner-to-bolster-zero-trust-security</link>
                                                                            <description>
                            <![CDATA[ The new integration combines Forescout’s device intelligence with Netskope’s private access controls to extend zero trust across enterprise environments ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">UpKgHYjxRL2mSn9PQQ7GrE</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Ux3V79nc6iXyfwiHXRzQi3-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 27 Feb 2026 11:56:26 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Cloud Security]]></category>
                                                    <category><![CDATA[Cloud]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (Daniel Todd) ]]></author>                    <dc:creator><![CDATA[ Daniel Todd ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/SRyC34qeLpNDj3dJtsVDhT.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Ux3V79nc6iXyfwiHXRzQi3-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[AI zero trust concept image showing shield symbol with digitized human brain in a circle, with distributed red data points with skull symbols.]]></media:description>                                                            <media:text><![CDATA[AI zero trust concept image showing shield symbol with digitized human brain in a circle, with distributed red data points with skull symbols.]]></media:text>
                                <media:title type="plain"><![CDATA[AI zero trust concept image showing shield symbol with digitized human brain in a circle, with distributed red data points with skull symbols.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Ux3V79nc6iXyfwiHXRzQi3-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="https://www.itpro.com/security/28133/what-is-cyber-security">Cybersecurity </a>vendor Forescout Technologies has partnered with cloud security provider Netskope to expand zero trust security coverage across enterprise networks.</p><p>The new integration combines Forescout’s real-time device intelligence with Netskope’s AI, <a href="https://www.itpro.com/cloud/cloud-security/10-cloud-security-tips-every-it-leader-should-know">cloud security</a>, and private access controls to deliver zero trust for managed and unmanaged IT, OT, <a href="https://www.itpro.com/cloud-computing/28037/what-is-iot">IoT, </a>and IoMT devices.</p><p>The pair said the joint solution continuously adapts access decisions based on device posture and risk to ensure <a href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust">zero trust</a> is enforced, regardless of where devices connect.</p><p>Unlike traditional <a href="https://www.itpro.com/security/what-is-zero-trust-network-access-ztna">zero trust network access (ZTNA)</a> deployments that focus exclusively on north-south cloud traffic, the Forescout-Netskope integration secures east-west communications at the local network level. </p><p>In an announcement, Forescout CEO Barry Mainz said the collaboration will help organizations shrink their attack surface as digital environments continue to grow in complexity.</p><p>“The volume and variety of device types are exploding, along with the number of applications, users and access points,” he explained. </p><p>“By joining forces with Netskope, we are bringing together two best-of-breed solutions, granting customers complete visibility and control over their environments, with policies that automatically adjust as conditions change, and enabling north-south and east-west security policy enforcement.</p><p>“This is a gold standard of how ‘Universal’ Zero Trust Network Access is employed in practice, not just as a model.”</p><h2 id="addressing-enterprise-blind-spots">Addressing enterprise blind spots</h2><p>The duo said the move addresses a crucial enterprise challenge in which disparate and disconnected security tools are often managed by siloed teams, creating blind spots and restricting control and policy enforcement.</p><p>To overcome this hurdle, the new integration applies granular zero trust policies universally, identifies unmanaged or hidden endpoints, and adapts access decisions in real time based on behavior, device health, and application sensitivity.</p><p>Other benefits include improved containment of cyber threats through its east-west local traffic controls, streamlined compliance with frameworks such as HIPAA, NIST, and CIS, as well as automated enforcement to reduce reliance on manual security updates </p><p>Sanjay Beri, CEO of Netskope, said a zero trust approach has become essential to secure data and ensure business resilience in the cloud and <a href="https://www.itpro.com/strategy/28181/what-is-ai">AI </a>era.</p><p>“Our integrated solution with Forescout was designed for the scale, speed, and diversity of today’s modern enterprises, and provides the cohesive, centralized secure access organisations need,” he commented.</p><h3 class="article-body__section" id="section-follow-us-on-social-media"><span>FOLLOW US ON SOCIAL MEDIA</span></h3>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Securing the supply chain:  Why zero trust and recovery readiness are non-negotiable ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/securing-the-supply-chain-why-zero-trust-and-recovery-readiness-are-non-negotiable</link>
                                                                            <description>
                            <![CDATA[ To prevent supply chain attacks, suppliers must be embedded in trusted business architecture ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">eXy3QjJKkFye7rubkZF8wE</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/DD7oSG7mL3LVWBrNQQCQu7-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 24 Feb 2026 08:00:00 +0000</pubDate>                                                                                                                                <updated>Fri, 27 Feb 2026 14:04:36 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Matt Saunders ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/ZFhT6zTPdUeWyitqoQCjfm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Matt Saunders is an experienced technical operations leader and DevOps architect with a career spanning complex global enterprises, high-growth start-ups, and everything in between. He specializes in helping organizations accelerate the delivery of high-quality software by implementing pragmatic DevOps practices, modern tooling, and collaborative ways of working.&lt;/p&gt;&lt;p&gt;With a background that covers web hosting, financial services, enterprise technology, ISP and networking environments, Matt brings a comprehensive understanding of Internet technologies and large-scale operations. He is known for his ability to translate seamlessly between technical and non-technical teams, ensuring that engineering efforts remain aligned with business goals and deliver measurable value.Matt also leads the London DevOps meetup community (one of the largest DevOps groups in Europe with more than 11,000 members) hosting a highly regarded monthly industry event that connects practitioners, innovators, and thought leaders.&lt;/p&gt;&lt;p&gt;Across his career, Matt has served as an architect, leader, coach, and trainer. He is recognized for his calm, optimistic and pragmatic approach, and for helping teams adopt DevOps and agile methodologies that enable reliable, efficient and low-stress software delivery. He is passionate about mentoring, continuous learning, and fostering high-performing engineering cultures.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/DD7oSG7mL3LVWBrNQQCQu7-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Digital chain concept art]]></media:description>                                                            <media:text><![CDATA[Digital chain concept art]]></media:text>
                                <media:title type="plain"><![CDATA[Digital chain concept art]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/DD7oSG7mL3LVWBrNQQCQu7-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>A stereotypical view of cybersecurity extends the physical security metaphor, with servers bolted down with chains and only the most privileged employees allowed anywhere near them. However, doing cybersecurity thoroughly now encompasses entire supply chains, with weak links across suppliers, channel partners, and Managed Service Providers (MSPs) causing exploitable vulnerabilities of monumental proportions. </p><p>What’s often misunderstood is that many channel partners and MSPs sit directly in the middle of the modern supply chain. They frequently hold elevated access into multiple customer environments, operate critical components of those environments, and act as extensions of internal IT teams. This makes them unusual actors in the security ecosystem: they are simultaneously prime targets for attackers and frontline defenders for the organizations they support.</p><p>The cyber attacks that plagued numerous UK companies in 2025, including The Co-op, Harrods, M&S, and Jaguar Land Rover, forced many organizations to re-examine their security posture as the perimeters are redrawn so much more broadly. The M&S incident, which rendered online systems inoperable for weeks and led to a £300 million profitability hit, originated via a third-party supplier. And most recently, <a href="https://www.itpro.com/security/data-breaches/salesforce-customers-face-second-third-party-incident-this-year-with-gainsight-breach"><u>Salesforce confirmed</u></a> they have faced two third-party incidents in one year, via its SaaS partner Gainsight. </p><p><a href="https://static.adaptavistassets.com/downloads/adaptavist_crowdstrike_report.pdf"><u>Research</u></a> we conducted before these high-profile incidents indicated that 42% of organizations had concerns about vendors triggering major cyber incidents. Given the recent supply chain breaches we have seen, we suspect that this figure is now underrepresentative. Even organizations that have zero-trust architecture and state-of-the-art disaster recovery plans are still vulnerable to human weaknesses across their whole extended supply chain.</p><p>These examples, among many others, highlight how much more complex the challenge is now: what happens when the breach originates with a partner who has deep, sometimes privileged access into your environment?</p><h2 id="channel-partners-and-msps-are-part-of-the-infrastructure">Channel partners and MSPs are part of the infrastructure</h2><p>For many organizations, channel partners and MSPs are core building blocks of the operational estate. They manage cloud platforms, identity systems, monitoring tools, development pipelines, endpoint fleets, and security controls. In other words, they are part of the infrastructure.</p><p>This interconnectedness means that if an MSP is compromised, attackers may gain horizontal access to the environments of multiple customers at once. <a href="https://en.wikipedia.org/wiki/Kaseya_VSA_ransomware_attack"><u>The Kaseya attack in 2021</u></a> demonstrated this at a global scale, but 2025 has shown it’s now a mainstream, recurring risk.</p><p>As a result, organizations must shift their mindset from “suppliers supporting the business” to “suppliers embedded inside the business architecture.” Visibility, governance, and shared security controls across MSP-managed systems are no longer optional but essential for maximum protection.</p><h2 id="protecting-the-human-layer">Protecting the human layer</h2><p>Recent breaches have been attributed to human vulnerabilities in organizations that supply products and services to others. The M&S incident appears to have been borne out of a social engineering tactic, giving an entry point into the organization that bypassed regular technical defences. These attacks are successful not through sophisticated technical exploitation but by manipulating individuals who already have legitimate access to systems.</p><p>Artificial intelligence (AI) has amplified these risks by scaling up more sophisticated social engineering attacks. AI-powered tools enable attackers to create more convincing phishing emails, generate realistic deepfake communications, and personalise attacks based on information gathered from social media and other public sources. AI has effectively lowered the barrier to entry for cybercriminals and also increased the potential impact of their activities.</p><p>While many organizations have invested heavily in internal cyber-awareness programmes, the new reality is that every supplier and MSP with environment access must be held to the same behavioural and security standards. Regular compliance checks, audits, and zero-trust approaches must be extended to the partner ecosystem. Without continuous validation, the most secure organization may still be exposed through a partner’s weakest link.</p><h2 id="the-importance-of-resilience-and-recovery">The importance of resilience and recovery</h2><p>After the security challenges of 2025, it's naive for anyone to believe that a complete modern security posture will prevent every breach. Beyond prevention, organizations must be able to detect, respond to, and recover from threats, including those triggered within their partner ecosystem.</p><p>This is where visibility becomes critical. Organizations need centralized oversight of MSP-managed systems, identity access, configuration drift, and partner-initiated changes. Hidden dependencies, particularly those controlled by partners, can dramatically extend downtime if they aren’t identified and tested in advance.</p><p>Our research showed big gaps in organizations being prepared to recover, with 84% of them lacking a decent incident response plan, and only 16% finding them effective if they had them. This means that most organizations need to find time and effort to actually test their plans before they're really needed. </p><p>Organizations need to define Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) for critical systems, and to have their eyes open to systems that might be hidden dependencies, including those run by third parties or their staff. These need to be tested regularly through drills - this helps identify dependencies and other challenges that may not be apparent when things are running normally.</p><p>Critical systems also require offline, immutable backups that cannot be compromised during an attack. Too often, organizations discover after an attack that backups managed or maintained by partners were incomplete, inaccessible, or misconfigured.</p><h2 id="conclusion">Conclusion</h2><p>The events of 2025 show that cyber attacks are increasingly sophisticated and now exploit not only technical vulnerabilities inside an organization but also those embedded throughout its supply chain. MSPs and channel partners, sitting at the centre of this ecosystem, have become both high-value targets and vital protectors.</p><p>Effective cybersecurity now requires that these organizations and their partners give equal attention to prevention and recovery capabilities, with the time taken to get back online having similar importance as the essential preventive measures. </p><p>Those that fully understand and lock down their supply chain from a security perspective, implement strict access controls with zero-trust architecture, and have properly tested recovery plans will have the best chance of surviving the next wave of threats to cybersecurity.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ What security teams need to know about the NSA's new zero trust guidelines ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/what-security-teams-need-to-know-about-the-nsas-new-zero-trust-guidelines</link>
                                                                            <description>
                            <![CDATA[ The new guidelines aim to move an organization from discovery to target-level implementation of zero trust practices ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">Y5v4AuNEvJ47NT68HRhdQ6</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/g5X65gMXSQmxvDLDVikQVH-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 02 Feb 2026 12:40:40 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/g5X65gMXSQmxvDLDVikQVH-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Logo and insignia of the United States National Security Agency (NSA) pictured on a smartphone screen held in hand above a laptop keyboard and screen.]]></media:description>                                                            <media:text><![CDATA[Logo and insignia of the United States National Security Agency (NSA) pictured on a smartphone screen held in hand above a laptop keyboard and screen.]]></media:text>
                                <media:title type="plain"><![CDATA[Logo and insignia of the United States National Security Agency (NSA) pictured on a smartphone screen held in hand above a laptop keyboard and screen.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/g5X65gMXSQmxvDLDVikQVH-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The US National Security Agency (NSA) has released Phase One and Phase Two of its Zero Trust Implementation Guidelines.</p><p>The <a href="https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4393480/nsa-releases-phase-one-and-phase-two-of-the-zero-trust-implementation-guidelines/" target="_blank"><u>guidelines</u></a> cover what's needed to achieve the Department of War's (DoW) targets for <a href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust">zero trust</a> maturity. </p><p>Phase One and Phase Two aim to move an organization from discovery to target-level implementation by mapping out the activities, requirements, precursors and successors that are needed. </p><p>According to the NSA, the phased design of the guidelines means they're modular and highly customizable, allowing the implementation of both foundational and advanced activities, as well as the ability to tailor them to align with individual goals and constraints.</p><p>They build on the NSA's Primer and Discovery Phases, released earlier this month, and are aligned with existing federal frameworks, including the DoW CIO’s Zero Trust Framework.</p><h2 id="what-the-zero-trust-guidelines-get-right">What the zero trust guidelines get right</h2><p>Brian Soby, <a href="https://www.itpro.com/strategy/28237/cto-job-description-what-does-a-cto-do">CTO </a>and co-founder of AppOmni, said there's a lot that the guidelines get right, adding that the move represents a positive step in helping organizations shore up <a href="https://www.itpro.com/security/identity-security-is-more-important-than-ever-heres-why">identity security</a>. </p><p>"The guidance pushes maturity beyond 'authenticate, then trust', toward ongoing decisions driven by what the user is doing, what privileges are being requested, and what resources are being touched," he said. </p><p>"That matters because the attacks that are winning right now are post-auth. Device posture and login checks are necessary, but against modern SaaS compromise they can be largely performative if you cannot detect abuse happening inside the session, inside the application."</p><p>Soby also praised the way that zero trust is presented as an operating model, not a product. </p><p>Policies are required to be centrally defined, consistently applied, continuously assessed, and enforced through co-ordinated policy decision points and policy enforcement points. </p><p>This includes requirements for real-time monitoring and automation to adapt as conditions change.  </p><p>When it comes to User and Entity Behavior Analytics (UEBA), Soby noted the guidance takes the right approach, focusing on behavior baselining, analytics, and context enrichment so that anomalies are detected based on behavioral patterns and resource access, not just simplistic indicators like login location.</p><p>"That's the right direction. ‘We saw a new IP’ is a weak signal,” he commented. “The higher-signal story is what happened in the application: Privilege use, data access, configuration changes, creation of integrations, unusual exports, and lateral movement across <a href="https://www.itpro.com/cloud/software-as-a-service-saas/362655/what-is-saas">SaaS </a>capabilities. </p><p>"The higher-signal story is what happened in the application: Privilege use, data access, configuration changes, creation of integrations, unusual exports, and lateral movement across SaaS capabilities."</p><h2 id="why-some-zero-trust-efforts-fall-flat">Why some zero trust efforts fall flat</h2><p>Soby warned that most zero trust implementation projects are missing the core points. A key factor here is that they focus too heavily on <a href="https://www.itpro.com/security/what-is-zero-trust-network-access-ztna">zero trust network access (ZTNA)</a> considerations, and ZTNA-only architectures are often easier to bypass.</p><p>Meanwhile, organizations fail to recognize that each application is its own policy decision point and policy enforcement point.</p><p>“This is the core point that gets ignored. The guidance treats policy decision points and policy enforcement points as essential building blocks that must be coordinated. The problem is that many organizations pretend the only real decision and enforcement happens at the identity provider or a proxy," he said. </p><p>"In reality, every application, SaaS or otherwise, is itself a policy decision point and policy enforcement point. The application decides what a user, integration, service account, or agent can do, and it enforces that decision.”</p><p>Soby noted this is “especially true” in cases where identities don’t “traverse the enterprise front door” - for example, with customers, partners, and external collaborators. </p><h3 class="article-body__section" id="section-follow-us-on-social-media"><span>FOLLOW US ON SOCIAL MEDIA</span></h3>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Fears over “AI model collapse” are fueling a shift to zero trust data governance strategies ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/fears-over-ai-model-collapse-are-fueling-a-shift-to-zero-trust-data-governance-strategies</link>
                                                                            <description>
                            <![CDATA[ Gartner warns of "model collapse" as AI-generated data proliferates – and says organizations need to beware ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">jfdsUzHmNHhmH3JsjBzq8d</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Ux3V79nc6iXyfwiHXRzQi3-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 22 Jan 2026 08:50:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Ux3V79nc6iXyfwiHXRzQi3-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[AI zero trust concept image showing shield symbol with digitized human brain in a circle, with distributed red data points with skull symbols.]]></media:description>                                                            <media:text><![CDATA[AI zero trust concept image showing shield symbol with digitized human brain in a circle, with distributed red data points with skull symbols.]]></media:text>
                                <media:title type="plain"><![CDATA[AI zero trust concept image showing shield symbol with digitized human brain in a circle, with distributed red data points with skull symbols.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Ux3V79nc6iXyfwiHXRzQi3-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Fears over unverified AI-generated data are pushing organizations to implement a zero trust posture for stronger data governance.</p><p><a href="https://www.itpro.com/technology/artificial-intelligence/three-open-source-large-language-models-you-can-use-today">Large language models (LLMs)</a> are typically trained on web-scraped data, and as the use of generative AI grows these sources increasingly contain AI-generated content. </p><p>This is set to accelerate in the coming years, according to Gartner. Analysis from the consultancy found 84% of respondents expect their organization to increase funding for <a href="https://www.itpro.com/technology/artificial-intelligence-ai/369959/what-is-generative-ai">generative AI</a> in 2026 – meaning that the volume of AI-generated data will continue to rise. </p><p>As a result, future generations of LLMs will increasingly be trained on outputs from previous models – outputs that may be inaccurate or biased. This means an ever-heightening risk of “model collapse,” where <a href="https://www.itpro.com/technology/artificial-intelligence/amazing-ai-tools-to-try-today">AI tools’</a> responses may no longer accurately reflect reality.</p><p>"Organizations can no longer implicitly trust data or assume it was human-generated,” said Wan Fui Chan, managing VP at Gartner. </p><p>“As AI-generated data becomes pervasive and indistinguishable from human-created data, a zero trust posture establishing authentication and verification measures is essential to safeguard business and financial outcomes.” </p><p>By 2028, Gartner found the proliferation of unverified AI-generated data is set to have prompted 50% of organizations to have implemented a zero trust posture for data governance.</p><p>Active metadata management practices will become a key differentiator for firms, the consultancy said, and organizations should consider taking several strategic actions.</p><h2 id="how-to-approach-a-zero-trust-data-governance-strategy">How to approach a zero trust data governance strategy</h2><p>According to Gartner, IT leaders should appoint a dedicated AI governance leader, responsible for AI governance, including zero trust policies, AI risk management, and compliance operations. </p><p>This person should work closely with data and analytics (D&A) teams to make sure that both AI-ready data and systems are capable of handling AI-generated content.</p><p>Cross-functional teams should also be established, including cybersecurity, D&A, and other relevant stakeholders. </p><p>These teams will carry out comprehensive data risk assessments to identify business risks related to AI-generated data - and decide which activities need new strategies.</p><p>Elsewhere, building on current D&A governance frameworks will be crucial to tackling the issue, according to Gartner. The creation of new or updated frameworks will focus primarily on updating security, metadata management, and ethics-related policies to address new risks arising from AI-generated data.</p><h2 id="regulatory-compliance-challenges-are-afoot">Regulatory compliance challenges are afoot</h2><p>As AI-generated content becomes more prevalent, Chan warned that regulatory requirements for verifying ‘AI-free’ data are likely to intensify. </p><p>Crucially, these could differ significantly across geographies, posing serious compliance challenges. </p><p>“In this evolving regulatory environment, all organizations will need the ability to identify and tag AI-generated data," he warned. </p><p>"Success will depend on having the right tools and a workforce skilled in information and knowledge management, as well as metadata management solutions that are essential for data cataloguing.” </p><h3 class="article-body__section" id="section-follow-us-on-social-media"><span>FOLLOW US ON SOCIAL MEDIA</span></h3>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft opens up Entra Agent ID preview with new AI features ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/microsoft-opens-up-entra-agent-id-preview-with-new-ai-features</link>
                                                                            <description>
                            <![CDATA[ Microsoft Entra Agent ID aims to help manage influx of AI agents using existing tools ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">XyFFfuCnEbBDv42E2pU5GB</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ZumXBeY7CSrC287cDeWJWN-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 18 Nov 2025 16:00:00 +0000</pubDate>                                                                                                                                <updated>Tue, 18 Nov 2025 20:02:41 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Nicole Kobie ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/8Y8JDDTQ7XDEk49FoAFP2S.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Nicole Kobie first started writing for ITPro in 2007. As a freelance journalist covering technology and business, Nicole&#039;s work includes  bylines in New Scientist, Wired, PC Pro and many more. &lt;/p&gt;&lt;p&gt;Nicole the author of a book about the history of technology, The Long History of the Future.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/ZumXBeY7CSrC287cDeWJWN-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Microsoft logo and branding pictured at the company&#039;s vendor stall at Mobile World Congress (MWC) in Barcelona, Spain. ]]></media:description>                                                            <media:text><![CDATA[Microsoft logo and branding pictured at the company&#039;s vendor stall at Mobile World Congress (MWC) in Barcelona, Spain. ]]></media:text>
                                <media:title type="plain"><![CDATA[Microsoft logo and branding pictured at the company&#039;s vendor stall at Mobile World Congress (MWC) in Barcelona, Spain. ]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ZumXBeY7CSrC287cDeWJWN-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Microsoft says agentic AI has helped identity and network access teams spot more than 200% more missing baseline policies – so now it's widening the public preview of its Entra Agent ID to keep tabs on agents and other new risks to zero trust strategies. </p><p>Microsoft first unveiled a preview of Entra Agent ID in May, and Joy Chik, president of identity and network access at the tech giant, said it quickly became clear that few companies were aware how many agents were active in their environment. </p><p>"Before you can securely manage, protect, and govern this new type of identity, you need visibility," Chik said in a blogpost. </p><p>"Then you need the right controls, because agent sprawl can quickly lead to excessive permissions, orphaned accounts, and increased risk."</p><p>Chik cited a recent Microsoft study that found admins using its Conditional Access Optimization Agent in Microsoft Entra finished key tasks 43% faster and with 48% more accuracy. Alongside that, she reported a 204% improvement in spotting missing baseline policies.</p><h2 id="new-ai-tools-for-access">New AI tools for access</h2><p>Microsoft has now added new tools to its existing Entra solution, which manages identity and network access, to help manage and govern agents, secure access to AI resources for the workforce, and strengthen security via multi-layer access controls. </p><p>Chik added that the wider Microsoft Entra Suite is getting new <a href="https://www.itpro.com/strategy/28181/what-is-ai">AI </a>powered features. </p><p>"First, we’re expanding Microsoft Entra Internet Access to secure access to and usage of generative AI (GenAI) at the network level," she said. </p><p>"Our Secure Web Gateway (SWG) is now a Secure Web and AI Gateway. It allows you to secure, govern, and monitor access to any AI or agent from any provider, running on any platform."</p><h2 id="what-to-expect-with-entra-agent-id">What to expect with Entra Agent ID</h2><p>Entra Agent ID allows companies to use the same tools for workforce identification as it does for AI agents, Chik said. That includes maintaining an inventory of an agent fleet, regulating access to resources and data, and governing them via corporate policies. </p><p>"Lifecycle management and IT-defined guardrails, for both agents and the people who create and manage them, keep your agent fleet under control," she added.</p><p>The Public Preview of Entra Agent ID also now features AI-powered tools including prompt injection protection, network file filtering, and blocking unsanctioned access to <a href="https://www.itpro.com/technology/artificial-intelligence/what-is-model-context-protocol-mcp">Model Context Protocols (MCP)</a>, which allow AI agents access. </p><p>Plus, Entra Agent ID now detects shadow AI, helping security teams spot unsanctioned AI tools and letting them monitor usage trends and block risky apps. </p><p>"With these controls, you can accelerate GenAI adoption while maintaining compliance and reducing risk, so employees can experiment with new AI tools safely," Chik added. </p><p>Beyond those tools, the public preview also includes user-centric access reviews, risk-based approval in entitlement management, threat intelligence and URL filtering, and guest access. </p><h2 id="safer-access-for-ai-agents">Safer access for AI agents</h2><p>Microsoft Entra Agent ID can also manage access to Microsoft Agent 365, the dashboard for AI agents unveiled at Microsoft's <em>Ignite </em>conference. </p><p>"It takes the same infrastructure that you trust to manage and secure your people and extends it to agents, equipping frontier organizations with leading Microsoft security, productivity, and collaboration solutions," Chik added. </p><p>The launch marks the latest in a string of product announcements at the tech giant’s annual conference in San Francisco, which naturally has had a sharp focus on <a href="https://www.itpro.com/technology/artificial-intelligence/the-tech-industry-is-becoming-swamped-with-agentic-ai-solutions-analysts-say-thats-a-serious-cause-for-concern">agentic AI</a>. </p><p>Microsoft introduced its own MCP Server for enterprise at the event. Entra can be used to manage access, with Agent ID handling authentication and least-privilege access controls. </p><h3 class="article-body__section" id="section-more-from-itpro"><span>MORE FROM ITPRO</span></h3><ul><li><a href="https://www.itpro.com/technology/artificial-intelligence/microsoft-get-used-to-working-with-ai-powered-digital-colleagues">Microsoft: get used to working with AI-powered "digital colleagues"</a></li><li><a href="https://www.itpro.com/business/microsoft-expects-1-3-billion-ai-agents-to-be-in-operation-by-2028-heres-how-it-plans-to-get-them-working-together">Microsoft expects 1.3 billion AI agents to be in operation by 2028 – here’s how it plans to get them working together</a></li><li><a href="https://www.itpro.com/security/malware/microsoft-quietly-launched-an-ai-agent-that-can-reverse-engineer-and-detect-malware">Microsoft quietly launched an AI agent that can detect and reverse engineer malware</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Research shows the financial benefits of implementing zero trust ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/research-shows-the-financial-benefits-of-implementing-zero-trust</link>
                                                                            <description>
                            <![CDATA[ With zero trust shown to drastically reduce the number of cyber incidents, insurers are catching on and lowering premiums ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">SuSLT2bkr3RFUooy8LQYqC</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/vDg8UVP5EYQEhXg8fd28ye-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 11 Jun 2025 09:42:12 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/vDg8UVP5EYQEhXg8fd28ye-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Zscaler logo pictured on the company headquarters in Silicon Valley, USA.]]></media:description>                                                            <media:text><![CDATA[Zscaler logo pictured on the company headquarters in Silicon Valley, USA.]]></media:text>
                                <media:title type="plain"><![CDATA[Zscaler logo pictured on the company headquarters in Silicon Valley, USA.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/vDg8UVP5EYQEhXg8fd28ye-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Properly implemented <a href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust">zero trust security</a> could head off nearly a third of cyber attacks globally, saving up to $465 billion in financial losses every year.</p><p>An <a href="https://www.zscaler.com/resources/industry-reports/cyber-loss-prevention-with-zero-trust-solutions.pdf">analysis</a> of hundreds of thousands of cyber incidents by cloud security firm Zscaler found that the overall figure was higher in Europe, where 41% of events were assessed as being potentially preventable through zero trust architecture, compared with just 31% in North America.</p><p>It's companies with over US $1 billion in revenue that have the most to gain from deploying zero trust. In 2023, the researchers said, zero trust could have averted as many as six in ten of all incidents involving companies with revenue over $100 billion.</p><p>The industries with the most to gain, meanwhile, were construction, wholesale trade, information, and manufacturing. Finance and insurance, mining oil and gas, and utilities were assessed as likely to see the smallest benefit from <a href="https://www.itpro.com/security/does-every-business-need-zero-trust">zero trust</a>, although even here, it could have averted at least one in five incidents.</p><p>"This report underscores the importance of recognizing zero trust as a fundamental cybersecurity control that fortifies cyber hygiene," said Stephen Singh, global vice president for M&A/divestiture and cyber risk at Zscaler.</p><p>"With the external attack surface identified as a key predictor of potential breaches, adopting zero trust and phasing out outdated, high-risk technologies such as firewalls and VPNs shows a dramatic reduction in risk exposure."</p><p>It's the rising tide of ransomware – up 126% over the year – that's making zero trust more vital. And while attacks by some of the larger ransomware gangs are becoming increasingly sophisticated, Zscaler said many of these could have been mitigated by the use of zero trust.</p><p>Implementing zero trust can also make for cheaper insurance, with some cyber insurance underwriters taking it into account when calculating business risk.</p><p>"We now have independent validation that zero trust offers significant benefits for cyber security practitioners responsible for mitigating business risk - companies that prioritize zero trust investments gain a significant edge as cyber defenders," said Darin Hurd, CISO at Guaranteed Rates.</p><p>And, said Tim Riley, SVP of product at cyber insurer Resilience, "Through our ongoing engagement with clients to quantify and mitigate cyber risk, Resilience can affirm that adopting a zero trust architecture strengthens an organization's ability to withstand and recover from cyber incidents."</p><p>Organizations do seem to be catching on to the benefits. A recent <a href="https://www.itpro.com/security/zero-trust-gains-momentum-amid-growing-network-visibility-challenges">report</a> from AlgoSec, for example, found that more than half of organizations are now fully or partially implementing zero trust, although one in five said they were still in the learning phase.</p><p>And, the researchers found, some were struggling, finding it difficult to translate zero trust principles into actionable policies, especially when it came to complex multi-cloud and hybrid environments.</p><p>But, said Scott Stransky, managing director and head of the Marsh McLennan Cyber Risk Intelligence Center, and leader of the Zscaler study, "The large cost associated with the lack of zero trust reveals its true value to companies and the cyber world."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft ramps up zero trust capabilities amid agentic AI push  ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/microsoft-ramps-up-zero-trust-capabilities-amid-agentic-ai-push</link>
                                                                            <description>
                            <![CDATA[ The move from Microsoft looks to bolster agent security and prevent misuse ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">2GpCpXuaz8U8VTiS8UKdc8</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/LsZwDKL82kKzpqRv9dSaEg-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 21 May 2025 15:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Nicole Kobie ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/8Y8JDDTQ7XDEk49FoAFP2S.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Nicole Kobie first started writing for ITPro in 2007. As a freelance journalist covering technology and business, Nicole&#039;s work includes  bylines in New Scientist, Wired, PC Pro and many more. &lt;/p&gt;&lt;p&gt;Nicole the author of a book about the history of technology, The Long History of the Future.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/LsZwDKL82kKzpqRv9dSaEg-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Agentic AI concept image showing human brain split in two halves, with one side digitized on a grid pattern and the other illuminated in yellow with brainwaves emitting. ]]></media:description>                                                            <media:text><![CDATA[Agentic AI concept image showing human brain split in two halves, with one side digitized on a grid pattern and the other illuminated in yellow with brainwaves emitting. ]]></media:text>
                                <media:title type="plain"><![CDATA[Agentic AI concept image showing human brain split in two halves, with one side digitized on a grid pattern and the other illuminated in yellow with brainwaves emitting. ]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/LsZwDKL82kKzpqRv9dSaEg-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>AI agents need to be treated like any other employee, at least when it comes to security, and that means they can't be trusted by default and need their own secure identification. </p><p>With <a href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust">zero trust</a> in mind, Microsoft will be extending its security and identity tools — Entra, Purview, and Defender — to cover AI agents developed using its own tools, as well as a few key partners. </p><p>"These announcements underscore our commitment to providing comprehensive security and governance for <a href="https://www.itpro.com/strategy/28181/what-is-ai">AI</a>, with technology built on the security lessons of the past and in line with our Secure Future Initiative principles," noted Vasu Jakkal, Corporate Vice President at Microsoft Security, in a <a href="https://www.microsoft.com/en-us/security/blog/2025/05/19/microsoft-extends-zero-trust-to-secure-the-agentic-workforce/" target="_blank"><u>blog post</u></a>. </p><p>The zero trust announcement comes alongside wider AI news from Microsoft's Build conference, held in Seattle this week, including the <a href="https://blogs.microsoft.com/blog/2025/05/19/microsoft-build-2025-the-age-of-ai-agents-and-building-the-open-agentic-web/" target="_blank"><u>general availability of Azure AI Foundry Agent Service</u></a> to help companies deploy agentic AI using pre-built or custom agents. </p><p>Alongside the zero trust announcements, Microsoft also <a href="https://techcommunity.microsoft.com/blog/microsoft-security-blog/enterprise-grade-controls-for-ai-apps-and-agents-built-with-azure-ai-foundry-and/4414757"><u>revealed</u></a> evaluation and monitoring tools built into Azure AI Foundry to help detect and block prompt injections as well as task adherence to keep agents in line. </p><p><a href="https://www.itpro.com/technology/artificial-intelligence/big-tech-poised-to-capitalize-on-usd10-trillion-global-services-market-through-agentic-ai">Agentic AI</a> is the latest big tech trend, with industry leaders previously suggesting this marks the latest step in the natural evolutionary path of generative AI. But concerns over security have come to the fore as the industry pivots to the technology. </p><p>Earlier this year, <em>ITPro </em>was told that while AI agents could mark a step change in cybersecurity, the technology <a href="https://www.itpro.com/security/cyber-crime/agentic-ai-cybersecurity-risks"><u>also has the potential to leave enterprises vulnerable</u></a> to a range of new threats. </p><p>Microsoft has made its intentions clear in the agentic AI space, having already <a href="https://www.itpro.com/technology/artificial-intelligence/microsoft-launches-new-security-ai-agents-to-help-overworked-cyber-professionals"><u>unveiled agents for its Security Copilot</u></a> service. These new security features look to further bolster protection for enterprises dabbling in the technology. </p><h2 id="microsoft-entra-agent-id">Microsoft Entra Agent ID</h2><p>Microsoft has unveiled a system for managing and security agentic AI called Microsoft Entra Agent ID, which manages AI agents to ensure they don't have access to data, apps, or other infrastructure without first being validated via the zero trust policy. </p><p>"Now, AI agents created within Microsoft Copilot Studio and Azure AI Foundry are automatically assigned identities in a Microsoft Entra directory — analogous to etching a unique VIN into every new car and registering it before it leaves the factory — centralizing agent and user management in one solution," said Jakkal.</p><p>The system will work with ServiceNow and Workday, integrating into their agent platforms and providing automated provisioning of identities, Jakkal added. </p><h2 id="purview-and-defender">Purview and Defender </h2><p>Alongside Entra Agent ID, Microsoft is also extending its Purview data security and compliance controls to AI agents built within Azure AI Foundry and Copilot Studio, as well as custom-built AI apps via a new software development kit (SDK). </p><p>"Developers can leverage these controls to help reduce the risk of their AI applications oversharing or leaking data, and to support compliance efforts, while security teams gain visibility into AI risks and mitigations," Jakkal said. "This integration improves AI data security and streamlines compliance management for development and security teams."</p><p>Similarly, the tech giant is adding security tools from Defender directly into Azure AI Foundry. </p><p>Jakkal noted that this integration “reduces the tooling gap” between security and development teams, meaning the latter can “proactively mitigate AI application risks” and potential vulnerabilities. </p><h3 class="article-body__section" id="section-more-from-itpro"><span>MORE FROM ITPRO</span></h3><ul><li><a href="https://www.itpro.com/software/development/openai-just-launched-codex-a-new-ai-agent-for-software-engineering">OpenAI just launched 'Codex', a new AI agent for software engineering</a></li><li><a href="https://www.itpro.com/business/microsoft-expects-1-3-billion-ai-agents-to-be-in-operation-by-2028-heres-how-it-plans-to-get-them-working-together">Microsoft expects 1.3 billion AI agents to be in operation by 2028 – here’s how it plans to get them working together</a></li><li><a href="https://www.itpro.com/software/development/github-copilot-coding-agent-launch">GitHub just unveiled a new AI coding agent for Copilot – and it’s available now</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Zero trust gains momentum amid growing network visibility challenges ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/zero-trust-gains-momentum-amid-growing-network-visibility-challenges</link>
                                                                            <description>
                            <![CDATA[ Organizations are looking to automation, orchestration, and risk mitigation as key security priorities ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">B6o8Gwr4vbPb4yGStY5xqc</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/t5zGC2uXPBqGdnfQdHUCeS-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 04 Apr 2025 10:51:39 +0000</pubDate>                                                                                                                                <updated>Fri, 04 Apr 2025 12:01:31 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/t5zGC2uXPBqGdnfQdHUCeS-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[IoT cybersecurity concept image showing a digitized padlock sitting on a blue circuit board atop network traffic.]]></media:description>                                                            <media:text><![CDATA[IoT cybersecurity concept image showing a digitized padlock sitting on a blue circuit board atop network traffic.]]></media:text>
                                <media:title type="plain"><![CDATA[IoT cybersecurity concept image showing a digitized padlock sitting on a blue circuit board atop network traffic.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/t5zGC2uXPBqGdnfQdHUCeS-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Network visibility challenges and rising cyber threats are prompting a step change in security strategies, according to new research, with firms ramping up <a href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust">zero trust</a> capabilities.</p><p>Findings from AlgoSec’s <a href="https://www.algosec.com/lp/network-security-report2025" target="_blank"><u>2025 State of Network Security</u></a> report show seven-in-ten security teams report visibility issues, which is delaying threat detection and response. </p><p>Respondents to a survey by the firm warned that a lack of insight into application connectivity and poor alignment of security policies on these fronts now represent ‘significant’ risks for enterprises. </p><p>Notably, a key factor behind these challenges lies in the increased adoption of multi-cloud architectures, the report noted. Running parallel to <a href="https://www.itpro.com/cloud/34476/what-is-multi-cloud">multi-cloud</a> adoption strategies, many firms are now accelerating the adoption of <a href="https://www.itpro.com/security/cognizant-and-zscaler-expand-partnership-to-launch-new-ai-powered-zero-trust-security-tools">zero trust tools</a> and practices. </p><p>"As businesses expand their digital footprints across hybrid and multi-cloud environments, securing network infrastructure has become a top challenge," said Eran Shiff, VP of product at AlgoSec. </p><p>"We are seeing a major shift toward automation, orchestration and risk mitigation as key security priorities. Adoption of <a href="https://www.itpro.com/software-defined-wide-area-network-sd-wan/33346/what-is-sd-wan">SD-WAN</a> and <a href="https://www.itpro.com/cloud/cloud-security/what-is-secure-access-service-edge-sase">SASE </a>continues to rise, while awareness of AI-driven security and zero-trust principles is stronger than ever." </p><p><a href="https://www.itpro.com/security/firewalls">Firewalls </a>were another major worry cited by security professionals, according to AlgoSec’s report. Multi-vendor strategies are making firewall deployment more challenging thanks to the need for robust orchestration tools to prevent misconfigurations, maintain compliance, and reduce operational overhead.</p><h2 id="zero-trust-challenges">Zero trust challenges</h2><p>More than half (56%) of organizations are now fully or partially implementing zero trust, although one-in-five said they were still in the learning phase, AlgoSec found.</p><p>Security teams did highlight significant challenges in their zero trust journey, however. The study noted that teams often struggle to translate zero trust principles into actionable policies, particularly in complex multi-cloud and hybrid environments. </p><p>"This underscores the need for better education, clearer frameworks, and improved tooling to help businesses move beyond basic zero trust principles toward more robust, policy-driven implementations," the researchers said.</p><p>SASE adoption is also growing, with six-in-ten respondents saying they use it for deployment, up from 54% last year.</p><p>Similarly, AlgoSec highlighted a widespread move to <a href="https://www.itpro.com/security/ai-security-tools-promise-to-supercharge-productivity-but-experts-worry-cyber-pros-could-become-too-reliant">AI security tools</a>, which organizations said were improving real-time threat detection. Once again, implementation practices are still a key challenge alongside data privacy concerns. </p><p>Automation is now critical, the report found, with application connectivity automation ranked as the top priority for minimizing risk and downtime.</p><p>"Looking ahead, businesses that embrace proactive automation, centralized security policy enforcement, and risk-based decision-making will be best positioned to navigate the next phase of network security evolution," the report concludes. </p><p>"As organizations continue to adopt hybrid architectures, AI-driven security solutions, and zero-trust principles, the ability to adapt, automate, and secure at scale will be critical in ensuring a resilient and future-ready network security strategy."</p><h3 class="article-body__section" id="section-more-from-itpro"><span>MORE FROM ITPRO</span></h3><ul><li><a href="https://www.itpro.com/security/implementing-zero-trust-with-the-internet-of-things-iot">Implementing zero trust with the Internet of Things (IoT)</a></li><li><a href="https://www.itpro.com/security/why-businesses-should-embrace-the-zero-trust-networking-trend">Why businesses should embrace the zero trust networking trend</a></li><li><a href="https://www.itpro.com/security/zero-trust-more-than-security-foundation-for-digital-transformation">Zero trust is about more than security – it's the foundation for digital transformation</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Billions of IoT devices will need to be secured in the next four years – zero trust could be the key to success ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/iot-security-zero-trust-architecture</link>
                                                                            <description>
                            <![CDATA[ Researchers have warned more than 28 billion IoT devices will need to be secured by 2028 as attacks on connected devices surge. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">zpp4XSZpbQpqEGPdWupU84</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/t5zGC2uXPBqGdnfQdHUCeS-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 20 Feb 2025 09:00:00 +0000</pubDate>                                                                                                                                <updated>Fri, 21 Feb 2025 12:40:33 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/t5zGC2uXPBqGdnfQdHUCeS-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[IoT cybersecurity concept image showing a digitized padlock sitting on a blue circuit board atop network traffic.]]></media:description>                                                            <media:text><![CDATA[IoT cybersecurity concept image showing a digitized padlock sitting on a blue circuit board atop network traffic.]]></media:text>
                                <media:title type="plain"><![CDATA[IoT cybersecurity concept image showing a digitized padlock sitting on a blue circuit board atop network traffic.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/t5zGC2uXPBqGdnfQdHUCeS-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>With the number of <a href="https://www.itpro.com/cloud-computing/28037/what-is-iot">IoT</a> devices expected to skyrocket in the next four years, researchers have called on more robust <a href="https://www.itpro.com/security/28133/what-is-cyber-security">cybersecurity</a> protections to counter a wave of rising threats. </p><p>In a new <a href="https://www.juniperresearch.com/research/iot-emerging-technology/iot-security/iot-cybersecurity-market-report/?utm_source=vuelio&utm_medium=email&utm_id=pr2_iotcybersecurity_emerging_emerging_feb25" target="_blank"><u>study by Juniper Research</u></a>, the number of devices is set to hit 28 billion globally by 2028. However, amidst this sharp growth, the increasing complexity of IoT networks means there's a greater need for effective frameworks that underpin security solutions. </p><p>A key factor in this call to action is the fact that industry has a fragmented approach to <a href="https://www.itpro.com/cloud/cloud-security/iot-security-strategy-an-arms-race-for-businesses">IoT security</a>, researchers said. </p><p>"The IoT cybersecurity market is expected to reach $51 billion by 2028; partly driven by adoption from SMEs," said research author Michelle Joynson. </p><p>"To capitalize, vendors must simplify their solutions in a time when IoT architectures are becoming increasingly complex, and a greater number of connectivity technologies are used."</p><p>IDC advises enterprise IoT users to protect themselves against high-risk events such as data breaches, financial losses, and regulatory non-compliance by implementing <a href="https://www.itpro.com/security/what-is-zero-trust-network-access-ztna">zero trust architecture (ZTA)</a> frameworks as a priority. </p><p>"ZTA frameworks operate on the principle that no device on a network is to be inherently trusted; requiring constant authentication," said IDC. </p><p>"These frameworks also offer greater visibility of IoT device activity through continuous authentication; enabling earlier threat detection and mitigation."</p><p>As for vendors, the scale of expected IoT growth and rapid pace of digitalization by SMBs means these frameworks will need to be deployed across IoT networks of various sizes. </p><p>As the number of networks grows, vendors should be leveraging the scalability of their ZTA frameworks to make sure that cybersecurity solutions can keep pace. </p><h2 id="iot-remains-a-security-blind-spot-for-enterprises">IoT remains a security blind spot for enterprises</h2><p>IoT has become something of a wild west in terms of security, with connected devices representing the biggest targets in the UK last year. </p><p>Research from Beaming, for example, found there were at least 161 attacks on IoT devices per day, with threat actors increasingly targeting applications such as building control systems, network-enabled printers, <a href="https://www.itpro.com/business/business-operations/367876/best-network-monitoring-tools">remote monitoring tools</a>, and industrial control systems.  </p><p>According to the UK's <a href="https://www.itpro.com/security/what-is-the-national-cyber-security-centre-ncsc-and-what-does-it-do">National Cyber Security Centre (NCSC)</a>, many devices aren't secure by design or by default, aren't given regular firmware updates, or have weak authentication measures with limited logging, making it hard to detect suspicious activity.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="qQyHwhHoccvsxdAQrEgLgJ" name="Fortinet’s tested and validated architectures for cloud network security" caption="" alt="Fortinet’s tested and validated architectures for cloud network security" src="https://cdn.mos.cms.futurecdn.net/qQyHwhHoccvsxdAQrEgLgJ.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Fortinet)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/cloud-security/fortinets-tested-and-validated-architectures-for-cloud-network-security"><em>Speed up cloud deployment and improve security</em></a></p></div></div><p>Similarly, many may not be configured securely, lack proper network segmentation, or use unsupported or end-of-life (EOL) hardware.</p><p>Last year, analysis from WithSecure identified a steep rise in security incidents caused by the mass exploitation of IoT and edge devices, including <a href="https://www.itpro.com/security/why-the-moveit-breach-still-lives-rent-free-in-the-minds-of-it-leaders">MOVEit</a>, CitrixBleed, Cisco XE, <a href="https://www.itpro.com/security/cyber-security/359119/us-agencies-warn-of-fortinet-fortios-vulnerabilities-being-exploited">Fortinet’s FortiOS</a>, <a href="https://www.itpro.com/security/ivanti-connect-secure-flaws-have-been-targeted-250000-times-a-day-since-january-and-hackers-show-no-signs-of-stopping">Ivanti ConnectSecure</a>, Palo Alto’s PAN-OS, Juniper’s Junos, and <a href="https://www.itpro.com/security/ransomware/screenconnect-vulnerabilities-are-incredibly-trivial-to-exploit-researchers-warn">ConnectWise ScreenConnect</a>.</p><p>Earlier this month, the Five Eyes cybersecurity agencies released <a href="https://www.itpro.com/security/five-eyes-cyber-agencies-issue-guidance-on-edge-device-vulnerabilities">guidance on how to secure edge devices</a>, including IoT devices, recommending that they include and enable standard logging and forensic features that are robust and secure by default.</p><h3 class="article-body__section" id="section-more-from-itpro"><span>MORE FROM ITPRO</span></h3><ul><li><a href="https://www.itpro.com/infrastructure/internet-of-things/new-industry-backed-iot-security-standards-aim-to-improve-device-safety">New industry-backed IoT standards aim to bolster security</a></li><li><a href="https://www.itpro.com/security/implementing-zero-trust-with-the-internet-of-things-iot">Implementing zero trust with the Internet of Things</a></li><li><a href="https://www.itpro.com/internet-of-things-iot/30844/what-the-internet-of-things-iot-means-for-data-security">What the Internet of Things (IoT) means for data security</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Cognizant and Zscaler expand partnership to launch new AI-powered zero trust security tools ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/cognizant-and-zscaler-expand-partnership-to-launch-new-ai-powered-zero-trust-security-tools</link>
                                                                            <description>
                            <![CDATA[ The pair’s expanded partnership aims to help customers simplify their security setups while tackling evolving cyber threats ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">vXU6ZMsZTpg32aPZ9QbZa7</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/vDg8UVP5EYQEhXg8fd28ye-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 12 Dec 2024 11:42:22 +0000</pubDate>                                                                                                                                <updated>Fri, 13 Dec 2024 11:26:21 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (Daniel Todd) ]]></author>                    <dc:creator><![CDATA[ Daniel Todd ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/SRyC34qeLpNDj3dJtsVDhT.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/vDg8UVP5EYQEhXg8fd28ye-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Zscaler logo pictured on the company headquarters in Silicon Valley, USA.]]></media:description>                                                            <media:text><![CDATA[Zscaler logo pictured on the company headquarters in Silicon Valley, USA.]]></media:text>
                                <media:title type="plain"><![CDATA[Zscaler logo pictured on the company headquarters in Silicon Valley, USA.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/vDg8UVP5EYQEhXg8fd28ye-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Cognizant has announced an expansion of its existing partnership with Zscaler in a move designed to help customers simplify their security with AI-enabled zero trust <a href="https://www.itpro.com/cloud-security/34458/what-is-cloud-security">cloud security</a> solutions.</p><p>The freshly extended collaboration will see the pair offer AI-powered coordinated solutions and services to reduce organizations’ overall security complexity while maximizing security posture.</p><p>In an announcement, <a href="https://www.itpro.com/business/acquisition/cognizant-enhances-engineering-capabilities-with-dollar129-billion-belcan-acquisition">Cognizant</a> CEO Ravi Kumar S said the move comes in response to the continued industry-wide challenges of increasing operational costs, skill shortages, and an evolving cyber threat landscape.</p><p>“<a href="https://www.itpro.com/technology/artificial-intelligence-ai/369959/what-is-generative-ai">Generative AI</a> adds new dimensions to the scale and complexity of securing modern applications used by a technology-native workforce eager to unlock the value of unclassified, unvetted data,” he explained. </p><p>“Together, Cognizant and Zscaler are committed to providing cutting-edge, AI-enabled and cost-effective solutions that help clients stay ahead of the threat curve.”</p><p>The pair said the partnership will enable customers to streamline policy enforcement, bolster threat protection, and proactively isolate threats through an AI-powered cyber risk quantification offering backed by several key capabilities.</p><p>Organizations can leverage secure access service edge (SASE) to accelerate zero trust security and enable users, manage security at access points, improve the user experience, as well as optimize security costs.</p><p>The offering is also supported by secure branch capabilities through Zscaler’s Smart & Safe Store / Branch <a href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust">zero trust</a> architecture for <a href="https://www.itpro.com/data-management/30216/three-keys-to-successful-data-management">data management</a> and storage. </p><p>This will be complement by secure <a href="https://www.itpro.com/hybrid-cloud/29668/what-is-hybrid-cloud">hybrid cloud</a> designed to amplify visibility, reduce threat posture, and simplify security policy management for hybrid cloud infrastructure, the pair said.</p><p>As a Zscaler customer, Cognizant said it will be empowered to accelerate business growth and help customers benefit from enhanced security capabilities. The firm also reiterated its commitment to investing in and further expanding its cyber security practice.</p><p>“We are excited to not only welcome Cognizant as a new Zscaler customer but also deepen our collaboration to help enterprises accelerate their Zero Trust security initiatives,” commented Jay Chaudhry, Zscaler’s CEO, chairman and founder. </p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="T4FypPWw8ouk2bKU9uqWph" name="Future_proofing_operations_thumbnail.png" caption="" alt="A whitepaper from BT on future proofing operations" src="https://cdn.mos.cms.futurecdn.net/T4FypPWw8ouk2bKU9uqWph.png" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: BT)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/infrastructure/future-proofing-operations"><em>Securely move data from different sources</em></a></p></div></div><p>“Legacy perimeter-based security solutions are not designed to deliver true zero trust, which can allow bad actors to infiltrate corporate networks and move laterally undetected while compromising sensitive data.</p><p>“Together, we aim to dramatically reduce business risk for our joint customers and provide comprehensive security solutions that address the needs of the highly mobile workforce and cloud-first enterprises as they continue their business transformation.”</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ The evolution of SASE and its importance in zero trust ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/the-evolution-of-sase-and-its-importance-in-zero-trust</link>
                                                                            <description>
                            <![CDATA[ SASE has been an increasingly important security framework for five years – but integrating zero trust is crucial to its success ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">abmwGx5QkDF3rNeWUgBdGA</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/SRBrHvHJLs4K7c6zPDPvVU-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 30 Sep 2024 07:03:18 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ keumars.afifi-sabet@futurenet.com (Keumars Afifi-Sabet) ]]></author>                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                    <sponsoredContent>true</sponsoredContent>
                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/SRBrHvHJLs4K7c6zPDPvVU-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Zero trust graphic to showcase how it interfaces with IoT]]></media:description>                                                            <media:text><![CDATA[Zero trust graphic to showcase how it interfaces with IoT]]></media:text>
                                <media:title type="plain"><![CDATA[Zero trust graphic to showcase how it interfaces with IoT]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/SRBrHvHJLs4K7c6zPDPvVU-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The secure access service edge (SASE) model has come a long way since it was first coined five years ago – and offers a variety of capabilities to help organizations cope with securing networks as cyber security threats evolve. Such an architecture is a radical departure from the cumbersome and complex systems of old — and presents a radical simplicity for businesses hoping to combine networking and security as a service pillars into a cloud-deliverable service at the network edge. </p><p>The need for SASE has largely been driven in recent years by changing working patterns, and the knock-on effect for organizations around the world. The surge in cloud computing following COVID-19 also lent itself well to the need to embrace SASE solutions, especially with an organization&apos;s network perimeter expanding into unknown territory. As Forrester analyst senior analyst Tope Olufon puts it when speaking to ITPro: “An increasingly distributed workforce and an increased adoption of cloud computing means the concept of a perimeter has become increasingly fuzzy.”</p><p>Of the many components of SASE, one of the most crucial is zero trust network access (ZTNA) – which, when integrated into SASE, allows zero trust by design across the breadth of the organization. Arguably, without such a component, the purpose of SASE is defeated. With the threat landscape constantly offering more challenges that businesses must overcome, embedding zero trust at the heart of any SASE initiative – and vice versa – could be the difference be  the difference between withstanding the onslaught and succumbing to it. </p><h2 id="the-evolution-of-sase">The evolution of SASE</h2><p>The concept of SASE originates from a <a href="https://www.gartner.com/en/documents/3957375"><u>Gartner report</u></a> authored by analyst Frank Marsala, in which he argued that the enterprise perimeter could no longer be considered a physical location. Instead, Marsala said, it&apos;s a set of dynamic edge capabilities delivered from the cloud, as and when needed, as services. At the time, no single vendor offered the entire portfolio, but this has arguably changed five years on.</p><p>"SASE is a security model that provides secure access to applications and data in an organization," Raj Rajarajan, professor of security engineering at City St George&apos;s University of London, tells <em>ITPro</em>. "SASE incorporates many things such as firewall, network traffic monitoring, data loss prevention, cloud security broker, and many other services including providing access to assets. Hence it&apos;s an integrated security solution for cloud-based applications that is scalable and interoperable."</p><p>Now, the full SASE portfolio includes the secure web gateway (SWG), firewall as a service (FWaaS), cloud-access security broker (CASB), software-defined wide-area network (SD-WAN), and ZTNA, according to <a href="https://www.paloaltonetworks.co.uk/cyberpedia/what-is-sase"><u>Palo Alto Networks</u></a>.</p><p>With digital transformation increasing – as well as remote and hybrid working – more organizations have adopted SASE to develop an integrated security framework, says Rajarajan. This ensures any on-premises systems are integrated securely with remote systems and in the cloud. SASE also helps to avoid fragmentation of infrastructure.</p><p>"There is a lot of integration of SASE and zero trust today to address the next-generation security challenges from zero trust systems," he adds. "Many organizations find using SASE will provide a bird&apos;s eye view of the organizational assets, their interdependency, and hence can address any of the cascaded impacts in the unlikely event of a cyber-attack."</p><h2 id="the-rise-of-zero-trust">The rise of zero trust</h2><p>Although zero trust may seem like a recent concept, the ideas behind it stretch back 30 years to a <a href="https://scholar.google.co.uk/citations?view_op=view_citation&hl=en&user=Qz73wh4AAAAJ&citation_for_view=Qz73wh4AAAAJ:u5HHmVD_uO8C"><u>foundational computer science study</u></a> in 1994. Using these ideas, it was then <a href="https://web.archive.org/web/20210826012501/https://www.darkreading.com/perimeter/forrester-pushes-zero-trust-model-for-security"><u>coined as a term</u></a> in 2010 by then-senior Forrester analyst John Kindervag as a means to describe an antidote to the "broken" trust model in cyber security. However, it took at least another decade before his ideas would translate to rapid adoption among organizations across various industries. </p><p>"Although zero trust has been around since 2010, the increasing remote working and the penetration of IoT devices in the enterprises have made it more attractive as a solution to address any of the access control challenges," says Rajarajan. </p><p>"It does not trust any system and the users are continuously authenticated for privileged access to systems. That’s why it&apos;s called zero trust. It does not trust any edge device or systems or the cloud and the systems and users are continuously authenticated based on digital identity credentials, multi-factor authentication (MFA), or end-point security."</p><p>The rise of the cloud and SASE, in particular, has further demanded the integration of zero trust ideas into the foundation of a business&apos; network-based security. "In the current landscape of remote work, implicit trust has lost its former prominence, making way for the ascendancy of zero-trust security principles," wrote customer identity and access management (CIAM) expert, Caroline Johnson in a <a href="https://medium.com/@carolinejohnsonLA/security-evolved-how-sase-and-zero-trust-reshape-the-future-of-business-protection-0273c4558bec"><u>Medium post</u></a>. "Guided by tenets like “always-verify” and “least privilege,” zero trust redefines network security by providing comprehensive visibility across the entire network, whether situated in the cloud or conventional data centers."</p><h2 id="better-integrating-ztna-into-sase-xa0">Better integrating ZTNA into SASE </h2><p>Enterprises need to adopt zero trust privileged access management (PAM) within a comprehensive SASE framework to allow organizations to tailor the capabilities of a SASE model to the needs of privileged users, according to a <a href="https://cloudsecurityalliance.org/blog/2024/06/12/sase-and-zero-trust-pam-why-enterprises-need-both"><u>blog post published by the Cloud Security Alliance</u></a>. Zero trust PAM applies the principles of zero trust to managing and monitoring privileged access within an organization. Combining this with SASE means the network is secured for all users and the overall security posture is strengthened – reducing the risks linked with any insider threats or unauthorized access. </p><p>SASE can also be integrated in a much more effective way if it adopts the principles of zero trust. <a href="https://www.cloudflare.com/learning/access-management/what-is-sase/"><u>Cloudflare</u></a>, for example, highlights that SASE models that lean heavily on zero trust can safeguard an organization far better than if they didn&apos;t. When establishing access policies, zero trust-embedded SASE takes more than an entity&apos;s identity into account – also factoring in geolocation, device posture, enterprise security standards, and a continuous evaluation of risk.</p><p>"Zero trust can be useful in providing access control for authenticating any of the systems or cloud environments," explains Rajarajan, adding that zero trust is often a key sub-component of SASE solutions. "It&apos;s good to continuously authenticate the users and the edge devices as there are times at which you may have contractors working and they may no longer be eligible to access some of the corporate network assets. </p><p>"If you incorporate the zero trust security framework it&apos;s unlikely they can get access to all systems without providing the credentials. In addition, zero trust is based on identity and hence it&apos;s easy to increase the security levels using MFA combining device hardware features together with user identity features. This can stop any unauthorized access as device fingerprints are unique and many users may not have the knowledge to get access to this data."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Why siloed thinking could be undermining your zero trust strategy ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/why-siloed-thinking-could-be-undermining-your-zero-trust-strategy</link>
                                                                            <description>
                            <![CDATA[ Despite the majority of businesses now moving towards a zero trust strategy, a siloed view of security means many are unable to fully embrace everything the technology has to offer ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">pWb9ezPM4vPLMJhMj94F2G</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/SRBrHvHJLs4K7c6zPDPvVU-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 17 May 2024 09:39:07 +0000</pubDate>                                                                                                                                <updated>Fri, 17 May 2024 09:39:11 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ dale.walker@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/JpDGYSnD7yNNModq5jFThm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                    <sponsoredContent>true</sponsoredContent>
                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/SRBrHvHJLs4K7c6zPDPvVU-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Zero trust graphic to showcase how it interfaces with IoT]]></media:description>                                                            <media:text><![CDATA[Zero trust graphic to showcase how it interfaces with IoT]]></media:text>
                                <media:title type="plain"><![CDATA[Zero trust graphic to showcase how it interfaces with IoT]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/SRBrHvHJLs4K7c6zPDPvVU-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Zero trust is becoming synonymous with secure cloud transformation, and for good reason. IT leaders are increasingly finding that legacy security infrastructure cannot keep pace with the nature of modern business. There are new threats, new ways of working, and greater demand for simplified user experiences all pointing to the need for a dramatic rethink around the concept of trust. The sheer scale of the cyber security challenge means businesses can no longer afford to give end users the benefit of the doubt – trust needs to be earned.</p><p>Although legacy security infrastructure, such as VPNs and firewalls, do a good job of verifying identity initially, users are then trusted implicitly. Unfortunately, many businesses are all too familiar with the damage that implicitly trusting devices based on IP addresses or login credentials can create, rendering most security controls obsolete. This is something threat actors are becoming all too aware of.</p><p>Businesses are increasingly recognizing zero trust network access (ZTNA) as one of the most effective ways to achieve this rethink of trust. Zero trust effectively removes the element of trust across a network environment, with every connection request being considered a threat unless the user can prove they are trustworthy. Access is handled by granting resource permissions based on that verified identity, allowing the businesses to uphold the principle of least privilege without having to trust the user is who they say they are. This approach to security would otherwise be impractical with legacy technology, without imposing repeated identity checks on the end user and substantially degrading the user experience in the process. It’s no wonder then that the vast majority (90%) of IT leaders say they have either implemented or plan to implement zero trust network access within the next 12 months.</p><p>However, although awareness of the technology is high, the complexity associated with cloud transformation means many businesses are failing to fully realize the potential of ZTNA. </p><h2 id="viewing-security-through-a-different-lens">Viewing security through a different lens</h2><p>The fact remains that most businesses view ZTNA through the same lens as they do with most cyber security controls – that being to improve detection techniques and better protect sensitive data. This effectively silos zero trust to the IT and security departments, severely restricting its potential to transform operations more broadly.</p><p>According to <a href="https://info.zscaler.com/resources-industry-reports-state-of-zero-trust-transformation-2023"><u>Zscaler’s State of Zero Trust Transformation 2023 report</u></a>, the vast majority of businesses cited improving threat detection (63%) and securing third-party remote access (44%) as the reason for implementing ZTNA. Just 27% of businesses said they were implementing the technology to improve connectivity across their workforce, and only 24% said it was to reduce complexity and costs.</p><p>Data like this exposes the challenge that IT leaders face. Cyber security is no longer just about defending data against hackers but is now ingrained in the fabric of every business function. When fully utilized, approaches like zero trust provide a way for businesses to simplify their entire technology stack in a way that makes overall objectives more achievable. Security should, and absolutely can play a major role in reducing expenditure and creating efficiencies.</p><h2 id="immediate-cost-savings">Immediate cost savings</h2><p>Zero trust is a modern approach to cyber security and as such it significantly reduces a business’ attack surface and the associated risk of a cyber attack. This naturally reduces the risk of subsequent financial penalties or costs associated with recovery efforts.</p><p>However, there are far more tangible benefits to zero trust that will produce savings almost immediately – provided approaches are allowed to spread across the entire organization.</p><p>ZTNA is one of the most effective approaches for enabling an agile workforce. By reducing reliance on legacy security technologies at the perimeter, which typically place greater restrictions on devices and remote access, employees are given greater freedom to work from where they want to, and how they want to. This gives organizations the opportunity to exploit the cost savings and business agility that hybrid or remote workforces create, while also removing the security concerns that typically undermine such approaches.</p><h2 id="making-your-business-more-efficient">Making your business more efficient</h2><p>Another, less apparent, benefit of embracing zero trust as an organization rather than as a siloed IT project is the visibility that it creates.</p><p>For example, organizations that have successfully woven zero trust throughout their business can see an inventory of their entire application estate, providing a far clearer picture of where risk can be further addressed, or where processes can be optimized. This isn’t simply refined to security-related data, as rich contextual data can provide businesses ways to spot processing inefficiencies in legacy technology, or areas that could be ripe for innovation or automation.</p><h2 id="prioritize-user-experience">Prioritize user experience</h2><p>Perhaps the most noticeable benefit that a holistic zero trust approach creates is a streamlined user experience.</p><p>Business security has always represented a compromise between the need to keep data secure while also allowing users to engage with that data in a way that does not hamper their ability to work productively. The best security systems also tend to be the most difficult to interact with; multiple identity checks, exceptionally robust password rules, and time-limited access can all be incredibly frustrating for the end user.</p><p>Simply put, ZTNA allows businesses to prioritize user experience for the first time. It enables users to interact with protected systems without having to provide gargantuan passwords or verify their identity each time they return to the data. This is true regardless of how the user interacts with the resources they need. For example, providers such as Zscaler offer integrated solutions that fit every employee type, whether they are office-based or remote, offering the same seamless sign-in experience across a variety of platforms and devices</p><p>The seamless experience made possible with ZTNA ultimately reduces security fatigue, giving employees more time and flexibility to access the data they need without fuss. Security checks feel less intrusive, less frequent, and no longer a barrier to getting work done.</p><h2 id="zero-trust-requires-holistic-thinking">Zero trust requires holistic thinking</h2><p>Unfortunately, many businesses find it difficult to fully realize some of these benefits. By siloing this work to the IT department, the message is unable to permeate the board room.</p><p>It’s incumbent on IT leaders, particularly CIOs, to help show the full potential of zero trust in an organizational context; that the true goal of zero trust is simply to eliminate infrastructure complexity, wherever that may be. Based on Zscaler’s recent data, it is clear resistance to a holistic approach is common. However, whether it is reducing costs, shrinking admin work, or realigning hardware to better fit organizational objectives, every corner of an organization has the potential to thrive under a zero trust approach – not simply adapt to it.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ What is zero trust network access (ZTNA) and how can your business implement it? ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/what-is-zero-trust-network-access-ztna</link>
                                                                            <description>
                            <![CDATA[ ZTNA can help protect your business applications and data from cyber attacks ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">MLazTGLuUwWiUrWhnDEDi7</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/DkRdS8ftaRwNSgcWQZGZfP-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 20 Oct 2023 07:00:38 +0000</pubDate>                                                                                                                                <updated>Tue, 05 May 2026 15:19:54 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Kate O&#039;Flaherty ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/LUULv6n7VJ3BHPnaoLHHdg.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                        <dc:contributor><![CDATA[ Max Slater-Robins ]]></dc:contributor>
                                                                                                                                                                                    <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/DkRdS8ftaRwNSgcWQZGZfP-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A greyscale hand holding a magnifying glass up to a network of silhouettes on a blue background, with one magnified in the glass, to represent HR technology.]]></media:description>                                                            <media:text><![CDATA[A greyscale hand holding a magnifying glass up to a network of silhouettes on a blue background, with one magnified in the glass, to represent HR technology.]]></media:text>
                                <media:title type="plain"><![CDATA[A greyscale hand holding a magnifying glass up to a network of silhouettes on a blue background, with one magnified in the glass, to represent HR technology.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/DkRdS8ftaRwNSgcWQZGZfP-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust"><u>Zero trust</u></a> has become one of the most discussed cybersecurity strategies of recent years, reshaping how organisations of all sizes think about securing their networks and data. Zero trust network access (ZTNA) is one of the key technologies that brings this philosophy to life. </p><p>By applying granular, identity-driven controls to how users and devices connect with applications, ZTNA helps limit the reach of attackers, reduce the risks of credential compromise, and support increasingly distributed workforces.</p><p>Rather than relying on traditional perimeter defenses that implicitly trust anything inside the corporate firewall, ZTNA takes a zero trust approach that treats every user, device, and connection as potentially hostile until proven otherwise.</p><p>Unlike <a href="https://www.itpro.com/network-internet/virtual-private-network-vpn/367994/vpn-or-virtual-private-networks-what-businesses"><u>virtual private networks</u></a> (VPNs) – which typically grant broad network access once authenticated – ZTNA only permits access to specific resources, and makes these decisions based on continuous checks of who the user is, their device, and the context of their request.</p><p>To help you make sense of ZTNA, we’ll look at what it is in more depth and explore why it’s proving so useful for modern organisations. We’ll also consider the limitations you need to be aware of, and how to go about selecting and implementing the right tools.</p><h2 id="what-is-ztna-and-why-is-it-useful">What is ZTNA and why is it useful?</h2><p>In simple terms, <a href="https://www.zscaler.com/resources/security-terms-glossary/what-is-zero-trust-network-access"><u>zero trust network access</u></a> (ZTNA) is a security framework built on the principle that no user or device should be trusted by default, whether inside or outside the corporate network. </p><p>Unlike older models that assume anything behind the firewall is safe, ZTNA insists on verifying each access attempt, enforcing strict identity and context checks before permitting entry to specific applications or services. </p><p>Central to most ZTNA platforms is the concept of a software-defined perimeter (SDP). </p><p>Traditional networks often expose broad sections of infrastructure to anyone inside. An SDP, by contrast, makes applications effectively invisible to unauthorised users. These resources only become visible once a user has authenticated and is explicitly approved for access. </p><p>Traditional networks often expose broad sections of infrastructure to anyone inside. An SDP, by contrast, makes applications effectively invisible to unauthorized users. These resources only become visible once a user has authenticated and is explicitly approved for access. </p><p>This is possible because an SDP separates the control plane from the data plane. The control plane handles <a href="https://www.itpro.com/security/29982/what-is-two-factor-authentication"><u>user authentication</u></a>, authorization, and <a href="https://www.itpro.com/security/what-security-teams-need-to-know-about-the-nsas-new-zero-trust-guidelines"><u>policy enforcement</u></a>, while the data plane manages the actual traffic between a user’s device and the application.</p><p>ZTNA usually integrates tightly with identity providers (IdPs) and relies on <a href="https://www.itpro.com/security/single-sign-on-sso/361728/what-is-single-sign-on-sso"><u>single sign-on (SSO)</u></a> systems. Once a user authenticates via SSO – often through SAML or OAuth – their identity is continuously checked against policy rules.</p><p>Unlike VPNs, which grant wide-reaching network access after initial authentication, ZTNA establishes encrypted “micro-tunnels” on a per-application basis. Users connect only to the specific services they’re authorized for, meaning that even if credentials are compromised, attackers can’t easily roam across the network.</p><p>ZTNA also supports continuous trust assessment. Where VPNs typically verify users once at the start of a session, ZTNA platforms can keep evaluating trust signals in real time.</p><p>For most organizations, the appeal is clear: ZTNA cuts down the attack surface by hiding applications from unauthorised view and limits lateral movement by restricting each user to just what they need.</p><h2 id="what-are-the-limitations-of-ztna">What are the limitations of ZTNA?</h2><p>While ZTNA brings clear security advantages, it isn’t a complete solution on its own. In 2025, with so many potential threats for organisations of all sides, sadly nothing is perfect.</p><p>Most ZTNA tools primarily protect access at the application layer, so organizations still need to secure other areas such as endpoint devices, DNS queries, and email systems. Without layered defences, malware or <a href="https://www.itpro.com/security/29093/what-is-phishing"><u>phishing</u></a> attacks can still slip through.</p><p>ZTNA also relies heavily on your identity infrastructure. If your identity provider or <a href="https://www.itpro.com/security/single-sign-on-sso/361728/what-is-single-sign-on-sso"><u>SSO platform</u></a> experiences <a href="https://www.itpro.com/infrastructure/backup/the-majority-of-businesses-couldnt-survive-three-days-of-downtime"><u>downtime</u></a>, a <a href="https://www.itpro.com/security/data-breaches/26-million-cvs-were-exposed-when-a-recruiting-software-firm-left-a-misconfigured-azure-container-open-cybersecurity-experts-warn-its-an-easy-mistake-thats-becoming-far-too-common"><u>misconfiguration</u></a>, or some other issue, it can prevent users from accessing critical applications entirely.</p><p>Similarly, if credentials are compromised at the IdP level, attackers might still navigate through multiple applications despite ZTNA policies, underscoring the need for strong multi-factor authentication.</p><p>Another challenge is supporting legacy systems or protocols that aren’t web-based. Many older apps may not integrate neatly with ZTNA or modern identity frameworks, requiring additional gateways or reengineering to fit, much to the chagrin of your IT department.</p><p>ZTNA can also create user friction if posture checks or multi-factor requirements are too aggressive or poorly tuned. If legitimate users are frequently blocked or delayed, it can undermine productivity and fuel resistance to security initiatives.</p><h2 id="how-can-i-choose-the-best-ztna-tools">How can I choose the best ZTNA tools?</h2><p>Selecting the right ZTNA platform starts with ensuring it fits your organization’s identity strategy. </p><p>Look for solutions that integrate tightly with your existing identity providers and SSO platforms, whether that’s via SAML, OAuth, or OpenID Connect. Strong identity support underpins granular policies and smooth user experiences.</p><p>It’s also important to check how well the tool separates the control and data planes, a core principle of software-defined perimeter designs, to ensure that policy decisions and user authentication happen independently from the actual traffic flow.</p><p>Continuous risk assessment is another key factor. Leading ZTNA tools evaluate device health, location, and behavioural patterns in real time, adjusting access if something changes. This adaptive approach is far safer than static, one-time checks.</p><p>Finally, look for rich <a href="https://www.itpro.com/business-intelligence/28220/what-is-data-analytics"><u>analytics</u></a> and reporting. Detailed logs and dashboards make it easier to demonstrate compliance and spot unusual patterns. A mature ZTNA platform should do more than block access; it should give you visibility to continuously improve your security. </p><h2 id="how-can-your-organization-implement-ztna">How can your organization implement ZTNA? </h2><p>As with most IT work, rolling out ZTNA starts with careful planning. Map out which apps and user groups need protection, identifying who accesses what – and under which conditions – so you can build precise policies without blocking essential work.</p><p>Next, a strong identity foundation is essential. Since ZTNA relies on robust authentication, your identity provider and SSO platforms must be resilient and correctly configured. Combining these with multi-factor authentication (MFA) reduces the risks of credential theft.</p><p>Introducing ZTNA in phases also often works well, and piloting with higher-risk groups – like contractors or third-party partners – gives IT teams the chance to adjust posture checks, policies, and exception handling before scaling across the business.</p><p>Additionally, integrating endpoint compliance checks further strengthens security by ensuring only secure, patched devices can connect, preventing older or unmanaged machines becoming an easy entry point.</p><p>Clear communication with employees helps build trust and smooth adoption. </p><p>Explaining how continuous checks and MFA protect both users and data – while SSO simplifies day-to-day access – can ease concerns and keep productivity high. With the right planning and support, organizations can transition to ZTNA confidently, gaining tighter control over access without adding unnecessary friction.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Zero trust is a key building block to a cyber-conscious culture ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/zero-trust-is-a-key-building-block-to-a-cyber-conscious-culture</link>
                                                                            <description>
                            <![CDATA[ How to implement a cultural change across your network with the help of BT cyber security specialists ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">wAZXaFTCwiS5uwHDAguM4G</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/sDQaw4PFNke79XEvThgZaC-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 13 Oct 2023 07:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ dale.walker@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/JpDGYSnD7yNNModq5jFThm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                    <sponsoredContent>true</sponsoredContent>
                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/sDQaw4PFNke79XEvThgZaC-1280-80.jpg">
                                                            <media:credit><![CDATA[BT]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A businessman sitting on a sofa in an office building working on a laptop]]></media:description>                                                            <media:text><![CDATA[A businessman sitting on a sofa in an office building working on a laptop]]></media:text>
                                <media:title type="plain"><![CDATA[A businessman sitting on a sofa in an office building working on a laptop]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/sDQaw4PFNke79XEvThgZaC-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>When it comes to cyber security, building a wall around your business is no longer the best way to stay secure. With ever more devices accessing corporate data and a blurring of borders in what constitutes a network perimeter thanks to cloud computing, the potential access points for a malicious actor to enter and move around the corporate network have grown.</p><p>This is why the zero trust approach to security has become increasingly popular within the enterprise space. It’s a change of mindset as much as a technological one, where you assume that all application access is potentially dangerous to your business.  </p><p>In essence, you are asking more questions of those who access your data and where they are accessing it from. Why do they want to access particular applications and how are they connecting to them? Is this normal behavior for them, or someone in a similar role? They may be an employee, but that doesn’t mean they should have unfettered access to all the company’s data and applications just because they managed to log into the corporate network correctly. </p><p>Hence the principles of zero trust focus on devices, networks, and, yes, users. The human element can be intentional – in the form of a classic insider threat, such as a disgruntled employee – or accidental, through human error.</p><p>Misconfigured servers, crackable passwords, and unencrypted files; the ways in which business data can be leaked and breached are often internal errors. Simple mistakes can lead to major security incidents and possibly even financial penalties.</p><p>Much of this can be greatly reduced by implementing the more pragmatic approach of constantly monitoring systems and the people and devices who use them. </p><h2 id="leave-the-castle-and-moat-behind">Leave the castle and moat behind</h2><p>In traditional network security, it was outsiders who were treated with suspicion leaving insiders with virtually free access following an initial successful login. This is known as the ‘castle and moat’ model of network security; the castle is the network and the moat is the network’s perimeter which outsiders were not able to get across. </p><p>The problem now is that most companies keep their data in multiple locations, like cloud services, third-party servers, or on-premises data centers. This means a business is potentially vulnerable to attacks and data breaches from different locations. As such, the once reliable castle and moat model can’t hold up to this new reality.</p><p>Another area that has stretched the boundaries of the network is hybrid working. Not only do many organizations now have a more dispersed workforce, but they also have new members of staff onboarding remotely, executives and knowledge workers connecting from other countries, and third-party services potentially storing and transferring business data between geographical regions. Our attack surfaces have never been larger and it’s a clear contributor to the increasing reports of cyber attacks and data breaches that plague all types of business. </p><h2 id="never-trust-always-verify">Never trust, always verify</h2><p>Zero trust is a cyber security philosophy that has grown up in the face of these issues. It is a strategic approach to the implementation and design of IT systems based on the concept of ‘never trust, always verify’. In practice, it means that users and devices should not be trusted by default, regardless of whether they are connected to the organization&apos;s network or have already been verified previously. The reason for this is to make sure the person is who they say they are but also to verify the device they are using – the latter is key to maintaining security as the device is checked for compliance or whether it has any unauthorized software that could compromise the network. </p><p>This type of architecture works by establishing strong identity verification, validating the compliance of a device before granting access, and also ensuring least privilege access to only resources that have been explicitly authorized. If for example, you have an employee working from a public Wi-Fi, or a place they don’t usually work from, they may be subject to more verification than usual, or cut off from more sensitive parts of the network. </p><p>It’s as much a cultural change as it is any technology adoption and one that needs to be maintained long beyond implementation to keep up with changes in an organization’s IT estate or business strategy. New procedures will need to be developed to keep track of changing systems and workflows, stress testing new hardware and software, regular training for members of staff. Having plans and procedures in place to monitor and maintain zero trust, across the organization, can even offer a better understanding of its operation and highlight opportunities for improvement and growth. </p><p>Zero Trust architectures work by using a few basic principles, such as least-privilege access. This is where the bare minimum of access is granted to users, taking away the assumption of trust, even on your own staff, which could be abused by a malicious actor, whether internal or external. It also includes multi-factor authentication (MFA) where users are required to provide more than one form of identification to access their work devices and corporate accounts, providing additional evidence that they are who they claim to be. </p><p>How this is implemented will differ for each company as their size, operation, and budget will dictate which services they can use. For example, each device will need to be traced and managed with remote access software so that the right person gets the right access privileges. This can be a challenge for a small company that has data residing in multiple places and personnel spread across different locations. </p><p>All of these variables, the significant shift in how cyber security is thought of and implemented, and the need for constant monitoring and adaptation can make getting started with zero trust a daunting task. No matter how far an organization is on its zero trust journey, BT security advisory services can help plan and tailor their approach in line with their business needs. </p><p>This includes advisory services for cloud infrastructure, advice on shoring up security across the network, and best practices for protecting both users and data. BT also offers 24-hour online support with experienced technicians and an extensive portfolio of IT services. What’s more, its Managed Cloud Security service offers a single, central portal to manage policies, find access reports, and monitor the entire network.</p><p>BT also maintains its relationship with customers as part of its ongoing security journey and gives them access to leading cloud-based security providers, such as Zscaler and Cisco. This opens up a wealth of industry experience and even more services to help businesses stay on top of their security needs. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Zero trust is about more than security – it's the foundation for digital transformation ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/zero-trust-more-than-security-foundation-for-digital-transformation</link>
                                                                            <description>
                            <![CDATA[ Businesses are waking up to the potential of leveraging data insights for more than just network security ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">rAuRcozfdLFGXw6CFs2TEQ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/whPJc65oQLRkoJomfojyEd-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 12 Sep 2023 09:03:43 +0000</pubDate>                                                                                                                                <updated>Tue, 12 Sep 2023 12:33:41 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (Ross Kelly) ]]></author>                    <dc:creator><![CDATA[ Ross Kelly ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/Y5vrV2V98Np6jHAGmAtCd3.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/whPJc65oQLRkoJomfojyEd-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Several green locked padlocks surrounding one orange unlocked padlock]]></media:description>                                                            <media:text><![CDATA[Several green locked padlocks surrounding one orange unlocked padlock]]></media:text>
                                <media:title type="plain"><![CDATA[Several green locked padlocks surrounding one orange unlocked padlock]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/whPJc65oQLRkoJomfojyEd-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Zero trust has transcended from being a mere industry buzzword to becoming a key facet in organizational approaches to digital transformation, according to Nathan Howe, VP of emerging technologies at Zscaler. </p><div  class="fancy-box"><div class="fancy_box-title">READ MORE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="GjG7G9PWu8nsh3iPm6pGfL" name="GjG7G9PWu8nsh3iPm6pGfL.jpg" caption="" alt="Somebody typing at their computer with a digital padlock and other illustrations" src="https://cdn.mos.cms.futurecdn.net/GjG7G9PWu8nsh3iPm6pGfL.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Shutterstock)</span></figcaption></figure><p class="fancy-box__body-text"><em>Zero trust is the gold standard. but there are many common  pitfalls to avoid</em></p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/five-zero-trust-pitfalls-to-avoid"><strong>Why zero trust strategies fail</strong></a></p></div></div><p>Research from Zscaler shows that “most IT leaders already have a zero trust security strategy in place, or in planning”, yet fewer than one-quarter (22%) are confident of using it to its full potential. </p><p>This, the organization warns, shows that businesses need to “widen their lens” to unlock the full benefits of <a href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust"><u>zero trust</u></a>. </p><p>This security model now has far reaching applications, enabling firms to empower distributed workforces, tighten security, and provide vital insights into organizational efficiency</p><h2 id="unlocking-the-full-potential-of-zero-trust">Unlocking the full potential of zero trust</h2><p>Fundamentally, zero trust represents a paradigm shift away from <a href="https://www.itpro.com/security/27098/best-vpn-services#:~:text=F%2DSecure&apos;s%20Freedome%20managed%20to,%2C%20we&apos;d%20recommend%20NordVPN."><u>virtual private network (VPN)</u></a> and firewall-laden security practices, Howe says, which traditionally sees devices within an organization&apos;s network as being trustworthy. We’ve seen glaring issues in the long established ‘castle and moat’ approach in recent years, especially during the shift to remote and hybrid work practices with distributed workforces using devices in a range of locations. </p><div><blockquote><p>Zero trust is to not be anchored in any one place, it’s about enabling [IT] functions anywhere</p></blockquote></div><p>Meanwhile, the concept of zero trust centers firmly around the idea that no user can be trusted. Under this model, every user and device requires verification to access networks. </p><p>Visibility, in this context, is key for an organization implementing zero trust, enabling them to have full control over who accesses networks, and on which device they do so. </p><p>This model has been growing in popularity in recent years, with <a href="https://www.gartner.com/en/newsroom/press-releases/2023-01-23-gartner-predicts-10-percent-of-large-enterprises-will-have-a-mature-and-measurable-zero-trust-program-in-place-by-2026">Gartner research</a> showing it’s “top of mind for most organizations” and viewed as a key strategy to reduce cyber risk. By 2026, 10% of large enterprises will have what the consultancy describes as a “mature and measurable” zero trust program in place, up from less than 1% today. But enterprises, all too often, don’t fully understand the wide-reaching benefits, Howe says. </p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="8RdHY2CouvYwUAhJRnme55" name="Cyber resilient infrastructure for a Zero Trust world_thumb.png" caption="" alt="Digital image of a padlock within a circle" src="https://cdn.mos.cms.futurecdn.net/8RdHY2CouvYwUAhJRnme55.png" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Dell)</span></figcaption></figure><p class="fancy-box__body-text"><strong>PowerEdge - Cyber resilient infrastructure for a Zero Trust world</strong></p><p class="fancy-box__body-text"><em>Learn how to build your own zero trust architecture and discover the recommended tools that will help you get there.</em></p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-security/370028/poweredge-cyber-resilient-infrastructure-for-a-zero-trust-world">DOWNLOAD FOR FREE</a></p></div></div><p>“I think if a company can get to the point of understanding what zero trust is, then there are huge advantages,” he tells ITPro. “The advantage becomes extremely apparent in terms of no longer needing to think about what we can do in a networked world. I can do it anywhere.</p><p>“Zero trust is to not be anchored in any one place, it’s about enabling [IT] functions anywhere.” </p><h2 id="visibility-across-the-enterprise-is-key-xa0">Visibility across the enterprise is key </h2><p>If implemented correctly, Howe says zero trust offers marked benefits to organizational visibility, and not just in a security context. </p><p>With many companies operating <a href="https://www.itpro.com/business/the-future-of-business/hybrid-work-means-were-burning-out-harder-and-faster-than-ever"><u>hybrid work practices</u></a>, there’s scope for IT teams to maintain a solid grasp of network activity while delivering broader operational flexibility.</p><div  class="fancy-box"><div class="fancy_box-title">READ MORE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="A2cHvZYaUhEGxJfkLo5CGG" name="A2cHvZYaUhEGxJfkLo5CGG.jpg" caption="" alt="A woman working on the edge of a cliff overlooking a beautiful lake" src="https://cdn.mos.cms.futurecdn.net/A2cHvZYaUhEGxJfkLo5CGG.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty)</span></figcaption></figure><p class="fancy-box__body-text"><em>From pub-working to lockdown drills, these businesses are pushing hybrid work arrangements to the limit</em></p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/business-strategy/flexible-working/369741/pushing-hybrid-work-to-new-extremes"><strong>The organisations pushing hybrid work to new extremes</strong></a></p></div></div><p>The model also offers a “competitive advantage in the hiring cycle” for firms embracing zero trust due to the ability to maintain flexible, distributed workforces.</p><p>“There is the flexibility to be anywhere, and knowing that the work you do will be protected, secure, and ensure that you’re doing the right thing,” he says. “Because the information and insights zero trust provides is so granular, we’re able to apply controls and ensure that staff aren’t downloading bad things or files because you’ve got controls in place.” </p><p>Howe notes the network visibility afforded to organizations through zero trust allows them to “start making decisions about how to engage with employees based on where they are”. </p><p>In a hybrid work environment, for home-based staff, IT teams can monitor traffic and gain vital insights on risk tolerance. They know remote workers are secure, and can carry out their duties without added risks. For those in the office, the insights gained through working trends can deliver broader benefits in terms of basic office utilities, working practices, and even insights that deliver <a href="https://www.itpro.com/energy-efficiency/30858/how-to-slash-your-business-energy-bill"><u>energy efficiency improvements</u></a>. </p><div  class="fancy-box"><div class="fancy_box-title">WORKFORCE FLEXIBILITY</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="sWPtbStQvjeMkmv6hKmo5Z" name="GettyImages-1451754709.jpg" caption="" alt="An array of colourful piggy banks laid out in a grid" src="https://cdn.mos.cms.futurecdn.net/sWPtbStQvjeMkmv6hKmo5Z.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p class="fancy-box__body-text"><em>Howe points to a banking customer that used network activity insights to reach out to customers more directly. The firm realized it doesn’t need branches and, instead, could bring employees to cusotomers directly to meet and interact with them. “I can go to them and it changes the dynamics of the business." </em></p><p class="fancy-box__body-text"><em>“So zero trust is not just a standard technological shift. But when a company properly looks at the benefits of those things, and what it actually enables, there are opportunities to rethink their own delivery of business as well.”</em></p></div></div><p>“You can start taking this information and granularity and apply it to the locations where you have offices. You can see how many people are on that site at any time accessing Salesforce, for example,” he explains.</p><p>“That insight gives you the ability to start making other business-related decisions, such as when you turn the power on or off, and other auxiliary aspects of the business because you see when people are there, you know they’re working. That granularity in zero trust has huge knock on effects, that we&apos;re only just scratching the surface on as an industry.”</p><p>At present, Howe says scores of businesses are “starting to think” about how zero trust can be applied more broadly and enable them to “be smarter” about how they distribute their workforces, glean insights into working patterns and productivity, and design office spaces. </p><h2 id="exploiting-emerging-opportunities">Exploiting emerging opportunities</h2><p><a href="https://www.itpro.com/technology/artificial-intelligence-ai/369959/what-is-generative-ai"><u>Generative AI</u></a> has, for the best part of a year now, been the talk of the town across the global technology landscape. Looking ahead, Howe says the emergence of <a href="https://www.itpro.com/technology/artificial-intelligence/amazing-ai-tools-to-try-today"><u>generative AI tools</u></a> should be a cause for excitement in the zero trust space. This topic was a hotly-discussed topic at the firm’s <a href="https://www.itpro.com/security/zscaler-plots-a-course-for-zero-trust-leader-ahead-of-zenith-live-conference"><u>Zenith Live conference in Berlin</u></a> in late June, with the technology’s applications being touted as a potential game changer for zero trust. </p><iframe width="100%" height="200px" frameborder="0" data-lazy-priority="high" data-lazy-src="https://widget.spreaker.com/player?episode_id=52362789&theme=light&playlist=false&playlist-continuous=false&chapters-image=true&episode_image_position=right&hide-logo=false&hide-likes=true&hide-comments=true&hide-sharing=true&hide-download=true"></iframe><div  class="fancy-box"><div class="fancy_box-title">READ MORE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="myGdxg8RqacENNEDv362vM" name="GettyImages-1347146698.jpg" caption="" alt="An abstract illustration of a profile of a human face on a red and black starry cosmic background" src="https://cdn.mos.cms.futurecdn.net/myGdxg8RqacENNEDv362vM.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty)</span></figcaption></figure><p class="fancy-box__body-text"><em>Want to put AI to practical use today? We’ve rounded up some top business tools from image generation to summarizing documents</em></p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence/amazing-ai-tools-to-try-today"><strong>11 amazing AI tools your business should try today</strong></a></p></div></div><p>The sheer volume of data that passes through Zscaler’s security cloud every day – roughly 300 billion requests – means generative AI tools could play a key role in gleaning value from large quantities of data. In the long term, while this applied to security practices, there could be scope for closer integration of automated tools to further support <a href="https://www.itpro.com/strategy/28047/what-is-digital-transformation"><u>digital transformation</u></a>.</p><p>“I think we&apos;re at the tipping point where it&apos;s about to get really exciting with what we can do beyond just a normal enrichment platform,” Howe says. “Like, how can we help find more additional threats, have more refined authorizations, those sorts of things."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Implementing zero trust with the Internet of Things (IoT) ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/implementing-zero-trust-with-the-internet-of-things-iot</link>
                                                                            <description>
                            <![CDATA[ Continuous focus on organizational security is a necessary part of modern life, but are you giving your IoT devices enough attention? ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">BQCbK2Nzodyk7czYKHJRQ3</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/SRBrHvHJLs4K7c6zPDPvVU-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 21 Jul 2023 07:00:34 +0000</pubDate>                                                                                                                                <updated>Tue, 22 Aug 2023 09:15:11 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sandra Vogel ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/SRBrHvHJLs4K7c6zPDPvVU-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Zero trust graphic to showcase how it interfaces with IoT]]></media:description>                                                            <media:text><![CDATA[Zero trust graphic to showcase how it interfaces with IoT]]></media:text>
                                <media:title type="plain"><![CDATA[Zero trust graphic to showcase how it interfaces with IoT]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/SRBrHvHJLs4K7c6zPDPvVU-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Taking a <a href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust"><u>zero-trust approach</u></a> to security is pretty much the standard by which organizations are measured these days. It means no user can be on the network without being authenticated and continuously validated. </p><p>We think of users as people. But users can also be things. And these internet-facing things – <a href="https://www.itpro.com/cloud-computing/28037/what-is-iot"><u>Internet of Things (IoT)</u></a> devices – can be as much of a <a href="https://www.itpro.com/security/28133/what-is-cyber-security"><u>cyber security</u></a> issue as people. Actually, they can be more of a security issue. </p><h2 id="the-dangers-of-enterprise-iot">The dangers of enterprise IoT</h2><p>Organizations rely on IoT devices to help them keep operational on a day-to-day basis. There are plenty of devices that keep a business running including security cameras, printers, smart TVs, conference room equipment, kitchen equipment, and environmental sensors. These might include thermostats, smoke detectors, and ventilation systems alongside smart locks and room entry management systems. </p><div  class="fancy-box"><div class="fancy_box-title">READ MORE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="WNXcYNnPxnyVLA3cdByw5h" name="WNXcYNnPxnyVLA3cdByw5h.jpg" caption="" alt="Image of small robots connected to represent a botnet" src="https://cdn.mos.cms.futurecdn.net/WNXcYNnPxnyVLA3cdByw5h.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Shutterstock)</span></figcaption></figure><p class="fancy-box__body-text">The UK&apos;s IoT proposals are riddled with &apos;astonishing&apos; gaps</p></div></div><p>All of these use software to complete tasks and share data with other devices, inside or outside the network. Their communication is typically automated, machine to machine, and doesn’t involve a human. It may never be monitored in any way that’s meaningful in a security-conscious sense.</p><p>Normally, we’d consider many of these devices as the domain of the facilities team rather than the IT team, and outside the scope of the enterprise network that needs protecting. It’s one of the many considerations when it comes to assessing <a href="https://www.itpro.com/network-internet/internet-of-things-iot/357758/why-is-iot-security-still-such-a-problem">IoT security risks</a>.</p><p>“Consider older facilities,” says Abel Archundia, managing director, of global advisory and life sciences at ISTARI. “They may create or manage <a href="https://www.itpro.com/security/32397/four-ways-to-secure-sensitive-data">sensitive data</a> yet likely have air conditioning units or cameras installed years ago in the same network. And most of these systems have no protocol to upgrade operating systems in IoT devices. The worst thing is that they’re not very complex or hard to crack.”</p><p>Each of the devices attached to an organization’s network presents a danger, John Linford, Security & OTTF Forum Director at the Open Group explains.</p><p>“Devices inevitably have vulnerabilities through their connection to a network,” he tells ITPro. “With the growing use of IoT devices, a business’s attack surface expands as attacks can originate from the channels that connect IoT devices.”</p><h2 id="poor-security-from-the-outset">Poor security from the outset</h2><p>It’s a key problem that poor security is a feature of many of these IoT devices right from the outset – and they don’t have to be particularly old to feature poor security. Right out of the box, they can come with default <a href="https://www.itpro.com/security/cyber-security/354918/four-quick-tips-to-create-an-unbreakable-password"><u>passwords</u></a> that aren’t changed on installation, and can have a poor level of commitment to firmware updating and patching. They either lack a regular schedule, a commitment to patch whenever a fault is found or have a short period of support before dropping out of the support regime completely.</p><p>“[An IoT device can] lack support for modern, secure controls like <a href="https://www.itpro.com/security/29982/what-is-two-factor-authentication"><u>two-factor authentication (2FA)</u></a>, and logging and monitoring of device access and network traffic,” Matt Lewis, commercial research director at NCC Group, tells <em>ITPro</em>. </p><p>“They often lack an interface – such as a screen to provide notifications about possible new software updates. And they are regularly overlooked as they appear as black boxes performing a function and are presumed to be fine if operational.</p><p>“For many IoT devices, updating their firmware can require physical access, which can be difficult for say IP cameras mounted high on fences or gates.”</p><h2 id="why-you-can-x2019-t-trust-any-iot-device">Why you can’t trust any IoT device</h2><p>There’s a strongly held view that it simply isn’t possible to trust any IoT device, even if it’s equipped with automatic security updating. “As a former <a href="https://www.itpro.com/strategy/28223/cio-job-description-what-does-a-cio-do"><u>CIO</u></a>, my guidance is that preparation is the best defense,” Archundia tells <em>ITPro</em>. </p><p>IoT devices are often just too much of a risk; they’re too much of a soft entry point into the organization to overlook them. It’s best to assume each device is a hole in an enterprise’s defenses. Perhaps each device won’t be a hole at all times, but some may be for at least some of the times. So long as the hole isn’t plugged, it can be found and exploited. </p><div  class="fancy-box"><div class="fancy_box-title">READ MORE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="8RdHY2CouvYwUAhJRnme55" name="Cyber resilient infrastructure for a Zero Trust world_thumb.png" caption="" alt="Digital image of a padlock within a circle" src="https://cdn.mos.cms.futurecdn.net/8RdHY2CouvYwUAhJRnme55.png" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Dell)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/five-zero-trust-pitfalls-to-avoid">Why zero trust strategies fail</a></p></div></div><p>That’s actually fine in a zero trust environment, because it assumes every single act, by a human or a device, could be malicious. The system, therefore, monitors and checks everything on the basis that a successful attack is always a possibility.</p><p>Linford adds it’s possible to limit the scope of an attack administered through IoT in a zero trust environment. “Because zero trust focuses on continuously verifying and placing security as close to each asset as possible, a cyber attack need not have far-reaching consequences in the organization,” he says. “By relying on techniques such as secured zones, the organization can effectively limit the blast radius of an attack, ensuring that a successful attack will have limited benefits for the threat agent.”</p><p>Still, the devices themselves merit plenty of attention on an individual basis. Lewis advocates a robust asset management process in which organizations take steps to track every single asset as much as possible. “[This includes] subscribing to notifications from all of their tech vendors about any new software updates, and ensuring a documented process is followed to install any updates or security fixes in a timely manner. This should all be done as a periodic routine, rather than say a once a year activity”.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Cloudflare expands zero trust controls to protect against generative AI data leaks ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/technology/artificial-intelligence/cloudflare-expands-zero-trust-controls-to-protect-against-generative-ai-data-leaks</link>
                                                                            <description>
                            <![CDATA[ Cloudflare One now offers organizations better protections against sending sensitive data to large AI firms ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">q3rxKPonfE2dMFUvKHoUL7</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/TkSFWgqLeDQs4tz4hNd9Gm-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 16 May 2023 11:16:33 +0000</pubDate>                                                                                                                                <updated>Wed, 17 May 2023 12:49:24 +0000</updated>
                                                                                                                                            <category><![CDATA[Artificial Intelligence]]></category>
                                                    <category><![CDATA[Technology]]></category>
                                                                                                                    <dc:creator><![CDATA[ Daniel Todd ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/SRyC34qeLpNDj3dJtsVDhT.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/TkSFWgqLeDQs4tz4hNd9Gm-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Cloudflare logo appearing on a smartphone against a Cloudflare-orange background]]></media:description>                                                            <media:text><![CDATA[Cloudflare logo appearing on a smartphone against a Cloudflare-orange background]]></media:text>
                                <media:title type="plain"><![CDATA[Cloudflare logo appearing on a smartphone against a Cloudflare-orange background]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/TkSFWgqLeDQs4tz4hNd9Gm-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Cloudflare has unveiled its new Cloudflare One for AI suite of zero trust security controls, designed to help businesses leverage the latest generative AI tools without endangering intellectual property or customer data.</p><p>The provider said the additions aim to provide organizations with a “simple, fast, and secure way” to use the latest generative AI technologies without compromising security or performance. </p><p>The offering serves up features that provide visibility and measurement of AI tool usage, as well as data loss prevention and integration management. </p><p>Among these, Cloudflare Gateway is designed to help companies observe how many employees are experimenting with AI services and delivers context for budget planning and enterprise licensing. </p><p>Service tokens provide administrators with a clear log of API requests and control over the specific services that can access AI training data. </p><p>That includes the ability to revoke tokens with a single click when building ChatGPT plugins for both internal and external use.</p><p>Cloudflare Tunnel also offers an <a href="https://www.itpro.com/security/innovation-at-work/24460/what-is-data-encryption"><u>encrypted</u></a>, outbound-only connection to Cloudflare’s network, while the suite’s data loss prevention (DLP) service provides a safeguard to close the human gap in how employees may share data, the firm says.</p><p>Additionally, the cloud access security broker (CASB) service adds visibility and control over <a href="https://www.itpro.com/cloud/software-as-a-service-saas/362655/what-is-saas"><u>SaaS</u></a> apps and will soon be able to scan the AI tools that teams use to detect misconfiguration and misuse.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="RfAiAkrDXc8qPQ3veqTxrM" name="The board's evolving perceptions of cyber risk_listing.jpg" caption="" alt="Whitepaper cover with black and white image of man's face wearing glasses and with beard on the right side" src="https://cdn.mos.cms.futurecdn.net/RfAiAkrDXc8qPQ3veqTxrM.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mimecast)</span></figcaption></figure><p class="fancy-box__body-text"><strong>The board&apos;s evolving perceptions of cyber risk</strong></p><p class="fancy-box__body-text"><em>Cybersecurity has entered the boardroom</em></p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/the-boards-evolving-perceptions-of-cyber-risk"><strong>DOWNLOAD FOR FREE</strong></a></p></div></div><p>In an announcement, Matthew Prince, co-founder and CEO at Cloudflare, said that AI, despite its promise, can create “significant risks for businesses” without the proper guardrails in place.</p><p>"It is far too easy, by default, to upload sensitive internal or customer data to AI tools,” he said. “Once the data is used for training <a href="https://www.itpro.com/strategy/28181/what-is-ai"><u>AI</u></a>, it is virtually impossible to get it out.</p><p>"If you were going to let a class of university students rummage around in your internal data, you&apos;d of course put clear rules in place on what data they can access and how it can be used in their education.”</p><p>The safety of generative AI has been called into question repeatedly since it took off in late 2022.</p><p>Several major companies have already <a href="https://www.itpro.com/technology/artificial-intelligence-ai/369785/offensive-security-bans-chatgpt-from-cyber-certification-exams"><u>banned the use of popular AI chat apps</u></a> due to sensitive data leaks, with <a href="https://www.itpro.com/business/policy-legislation/370377/italys-chatgpt-ban-branded-an-overreaction-by-experts"><u>Italy even issuing a temporary ban on generative AI tools</u></a> for having inadequate user data protections.</p><p>According to a survey conducted by professional services network KPMG, the majority of US executives are currently “years away” from implementing AI, with cyber security (81%) and data privacy (78%) the biggest concerns. </p><p>However, as <a href="https://www.itpro.com/technology/artificial-intelligence-ai/369959/what-is-generative-ai">generative AI</a> evolves and new tools and plugins are developed, Cloudflare said its approach to security will enable organizations to embrace the technology without creating bottlenecks, as well as ensure compliance with the latest regulations.</p><p>“Cloudflare&apos;s <a href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust">zero trust</a> products are the first to provide the guard rails for AI tools, so businesses can take advantage of the opportunity AI unlocks while ensuring only the data you want to expose gets shared," Prince added.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Why zero trust strategies fail ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/five-zero-trust-pitfalls-to-avoid</link>
                                                                            <description>
                            <![CDATA[ Zero Trust is the gold standard for organizations in protecting systems from cyber attacks, but there are many common implementation pitfalls businesses must avoid ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">BL5vEydYUKbCiZEKFHDJZi</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/D6ZFS3xgHqChAfbizUojYN-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 05 May 2023 07:00:24 +0000</pubDate>                                                                                                                                <updated>Fri, 05 May 2023 08:44:39 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Sandra Vogel ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/D6ZFS3xgHqChAfbizUojYN-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A shot of a woman sat at her desk in a dimly lit office, with her eyes closed and a stressed expression on her face, her hands raised to massage her temples. In the foreground, blue code is rising to either side of the frame to indicate complexity in the task that her unseen screen is showing]]></media:description>                                                            <media:text><![CDATA[A shot of a woman sat at her desk in a dimly lit office, with her eyes closed and a stressed expression on her face, her hands raised to massage her temples. In the foreground, blue code is rising to either side of the frame to indicate complexity in the task that her unseen screen is showing]]></media:text>
                                <media:title type="plain"><![CDATA[A shot of a woman sat at her desk in a dimly lit office, with her eyes closed and a stressed expression on her face, her hands raised to massage her temples. In the foreground, blue code is rising to either side of the frame to indicate complexity in the task that her unseen screen is showing]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/D6ZFS3xgHqChAfbizUojYN-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Zero trust strategies are one in which nothing and nobody can use an organization’s digital resources without being verified. This isn’t just about verification upon entry into the system, but also when individuals are moving around within the system.</p><p>Such a strict regime is required because a cyber criminal or an automated agent might breach a system and move about freely within it if, once inside, there were no verification checks. <a href="https://www.itpro.co.uk/security/network-security/358282/what-is-zero-trust"><u>Zero trust</u></a> has, therefore, become a gold standard for <a href="https://www.itpro.com/security/28133/what-is-cyber-security"><u>cyber security</u></a> in today’s enterprise landscape. </p><div  class="fancy-box"><div class="fancy_box-title">More on zero trust</div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust">What is zero trust?</a></p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/361919/how-to-build-a-zero-trust-model">How to build a zero trust model</a></p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/366925/four-key-benefits-zero-trust-can-bring-to-your-channel-firm">Four key benefits zero trust can bring to your channel firm</a></p></div></div><p>Implementing zero trust requires a root and branch examination of the entire technology estate. The organization needs to identify its vulnerabilities, both technological and human, and figure out <a href="https://www.itpro.co.uk/security/cyber-security/368543/six-cyber-security-holes-you-need-to-plug-now"><u>how to best plug the holes</u></a>. This should be done in the context of minimal disruption to everyday workload, and an understanding that zero trust is not a one-time fix but an evolving idea. </p><p>Implementing such a regime, however, isn’t without its potential pitfalls and pain points. It’s a time-consuming and complex process that requires input from many roles across the organization, as well as external expertise. </p><h2 id="1-failing-to-look-beyond-the-corporate-network">1. Failing to look beyond the corporate network</h2><p>When hybrid working is the norm, people will be using all manner of locations to work including their homes and public networks. Everything is part of the <a href="https://www.itpro.co.uk/security/cyber-security/369983/what-is-attack-surface-management"><u>attack surface</u></a> and the organization should trust nothing. Every endpoint is a potential vulnerability. </p><p>This also, by the way, includes devices that might sit outside the network such as printers, security cameras, and other <a href="https://www.itpro.co.uk/cloud-computing/28037/what-is-iot"><u>Internet of Things (IoT)</u></a> devices.</p><p>A thorough audit of devices will be required before work begins, with a strategy in place to protect each device and to ensure that each device is updated as regularly as needed. </p><h2 id="2-implementing-zero-trust-too-quickly">2. Implementing zero trust too quickly</h2><p>Implementing a Zero Trust approach might require significant changes to technologies and also to how people go about their daily business. Go too fast and it’s easy for mistakes to happen. Single devices or applications might slip through the net of compliance assurance at the time of implementation or later. Security hygiene – ensuring that <a href="https://www.itpro.co.uk/security/27713/the-importance-and-benefits-of-effective-patch-management"><u>all hardware and software is up to date and patched</u></a> – is a central aspect of zero trust.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.co.uk/security/27713/the-importance-and-benefits-of-effective-patch-management">Patch management vs vulnerability management</a></p></div></div><p>Ensuring every piece of hardware and software is known and its security can be optimized at all times takes time. It is important to allocate enough time to managing everything from the outset, and to develop processes for ensuring existing and new acquisitions are accommodated going forward. </p><h2 id="3-ignoring-the-principles-of-least-privileged-access">3. Ignoring the principles of least privileged access</h2><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="FRD22ayLuvtE64VjirP8YB" name="Why_Customer_Identity-thumb.png" caption="" alt="Whitepaper cover with image of multi generation colleagues smiling together at table" src="https://cdn.mos.cms.futurecdn.net/FRD22ayLuvtE64VjirP8YB.png" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Okta)</span></figcaption></figure><p class="fancy-box__body-text"><strong>Businesses at work</strong></p><p class="fancy-box__body-text"><em>Discussing the most popular apps and top performing apps of 2022, and the rise of Zero Trust security</em></p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/business-strategy/collaboration/368250/businesses-at-work"><strong>DOWNLOAD FOR FREE</strong></a></p></div></div><p>Least privileged access refers to the policy of ensuring users only have the bare minimum permission level to do what they need to do. It’s designed to keep access to resources tightly controlled and prevent the kind of sprawling access through systems that can be most helpful to bad actors. </p><p>However, it can be difficult to implement, particularly in the case of <a href="https://www.itpro.co.uk/cloud/34476/what-is-multi-cloud"><u>multi-cloud environments</u></a> in which data and apps are hosted with different providers, each with different policies and security protocols. In the end, budget, available time, and sheer workload can mean in-house teams assign wider privileges than necessary.</p><p>Using a class of software called entitlement management, or cloud infrastructure entitlement management, access to a multitude of software, systems, devices, and cloud platforms can be managed centrally. </p><h2 id="4-failing-to-focus-on-users">4. Failing to focus on users</h2><p>An organization’s employees are not the only stakeholders it’ll have to work with. There may also be contractors, suppliers, purchasers, delivery partners, and others. Presenting users with new protocols, hoops to jump through, and processes – without understanding whether these are seen as barriers – can cause resentment and foster non-compliance strategies. Users who work around security protocols are users who create risk. </p><p>High-quality user education on how to achieve compliance with security protocols is only part of the solution. People must also understand why certain behaviors are required, and be comfortable with any required actions or approaches. <a href="https://www.itpro.co.uk/security/cyber-security/370285/can-we-ever-achieve-cyber-security-buy-in"><u>Creating a ‘culture of security’ across the organization</u></a> takes time, effort, and leadership – from chief officers, senior managers, and line managers. </p><h2 id="5-assuming-zero-trust-is-bought-into-by-default">5. Assuming zero trust is bought into by default</h2><p>Every organization is different. Its technology setup will be unique. How people use technology will vary too. Where its people work will vary too, including in-office, remote or hybrid, one city, with national offices, or multinational. The variables are many and complex. While certain principles and approaches apply to zero trust, their implementation in any one organization will be unique. Simply going to a vendor and expecting them to do everything without any input is a fallacy.  </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.co.uk/security/cyber-security/368543/six-cyber-security-holes-you-need-to-plug-now">Six cyber security holes you need to plug now</a></p></div></div><p>Organizations need to commit their own staff resource to work alongside vendors and understand that the implementation of zero trust will take time. This is and will continue to be an ongoing process.</p><p>With cyber attacks showing no signs of slowing down, and with organizations of all sizes and in all markets potentially vulnerable, securing data and networks is paramount. It’s no longer adequate to take a piecemeal approach to this challenge. A zero trust approach can help an organization implement a risk-based strategy toward data security. It isn’t without pitfalls, and organizations should be alive to these, and willing to commit the time and energy required to work them through. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ GoTo Resolve Basic review: An SMB-friendly remote support service  ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/software/369183/goto-resolve-basic-review-an-smb-friendly-remote-support-service</link>
                                                                            <description>
                            <![CDATA[ This good-value hosted remote support service is ideal for SMBs that demand zero-trust access security ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">v7mg8rRvNjm8xKmZ5qquNh</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/VmtYcRM8hod3mLRQzFmuA9-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 27 Sep 2022 14:11:41 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:57:13 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/VmtYcRM8hod3mLRQzFmuA9-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Screen grab of the GoTo Resolve software]]></media:description>                                                            <media:text><![CDATA[Screen grab of the GoTo Resolve software]]></media:text>
                                <media:title type="plain"><![CDATA[Screen grab of the GoTo Resolve software]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/VmtYcRM8hod3mLRQzFmuA9-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>GoTo Resolve is a cloud-hosted remote support solution with security at the top of its agenda. Designed to ensure that access to unattended computers is locked down tight, it requires technicians or agents to enter a personal signature key before a session is permitted.</p><p>Key creation is a one-time affair that happens the first time a technician accesses their personal Resolve web portal and attempts to download the unattended apps. Create a key that is at least eight characters long and don't forget it; GoTo makes it clear that for extra security, it doesn't store keys in the cloud and is unable to recover them.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/marketing-comms/unified-communications-uc/367351/goto-appoints-michael-day-as-its-new-channel-chief" data-original-url="/marketing-comms/unified-communications-uc/367351/goto-appoints-michael-day-as-its-new-channel-chief">GoTo appoints Michael Day as its new channel chief</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/laptop-security/368952/how-we-test-security-software" data-original-url="/security/laptop-security/368952/how-we-test-security-software">How we test security software</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/marketing-comms/unified-communications-uc/365951/logmein-announces-goto-brand-for-unified" data-original-url="/marketing-comms/unified-communications-uc/365951/logmein-announces-goto-brand-for-unified">LogMeIn announces GoTo brand for unified communications</a></p></div></div><p>Resolve handles unattended access for Windows devices differently to most other remote support solutions. Instead of installing a custom app on the remote device, it loads a background service linked to the technician's key. We had no problems installing the unattended macOS app on our <a href="https://www.itpro.com/hardware/laptops/358203/apple-macbook-pro-13in-apple-m1-2020-review" target="_blank" data-original-url="https://www.itpro.com/hardware/laptops/358203/apple-macbook-pro-13in-apple-m1-2020-review">MacBooks</a>, and Resolve also offers an app for <a href="https://www.itpro.com/mobile/20522/best-android-smartphones" target="_blank" data-original-url="https://www.itpro.com/mobile/20522/best-android-smartphones">Android mobiles</a>.</p><p>Once we'd installed the <a href="https://www.itpro.com/operating-systems/microsoft-windows/356055/how-to-run-windows-on-a-mac" target="_blank" data-original-url="https://www.itpro.com/operating-systems/microsoft-windows/356055/how-to-run-windows-on-a-mac">Windows service and macOS app</a> on our endpoints, they appeared in the portal's Devices view ready for instant access. Clicking on one takes you to an informative status screen with details of the CPU and memory as well as OS and BIOS versions, but the standout feature for us is the real-time graph below showing CPU, memory and network interface utilisation.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="CjY9sGUZ5bQiipKwLKExMR" name="" alt="A screen shot of the GoTo Resolve interface" src="https://cdn.mos.cms.futurecdn.net/CjY9sGUZ5bQiipKwLKExMR.jpg" mos="https://cdn.mos.cms.futurecdn.net/CjY9sGUZ5bQiipKwLKExMR.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Buttons at the top provide links to a terminal session, file manager or remote control and, in all cases, you're required to enter your personal signature key to access them. Once remote control has started, the session is accessed from the portal's Support tab, which presents the device's screen in a central window with an interaction panel to the right for chat, file browsing and making notes. </p><p>An upper toolbar offers quick access to various functions such as clipboard syncing, sending files, screen sharing and rebooting the device where the service will reconnect when the system is back up. A useful feature is that sessions to multiple systems can be opened simultaneously, and you can swap between them from the sidebar. </p><p>Resolve isn't just about unattended access; it also provides plenty of on-demand remote support features. Technicians access every feature from their personal web portal and can start instant remote support or basic screen-viewing sessions with consummate ease.</p><p>This loads an in-portal page with a nine-digit access code, along with options to copy the web link and send the invitation via SMS or email. Users are presented with personal details of the technician for added reassurance and asked to permit the request, after which the Resolve runtime app is loaded, the session starts and the technician sees the same screen and toolbar as used for unattended access.</p><p>Camera sharing costs £23 per month for each agent and is just as easy to use. The same remote support process is used to create a session, but this time the user goes to a different web link to enter their code and the technician then receives a camera view in their support portal with facilities to freeze and annotate the view and have a chat.</p><p>Mobile support is also optional, with a monthly fee of £15 per agent. We tested this on an iPad using the Resolve technician app to provide remote support and the client app for screen broadcasting to technicians. </p><p>GoTo Resolve is a well-rounded remote support solution that's ideally suited to SMBs that want the tightest access security. There's a lot more on the horizon, too, as GoTo is planning to make Resolve even more versatile by adding endpoint antivirus software, patch management and alerting.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Cloudflare unveils first zero trust SIM for mobile devices ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/369175/cloudflare-unveils-first-zero-trust-sim-for-mobile-devices</link>
                                                                            <description>
                            <![CDATA[ New wireless carrier program will also let carriers integrate Zero Trust security into existing corporate plans ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">gPMic2aG5fVpyqkUS1p56L</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/9n72AvT5TcQJ8bsYLoUqdE-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 27 Sep 2022 09:17:48 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:51:59 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Daniel Todd ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/SRyC34qeLpNDj3dJtsVDhT.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/9n72AvT5TcQJ8bsYLoUqdE-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A close up of a SIM being placed into a tray slot on a smartphone]]></media:description>                                                            <media:text><![CDATA[A close up of a SIM being placed into a tray slot on a smartphone]]></media:text>
                                <media:title type="plain"><![CDATA[A close up of a SIM being placed into a tray slot on a smartphone]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/9n72AvT5TcQJ8bsYLoUqdE-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Cloudflare has announced the development of the Cloudflare Zero Trust SIM, which has been designed to secure every packet of data that leaves a mobile device.</p><p>The first of its kind, the SIM will allow organisations to connect employee devices quickly and securely to Cloudflare’s Global Network, directly integrate devices with the firm’s Zero Trust platform, as well as protect their network and employees.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="tCgzGZNVzmHGYVZhGqErHL" name="tCgzGZNVzmHGYVZhGqErHL.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/tCgzGZNVzmHGYVZhGqErHL.png" mos="https://cdn.mos.cms.futurecdn.net/tCgzGZNVzmHGYVZhGqErHL.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>CIO Priorities: 2020 vs 2023</strong></p><p class="fancy-box__body-text">Zero Trust, SaaS Security, and its impact on SD-WAN being a priority</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/369173/cio-priorities-2020-vs-2023" data-original-url="/security/369173/cio-priorities-2020-vs-2023">FREE DOWNLOAD</a></p></div></div><p>Cloudflare is also launching Zero Trust for Mobile Operators, a new wireless carrier program that will let carriers offer their subscribers comprehensive mobile security tools by tapping into its Zero Trust platform.</p><p>In an announcement, Cloudflare co-founder and CEO Matthew Prince said securing mobile devices at scale is currently one of the biggest issues for CISOs.</p><p>“Effectively securing mobile devices is hard, and we have been working on this problem since we launched our WARP mobile app in 2019, now we plan on going even further,” he said. “With Cloudflare Zero Trust SIM we will offer the only complete solution to secure all of a device’s traffic, helping our customers plug this hole in their Zero Trust security posture.”</p><p>Cloudflare says its Zero Trust SIM will integrate seamlessly with its entire Zero Trust stack, which will allow security policies to be enforced for all traffic leaving the device. That’s on top of its embedded SIM (eSIM) first approach, which allows SIMs to be automatically deployed to both iOS and Android and then locked to a specific device – ultimately mitigating the risk of SIM-swapping attacks.</p><p>Businesses will also be able to deploy the company’s Zero Trust SIM at scale in just minutes, as well as leverage integration with its WARP mobile agent.</p><p>Additionally, Cloudflare says it is developing new tools based on the new SIM, which will extend its connectivity and Zero Trust security perks to the Internet of Things. </p><p>“By combining Cloudflare’s award-winning security tools with the largest mobile networks in the world, businesses can be confident that their devices and data are secure without worrying about performance being impacted,” Cloudflare said.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Delivering remote zero-trust network access to IT and DevOps teams ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/mobile/remote-access/368817/delivering-remote-zero-trust-network-access-to-it-and-devops-teams</link>
                                                                            <description>
                            <![CDATA[ Why remote desktop gateways are the modern alternative to VPNs ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">qNGWPGx7Ra5pZ1exA4hS2f</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/NsNpSs8FZsZwGvk9qjQCnL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 02 Sep 2022 08:40:19 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:44:42 +0000</updated>
                                                                                                                                            <category><![CDATA[VPN]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ IT Pro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                    <sponsoredContent>true</sponsoredContent>
                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/NsNpSs8FZsZwGvk9qjQCnL-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[hand reaching towards a cloud of light visualising a global network]]></media:description>                                                            <media:text><![CDATA[hand reaching towards a cloud of light visualising a global network]]></media:text>
                                <media:title type="plain"><![CDATA[hand reaching towards a cloud of light visualising a global network]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/NsNpSs8FZsZwGvk9qjQCnL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The demise of the office was a popular talking point during the pandemic, and although it never quite came to pass, the central workplace we left in early 2020 isn’t the same today. For starters, not everybody came back. Remote work turned into a permanent deal for many, and this has forced companies to rethink the way their employees collaborate.</p><p>Within this cultural shift, however, a subset of workers are often forgotten – the IT team that maintains the technology which allows for hybrid offices. These professionals keep your device clean and connected no matter where you are, and they do so with remote access software from providers like Keeper Security.</p><p>Before the pandemic introduced more of us to remote working, virtual private networks (VPNs) were the go-to solution for remote workers. VPNs were fine when only a very small number of people worked remotely, but when the entire world shifted to distributed work, the limits of VPNs quickly became apparent. In addition to being expensive, sluggish, difficult to scale and complicated to use, the majority of VPNs don’t support modern zero-trust network access (ZTNA), which is key for securing today’s distributed data environments and workforces.</p><p>As an alternative, remote desktop gateway software provides organisations with fast, scalable and zero-trust remote access to IT infrastructure, with features such as least-privilege access, role-based access control (RBAC) and multi-factor authentication (MFA).</p><h3 class="article-body__section" id="section-use-cases-for-remote-desktop-gateways"><span>Use cases for remote desktop gateways</span></h3><p>Remote desktop gateways work by capturing control of a remote device’s screen, mouse and keyboard controls and transmitting them to another computer, where a user can view and use the remote machine as if they were sitting right in front of it.</p><p>The most common use cases for remote desktop gateways involve IT and DevOps teams, who must remotely connect to IT infrastructure to perform upgrades, maintenance and troubleshooting. For example, help desk personnel can remotely connect to employees’ machines to find and fix software or operating system problems, security teams can use remote desktop access to investigate potential security incidents and DevOps teams can perform infrastructure monitoring and maintenance.</p><p>Non-technical employees can use remote desktop gateway software to transfer files from one computer to another, such as for sales demonstrations, or to print out documents stored on the remote machine. Remote desktop access enables employees to work from anywhere – home, a coffee shop, even abroad – and still access a central work computer to use the work-related programs and files that are stored on it.</p><p>Remote workers can also be taught to use their machines in new ways, or have new software demonstrated by a more experienced colleague via remote access. If the main office is looking to keep the organisation compliant with GDPR, for instance, the person in charge of data protection can reach out to all colleagues and remotely demonstrate what constitutes company policy.</p><h3 class="article-body__section" id="section-the-value-of-zero-trust-remote-access"><span>The value of zero-trust remote access</span></h3><p>Having a workforce spread across a region or an entire country (or internationally) presents a number of security challenges. Compromised credentials were a common attack vector for ransomware attacks prior to the pandemic, and the shift to remote work exacerbated the issue. Remote desktop protocols (RDP) are a major vector for ransomware attacks, as they frequently lack multi-factor authentication.</p><p>Without modern zero-trust network access, all cyber criminals need to access the wider network – or remotely tap into an individual device – is a working set of login credentials. Threat actors can crack passwords using a number of different tactics, such as brute-force attacks or password spraying. Your business is literally one compromised password away from a ransomware attack or data breach.</p><p>Keeper Security’s Keeper Connection Manager is an agentless, remote desktop gateway that can be installed in any on-premises or cloud environment to provide DevOps and IT teams with effortless, zero-trust access to RDP, SSH, databases and Kubernetes endpoints through a web browser. All users and devices are strongly authenticated before they are permitted to access organisational resources. Once properly authenticated, end users interact with remote desktops via a secure session from their web browser – there are no special plugins or client software to install and maintain.</p><p>Keeper Connection Manager enables administrators to provide access through RDP, SSH, VNC, MySQL and other common protocols without having to share credentials with end users. Unlike VPNs, which give every user full, unfettered access to all systems, Keeper Connection Manager’s fine-grained controls enable administrators to provide access to select systems – or just one machine. Access can be revoked at any time, and a robust audit trail identifies when and how the system was used.</p><p>Furthermore, all activity in the system is tracked and monitored with complete event logging, reporting and alerts. The zero-trust security model prevents lateral movement through an organisation’s systems unless permitted by the platform’s control and enforcement policies. </p><p>The hybrid work model is here to stay – and zero-trust network access is key to supporting and empowering a dispersed workforce. Keeper Connection Manager enables organisations to adopt zero-trust remote access for their distributed workforces, with granular visibility and control across all designated endpoints.</p><p><a href="https://www.keepersecurity.com/en_GB/password-manager-enterprise.html?utm_source=ITPro&utm_medium=FeatureArticle&utm_id=Password+Protection+Wider+Strategy" rel="nofollow" target="_blank"><strong><em>Try Keeper for free today</em></strong></a> <strong><em>or</em></strong> <a href="https://www.keeper.io/meetings/bcain2?utm_source=ITPro&utm_medium=FeatureArticle&utm_id=Password+Protection+Wider+Strategy" rel="nofollow" target="_blank"><strong><em>book a personalised demo</em></strong></a> <strong><em>to learn more about the best way to protect your organisation from cyber attacks</em></strong></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Deloitte launches Zero Trust Access for enterprises ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/368523/deloitte-launches-zero-trust-access-for-enterprises</link>
                                                                            <description>
                            <![CDATA[ The managed security service protects applications regardless of their location or type‌ ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">mEccJjbsuVGMCLkPWgsTfM</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/RZKvjzKPMee43o6mEPc2xj-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 12 Jul 2022 12:31:32 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:51:30 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Praharsha Anand ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/RZKvjzKPMee43o6mEPc2xj-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A team of security experts in a high-tech office]]></media:description>                                                            <media:text><![CDATA[A team of security experts in a high-tech office]]></media:text>
                                <media:title type="plain"><![CDATA[A team of security experts in a high-tech office]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/RZKvjzKPMee43o6mEPc2xj-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Deloitte has launched Zero Trust Access to help enterprises better secure communications between users, devices, and business applications ‌from any location.</p><p>The managed service features a cloud-native approach and builds on device-level secure microcontainer technology. The solution is inherently scalable, resilient, agile, and secure, according to Deloitte.</p><p>Notably, Zero Trust Access helps businesses administer least privilege through dynamic access control to enterprise assets. With its ephemeral connectivity, conditional access and continuous authorization, the solution presents as a better alternative to high-expenditure remote access solutions.</p><p>“The Zero Trust concept commits to removing implicit trust within an information technology (IT) ecosystem and replacing it with a risk-based approach to accessing organizational resources across identities, workloads, data, networks and devices. This trend is gaining momentum, given legacy approaches to security architecture are no longer suitable to secure the ubiquitous nature of the modern enterprise,” explained Deloitte. </p><p>"As perimeter-based approaches are no longer suitable to secure the modern enterprise, many organizations are working to enhance protection for their IT ecosystems via zero trust," said Andrew Rafla, Deloitte Risk & Financial Advisory's zero trust offering leader and principal, Deloitte & Touche LLP. </p><p>"Zero Trust Access was built as a turnkey managed service helping ourselves and our clients accelerate adoption of this transformative security framework. Our goal was to create a cost-effective solution that can be delivered standalone or complementary to a broader ecosystem and ultimately help decrease the burden on IT and security teams who likely need to manage multiple heterogeneous solutions to achieve similar outcomes," added Rafla.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ QR codes are just as insecure as anything else ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/368444/qr-codes-are-just-as-insecure-as-anything-else</link>
                                                                            <description>
                            <![CDATA[ A browser locked down tighter than a duck’s derriere won’t save you from phishing attacks – but getting to grips with the latest advice and best practice might ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">8Ja4ari2DfHWuM38stU74A</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/rcbHy6iRh4awtGVREXtGmN-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Sat, 09 Jul 2022 07:00:07 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:51:08 +0000</updated>
                                                                                                                                            <category><![CDATA[Phishing]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Davey Winder ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/qKL6BZiS7oo9Hmyy2yd3WJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/rcbHy6iRh4awtGVREXtGmN-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Smartphone scanning a QR code]]></media:description>                                                            <media:text><![CDATA[Smartphone scanning a QR code]]></media:text>
                                <media:title type="plain"><![CDATA[Smartphone scanning a QR code]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/rcbHy6iRh4awtGVREXtGmN-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Think back to February and the weekend of the Super Bowl. I didn’t watch it as I have better things to do in the early hours of the morning, like playing Cyberpunk 2077 because I can’t sleep. Also, I prefer proper rugby without crash helmets and 1980s shoulder pads. I didn’t escape the fallout of the thing, though, and I’m not talking about Eminem taking the knee: I’m talking about the adverts. </p><p>Don’t worry, this isn’t another of my rants about trackers, cookie options or advert delivery and blocking options. Instead, it’s about a certain level of cyber security-related hysteria. That hysteria – spread by way of tweets and blogs and emails – centred around <a href="https://www.itpro.com/marketing-comms/qr-codes/362238/coinbase-super-bowl-qr-code-cyber-security-concerns" target="_blank" data-original-url="https://www.itpro.com/marketing-comms/qr-codes/362238/coinbase-super-bowl-qr-code-cyber-security-concerns">Coinbase</a>. Not for the usual “<a href="https://www.itpro.com/technology/cryptocurrencies/361286/cryptocurrency-should-you-invest" target="_blank" data-original-url="https://www.itpro.com/technology/cryptocurrencies/361286/cryptocurrency-should-you-invest">cryptocurrency</a> is all an illusion” reasons, either, but rather down to a 60-second advert featuring a QR code bouncing around the telly-box, or more likely your computer screen, by way of a half-time advertising slot that’s reported to have cost in the region of $13 million. </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/marketing-comms/qr-codes/362238/coinbase-super-bowl-qr-code-cyber-security-concerns" data-original-url="/marketing-comms/qr-codes/362238/coinbase-super-bowl-qr-code-cyber-security-concerns">Coinbase Super Bowl marketing stunt prompts debate over QR code security</a></p></div></div><p>Coinbase, no doubt, considers that money well spent; it reckons it recorded some 20 million hits on the landing page from scanning that QR code during the single minute of broadcast, crashing the relevant Coinbase servers in the process. Engagement also went through the roof, with Coinbase claiming a six-fold improvement over previous benchmarks. </p><p>The hysteria I’m talking about is the divided opinion on the not so small matter of <a href="https://www.itpro.com/marketing-comms/qr-codes/360864/are-qr-codes-safe" target="_blank" data-original-url="https://www.itpro.com/marketing-comms/qr-codes/360864/are-qr-codes-safe">QR code security</a>, or insecurity, depending on which side of the debate you sit. Me, I’m firmly straddling this controversial fence. QR codes are neither an invitation to compromise your device and data nor a perfectly safe method of reaching the information you seek. Can QR codes be used for malicious purposes? Sure, but so can web links (so best not click on any ever again) or email (never open a message folks) and apps (dammit, time to flush your <a href="https://www.itpro.com/mobile/23617/the-best-smartphones-to-buy" target="_blank" data-original-url="https://www.itpro.com/mobile/23617/the-best-smartphones-to-buy">finest smartphone</a> down the bog).</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="hrPU5QE6XSvhX9ZzKzUfbd" name="hrPU5QE6XSvhX9ZzKzUfbd.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/hrPU5QE6XSvhX9ZzKzUfbd.png" mos="https://cdn.mos.cms.futurecdn.net/hrPU5QE6XSvhX9ZzKzUfbd.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>An analysis of the European cyber threat landscape</strong></p><p class="fancy-box__body-text">Human risk review 2022</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-crime/368501/an-analysis-of-the-european-cyberthreat-landscape" data-original-url="/security/cyber-crime/368501/an-analysis-of-the-european-cyberthreat-landscape">FREE DOWNLOAD</a></p></div></div><p>There’s no 100% secure method of jumping to linked information. Sorry if that just burst your InfoSec bubble, but it’s the truth. Unless you know the destination URL already, know that it’s trustworthy (and even that trust can be misplaced) and type it into your locked down as tight as a duck’s derriere browser by hand, consider every link to be potentially dangerous. </p><p>That doesn’t mean you should click on nothing, scan nothing, trust nothing. It does mean you should be aware of the risk, should be able to threat-model accordingly and understand the mitigations that can be applied. </p><h2 id="you-can-t-apply-a-zero-trust-policy-to-real-life">You can’t apply a zero-trust policy to real life</h2><p>Consider a scenario in which you substitute me for a QR code. I could turn up on your doorstep, unannounced, wearing a hi-vis with an ID badge and claim to need access to investigate a gas leak. You determine whether to let me in, or scan the QR code, based on your trust in me being who I appear to be. This isn’t the same as saying that all QR codes are perfectly safe to use, or that all people knocking at your door mean no harm, but rather illustrating that it’s simply not feasible to apply a <a href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust" target="_blank" data-original-url="https://www.itpro.com/security/network-security/358282/what-is-zero-trust">zero-trust policy</a> to real life. Saying “never scan a QR code” is about as sensible as declaring international travel is to be avoided as there’s a chance you could fall off the edge of our flat Earth. </p><p><a href="https://www.itpro.com/security/28133/what-is-cyber-security" target="_blank" data-original-url="https://www.itpro.com/security/28133/what-is-cyber-security">Cyber security</a> and privacy should never come wrapped in absolutes. If they do then you’re probably doing the whole threat modelling thing wrong. Some honest advice is coming up, so look away now if you dislike your world view being challenged: a watering hole attack (aiming at users of a particular site or service) employing a <a href="https://www.itpro.com/security/zero-day-exploit/360447/why-zero-day-exploits-are-surging-on-an-unprecedented-scale" target="_blank" data-original-url="https://www.itpro.com/security/zero-day-exploit/360447/why-zero-day-exploits-are-surging-on-an-unprecedented-scale">zero-day exploit</a> is very unlikely to target you. Zero-days are expensive and are used sparingly. It’s not that such things do not happen, of course, but rather they can be filed in the uncommon folder rather than every occurrence. </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/marketing-comms/qr-codes/360864/are-qr-codes-safe" data-original-url="/marketing-comms/qr-codes/360864/are-qr-codes-safe">Are QR codes safe?</a></p></div></div><p>Your chances, your company’s chances, of being targeted using a zero-day attack will also depend highly on the industry you're in and the profitability (be that financial or political) of a successful compromise. As Michael Coates, a former Twitter <a href="https://www.itpro.com/careers/28228/ciso-job-description-what-does-a-ciso-do" target="_blank" data-original-url="https://www.itpro.com/careers/28228/ciso-job-description-what-does-a-ciso-do">chief information security officer (CISO)</a> and security head at Mozilla, once tweeted: “If an org has a choice of where to spend time, spend it on the timely application of patches across the entire fleet. It’s not the 0days that get orgs, it’s the 100days.” In other words, you’re far more likely to get hit by a known exploit that compromises your networks by using a vulnerability in the patch cycle time between release and application. </p><p>Again, this absolutely does not mean that I’m saying QR codes are perfectly safe. I’m saying, apply the same defensive logic to them as you would clicking on a link in your email, a direct message or SMS. Certainly, be aware that they can be abused. Scanning, for example, a QR code on a parking metre could be problematic if that code has been tampered with or, indeed, shouldn’t be there at all. </p><h2 id="how-to-eliminate-the-phishing-risk">How to eliminate the phishing risk</h2><p>Cyber crime has come a long way since the ‘AOHell’ cracking exploit kit of 1996. <a href="https://www.itpro.com/security/29093/what-is-phishing" target="_blank" data-original-url="https://www.itpro.com/security/29093/what-is-phishing">Phishing</a> is not only still with us but still plays a central role in cyber crime, alongside the ransomware threat to targeted spear phishing. To the even more highly targeted, whale phishing of business email compromise (BEC) and nation state spying campaigns are persistent threats. </p><p>The National Cyber Security Centre (NCSC) has a <a href="https://www.ncsc.gov.uk/guidance/phishing" target="_blank">very good guide</a> for organisations when it comes to defending against <a href="https://www.itpro.com/security/phishing/367737/what-makes-for-the-most-deceptive-phishing-attacks" target="_blank" data-original-url="https://www.itpro.com/security/phishing/367737/what-makes-for-the-most-deceptive-phishing-attacks">deceptive phishing campaigns</a>. It’s an excellent starting point on your journey towards the best possible phishing mitigation you can expect. </p><div class="youtube-video" data-nosnippet ><div class="video-aspect-box"><iframe data-lazy-priority="high" data-lazy-src="https://www.youtube-nocookie.com/embed/EiyiaUoQvOU" allowfullscreen></iframe></div></div><p>Helping users to identify and <a href="https://www.itpro.com/security/28744/4-giveaways-that-show-an-email-is-a-phishing-attack" target="_blank" data-original-url="https://www.itpro.com/security/28744/4-giveaways-that-show-an-email-is-a-phishing-attack">report suspected phishing emails</a> is one area that’s often either over-emphasised to the detriment of technical tools or under-emphasised, which is actually just as bad all round. There needs to be a balance between tool implementation and awareness training if such a multi-level strategy is going to be effective in practice. Using <a href="https://www.itpro.com/security/phishing/359702/what-is-dmarc-and-how-can-it-improve-your-email-security" target="_blank" data-original-url="https://www.itpro.com/security/phishing/359702/what-is-dmarc-and-how-can-it-improve-your-email-security">Domain-based Message Authentication (DMARC)</a> is a solid way to verify that an email is actually from the purported sender, by way of example, but not every organisation will use it so an awareness of the dangers (and other mitigations) of spoofing is still a requirement. </p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="R2jbpb4nBynt6hb5iyJKaD" name="R2jbpb4nBynt6hb5iyJKaD.jpg" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/R2jbpb4nBynt6hb5iyJKaD.jpg" mos="https://cdn.mos.cms.futurecdn.net/R2jbpb4nBynt6hb5iyJKaD.jpg" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Introducing IBM Security QRadar XDR</strong></p><p class="fancy-box__body-text">A comprehensive open solution in a crowded and confusing space</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-security/368459/introducing-ibm-security-qradar-xdr" data-original-url="/security/cyber-security/368459/introducing-ibm-security-qradar-xdr">FREE DOWNLOAD</a></p></div></div><p>The NCSC also has a somewhat dated, but still relevant, information resource when it comes to <a href="https://www.ncsc.gov.uk/collection/email-security-and-anti-spoofing" target="_blank">anti-spoofing</a> while Microsoft 365 users can do worse than head over to that company’s <a href="https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dmarc-to-validate-email?view=o365-worldwide">official support and documentation for using DMARC</a> to validate email. One last general resource comes by way of an Electronic Frontier Foundation (EFF) project called <a href="http://ssd.eff.org">Surveillance Self-Defense</a>, which provides a good overview of the tools and techniques to combat phishing attacks. </p><p>I heartily concur with the software and operating system patching advice, and <a href="https://www.itpro.com/security/29982/what-is-two-factor-authentication" target="_blank" data-original-url="https://www.itpro.com/security/29982/what-is-two-factor-authentication">two-factor authentication (2FA)</a> key usage is equally great advice as well. Less for preventing phishing itself, more helping to mitigate the outcome of a successful initial phish.</p><iframe allow="encrypted-media" frameborder="0" height="" width="100%" data-lazy-priority="low" data-lazy-src="https://open.spotify.com/embed-podcast/episode/1ojGcpJHLKOEausXT9cuVa"></iframe><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/28744/4-giveaways-that-show-an-email-is-a-phishing-attack" data-original-url="/security/28744/4-giveaways-that-show-an-email-is-a-phishing-attack">Five giveaways that show an email is a phishing attack</a></p></div></div><p>A security researcher who goes by the Twitter handle of mr.d0x created a phishing workaround for multi-factor authentication while undertaking a penetration test for a client. I mention this purely to emphasise that while 2FA is a great additional layer, it isn’t a foolproof one. The mr.d0x exploit is essentially a man-in-the-middle (MitM) compromise, where the attacker controls the site where the authentication code is being entered. This uses a VNC server hack called noVNC that will automatically launch the victim’s web browser and connect to the threat actor’s VNC server with a browser running in full-screen kiosk mode, so they just see the login web page as expected. The point being that the login takes place on the threat actor server, as will one-time passcodes.</p><p>Roger Grimes, author of a book called <em>Hacking Multifactor Authentication</em>, and a data-driven defence evangelist with KnowBe4, warns “MFA using voice calls, SMS messages, one-time codes the user types in, and pushed-based approvals is highly phishable. Hundreds to thousands to millions of people protected by these types of MFA have been successfully phished and hacked. It’s like giving them a self-driving car and not mentioning that they still have to pay attention and drive when the autonomous system fails.”</p><p>There’s one more resource I have to mention, and for good reason as a communicator myself. Namely, this Medium posting by Bob Lord. A former CISO at Yahoo and the Democratic National Committee in the US, Lord has published an excellent round-up of how business security advice should be given. It’s well worth a <a href="https://medium.com/@boblord/how-to-give-security-advice-7f363186c0c7">read in full</a>. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Cloudflare unveils new One Partner Program with zero trust at its core ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/channel/368357/cloudflare-unveils-new-one-partner-program-with-zero-trust-at-its-core</link>
                                                                            <description>
                            <![CDATA[ Cloudflare CEO Matthew Prince says the initiative aims to take the complexity out of zero trust architecture ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">fWuhosCGAxctrWPP6AU1T7</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ZBmCFzk8RtkLCDfncgD8xm-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 24 Jun 2022 10:16:37 +0000</pubDate>                                                                                                                                <updated>Thu, 24 Apr 2025 18:16:48 +0000</updated>
                                                                                                                                            <category><![CDATA[Cyber Attacks]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (Daniel Todd) ]]></author>                    <dc:creator><![CDATA[ Daniel Todd ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/SRyC34qeLpNDj3dJtsVDhT.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/ZBmCFzk8RtkLCDfncgD8xm-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[Cloudflare CEO and co-founder Matthew Prince]]></media:description>                                                            <media:text><![CDATA[A close up photo of Matthew Prince, CEO and co-founder of Cloudflare, speaking on a stage]]></media:text>
                                <media:title type="plain"><![CDATA[A close up photo of Matthew Prince, CEO and co-founder of Cloudflare, speaking on a stage]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ZBmCFzk8RtkLCDfncgD8xm-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Cloudflare has revealed details of its new One Partner Program, which it says presents a new way for the channel to integrate and extend its Cloudflare One platform.</p><p>The initiative builds on the solution’s comprehensive <a href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust" data-original-url="https://www.itpro.com/security/network-security/358282/what-is-zero-trust">zero trust</a>, network as a service, and cloud <a href="https://www.itpro.com/network-internet/email-providers/358887/the-most-secure-email-services" data-original-url="https://www.itpro.com/network-internet/email-providers/358887/the-most-secure-email-services">email security</a> services, providing architecture designed to help customers to stay secure and efficient.</p><p>Cloudflare said the new programme bundles together the tools and services that partners need to ensure swift deployment, fast performance, as well as robust security across endpoints, networks, and email.</p><p>“In order to keep today’s business environment protected and productive, organisations need a unified solution to secure their distributed workforces and at the same time accelerate employee systems,” explained Matthew Prince, co-founder and CEO of Cloudflare. “But another key piece is broad adoption, and that’s why we’ve been working to seamlessly layer this into organisations without interruptions.</p><p>“Critical architectures like Zero Trust shouldn’t be complex, yet we hear every day from businesses that don’t know where to start. That’s why we have modernised how partners can fully implement and deliver what organisations of all sizes need most today.”</p><p>One of the most interconnected networks on the market, Cloudflare One spans 270 cities in over 100 countries. Over the last twelve months, the number of customers using the platform has grown by 100%, while daily average traffic has increased sixfold.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/infrastructure/network-internet/368325/cloudflare-fixes-outage-major-web-services-offline" data-original-url="/infrastructure/network-internet/368325/cloudflare-fixes-outage-major-web-services-offline">Cloudflare fixes outage that knocked major web services offline</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/distributed-denial-of-service-ddos/368295/cloudflare-mitigates-biggest-ever-https-ddos-attack" data-original-url="/security/distributed-denial-of-service-ddos/368295/cloudflare-mitigates-biggest-ever-https-ddos-attack">Cloudflare mitigates biggest ever HTTPS DDoS attack</a></p></div></div><p>The platform boasts a number of integrated products such as ZTNA, Secure Web Gateway, CASB, DLP, Browser Isolation, IoT Security, and now Cloud Email Security.</p><p>With its new partner programme, Cloudflare says partners will now be able to better guide customers, deliver comprehensive solutions, protect users from <a href="https://www.itpro.com/security/29093/what-is-phishing" data-original-url="https://www.itpro.com/security/29093/what-is-phishing">phishing attacks</a>, as well as secure every connection with zero trust controls.</p><p>“With this new Cloudflare One Partner Program for Zero Trust, Cloudflare has launched a first-of-its-kind set of integrated product suites and partner services packages that will give our Trusted Advisors a compelling set of solutions to take to market,” commented Shane McNamara, EVP of Engineering and Operations at AVANT Communications.</p><p>The news comes just days after a <a href="https://www.itpro.com/infrastructure/network-internet/368325/cloudflare-fixes-outage-major-web-services-offline" data-original-url="https://www.itpro.com/infrastructure/network-internet/368325/cloudflare-fixes-outage-major-web-services-offline">Cloudflare outage</a> resulted in a number of major websites being knocked offline for around two hours, including those operated by Shopify, NordVPN, and gaming platform Steam.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Introducing the zero trust edge model for security and network services ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/365567/introducing-the-zero-trust-edge-model-for-security-and-network-services</link>
                                                                            <description>
                            <![CDATA[ Get a better understanding of emerging zero trust solutions ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">h9aPV5zpvRzvUWnqhRjRXf</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/gSCksczWaVZioTtDeALM4D-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Tue, 08 Mar 2022 15:46:35 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:49:39 +0000</updated>
                                                                                                                                            <category><![CDATA[Networking]]></category>
                                                    <category><![CDATA[Infrastructure]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/gSCksczWaVZioTtDeALM4D-1280-80.png">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Whitepaper cover with black block across the top and yellow, green and black pipe graphics with title and copy]]></media:description>                                                            <media:text><![CDATA[Whitepaper cover with black block across the top and yellow, green and black pipe graphics with title and copy]]></media:text>
                                <media:title type="plain"><![CDATA[Whitepaper cover with black block across the top and yellow, green and black pipe graphics with title and copy]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/gSCksczWaVZioTtDeALM4D-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>As remote workforces accelerate cloud migration, network security requirements need to shift. </p><p>This study by Forrester shares the latest security requirements and highlights how the networking and security worlds need to merge, with IT teams tasked with identifying a Zero Trust solution that will unify them.</p><p>Download now for a better understanding of the emerging Zero Trust solutions to better support business-wide networking.</p><p><em>Provided by</em></p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="ByF59dfdA3t27zz8q7ZTpb" name="" alt="Aruba logo" src="https://cdn.mos.cms.futurecdn.net/ByF59dfdA3t27zz8q7ZTpb.jpg" mos="https://cdn.mos.cms.futurecdn.net/ByF59dfdA3t27zz8q7ZTpb.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/49556/eng-form?locale=1&p=false&wp=8628"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ The state of SD-WAN, SASE and zero trust security architectures ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/365560/the-state-of-sd-wan-sase-and-zero-trust-security-architectures</link>
                                                                            <description>
                            <![CDATA[ Be a leader in the deployment of zero trust, SD-WAN and SASE ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">4Yw9baWzP1UC3ytWEtZqNM</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/NhMQzdZrFWPUNLGH4vbCi8-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Tue, 08 Mar 2022 14:47:21 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:49:04 +0000</updated>
                                                                                                                                            <category><![CDATA[Networking]]></category>
                                                    <category><![CDATA[Infrastructure]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/NhMQzdZrFWPUNLGH4vbCi8-1280-80.png">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Whitepaper cover with graphic of a man stood on a laptop in front of a padlock, in front of a cloud with a server in the cloud, plus other people]]></media:description>                                                            <media:text><![CDATA[Whitepaper cover with graphic of a man stood on a laptop in front of a padlock, in front of a cloud with a server in the cloud, plus other people]]></media:text>
                                <media:title type="plain"><![CDATA[Whitepaper cover with graphic of a man stood on a laptop in front of a padlock, in front of a cloud with a server in the cloud, plus other people]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/NhMQzdZrFWPUNLGH4vbCi8-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>HPE partnered with the Ponemon Institute to globally survey 4,150 IT and IT security practitioners on their biggest security challenges and how to keep up with an evolving threat landscape.</p><p>Findings showed that most organisations were planning to implement, or had implemented, zero trust security infrastructure, with under half implementing an SD-WAN solution and SASE security architecture.</p><p>Download this report to better understand the practices of those businesses with highly effective security infrastructures and implementation.</p><p><em>Provided by</em></p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="ByF59dfdA3t27zz8q7ZTpb" name="" alt="Aruba logo" src="https://cdn.mos.cms.futurecdn.net/ByF59dfdA3t27zz8q7ZTpb.jpg" mos="https://cdn.mos.cms.futurecdn.net/ByF59dfdA3t27zz8q7ZTpb.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/49556/eng-form?locale=1&p=false&wp=8627"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ The importance of a zero-trust model for hybrid working ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/identity-and-access-management-iam/363096/the-importance-of-a-zero-trust-model-for-hybrid</link>
                                                                            <description>
                            <![CDATA[ How identity-based security solutions can help protect our dispersed workforces ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">jj8eEwVq6Kgp1eerasb17p</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Tfn7yH68MB4jKiK55DJcVa-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 02 Mar 2022 10:39:59 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:56:32 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ IT Pro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                    <sponsoredContent>true</sponsoredContent>
                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Tfn7yH68MB4jKiK55DJcVa-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A close up of a keyboard with graphics overlaid to represent cyber security and hacking]]></media:description>                                                            <media:text><![CDATA[A close up of a keyboard with graphics overlaid to represent cyber security and hacking]]></media:text>
                                <media:title type="plain"><![CDATA[A close up of a keyboard with graphics overlaid to represent cyber security and hacking]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Tfn7yH68MB4jKiK55DJcVa-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Hybrid working is here to stay. The new flexible practices that have been adopted in the wake of the pandemic offer many benefits to workers and employers alike, promising a new work-life balance and a realignment to an outcomes-based model where results are prioritised over where and how the work gets done.</p><p>Okta’s <a href="https://www.okta.com/uk/resources/new-workplace-2021/?utm_campaign=display_idg_emea_multiple_emea_it_wi-newworkplacereport-lp_null&utm_source=idg&utm_medium=cpc" rel="nofollow" target="_blank">The New Workplace Report</a> found that 42% of workers want a mix of home- and office-based working, while 17% want to work from home permanently. 60% of workers also said that they would like to work in an asynchronous environment, where they are able to determine their preferred schedule too. The benefits of flexible working are clear to workers, and employers who want to remain competitive have to take these pressures into account, putting paid to any idea that we might all return to 9-to-5 office work.</p><p>But hybrid working brings challenges as well as benefits, and one of the most prominent is the impact that it has on security. Dispersed workforces have put new pressures on IT teams and security professionals, who can no longer exercise the same levels of rigid control and oversight they may have been used to when everyone worked from the office.</p><p>Fortunately, new zero-trust principles and identity and access management (IAM) technologies, offered by security specialists like Okta, are powering the shift to a new control plane that can protect your critical systems no matter where or how employees are accessing them.</p><h3 class="article-body__section" id="section-beyond-the-perimeter"><span>Beyond the perimeter</span></h3><p>Traditional office-based working models favoured a network-centric approach to security. With the majority of employees working on premises, the focus was on protecting the perimeter to prevent access to your network by cyber criminals. On-premises endpoints could conceivably be tracked and monitored, and if there were any issues or configuration problems, IT teams and other workers would likely be based in the same building, enabling easy communication and access to devices.</p><p>Hybrid working has changed all that. When the first lockdowns hit, suddenly entire workplaces were emptied, with employees having to access systems remotely through their own personal networks, whose security (or lack thereof) falls outside the control of IT teams. Bring-your-own-device (BYOD) practices, whether official or unsanctioned, meant that some devices were likely to be unsecured, too, and made it much more difficult to keep track of endpoints. With the cementing of hybrid working, these challenges will persist indefinitely.</p><p>With the perimeter fraying so drastically, it becomes much easier for cyber criminals to find ways to access business networks. Cyber attacks have boomed since the beginning of the pandemic, and the adage ‘it’s not a matter of if, but when’ applies more firmly than ever. For all these reasons, we are seeing a shift in focus from preventing cyber criminals from accessing networks to limiting what they are able to do once they get inside.</p><p>When it comes to accessing mission-critical apps and services, credential theft has become a focus of cyber criminals. The 2021 Verizon Data Breach Investigations Report found that stolen credentials were involved in 61% of breaches, with credentials compromised through various methods including brute force and also phishing attacks, the latter of which have continued to boom in recent years. The report found that 85% of social engineering breaches compromise at least some credentials as part of the attack. In systems with potentially hundreds or thousands of unsecured logins with access to critical data and applications, these are ripe for abuse by cyber criminals.</p><p>In this new environment, where endpoints are more difficult to secure, we need to shift away from a network-centric approach to security to a place where identity is the new control plane and criminals are prevented from leveraging credentials and trusted paths within our networks. But how can this be managed?</p><h3 class="article-body__section" id="section-identity-based-solutions"><span>Identity-based solutions</span></h3><p>Zero trust is a framework by which access to systems and resources is carefully monitored and controlled. Gartner defines zero-trust security as “never trust, always verify” – in other words, no one has blanket, permanent access that can be taken advantage of if their login credentials are compromised. Users are given the right access for the right length of time, so that IT teams can identify who is accessing what, and can be sure that bad actors are not able to lurk anonymously and indefinitely in these systems to steal data or in any other way compromise them.</p><p>As the importance of identity as a new control plane becomes clearer, solutions are emerging to help organisations enshrine zero trust in their operations. For instance, Okta’s IAM solution offers a centralised control plane where identity is a key component – while also focusing on keeping friction to a minimum. This is key – identity solutions that snarl up your day-to-day processes can end up replacing one issue with another. These will not be welcomed by your workforce, no matter how much they improve overall security, and can lead some workers to adopt counterproductive workarounds.</p><p>Okta’s IAM keeps the burden on IT teams to a minimum by centralising operations and oversight, and automating processes. It allows permissions to be granted for a set amount of time, tackling the risk of unsecured logins that could potentially end up granting unfettered access to cyber criminals. For users, it provides single sign-on and adaptive multi-factor authentication that makes the processing of requesting permissions and logging in as simple and secure as possible.</p><p>Remote working has put serious pressure on our endpoint security measures. With zero-trust solutions, organisations are able to empower their employees to work anytime, anywhere and from any device while remaining confident that access to critical systems is fully controlled and monitored.</p><p><strong><em>Okta supports thousands of organisations to reduce IT admin, work faster and keep employees secure.</em></strong> <a href="https://www.okta.com/uk/trust-at-work/?utm_campaign=display_idg_emea_multiple_emea_it_wi-trustatwork-lp_null&utm_source=idg&utm_medium=cpc" rel="nofollow" target="_blank"><strong><em>Learn how leading companies have transitioned to a new workplace with Okta</em></strong></a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ How to build a zero trust model ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/361919/how-to-build-a-zero-trust-model</link>
                                                                            <description>
                            <![CDATA[ Threats are becoming greater and more diverse, but having a zero trust architecture could help your business defend its infrastructure ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">hzBSKZTrRnD5CbwHdRExub</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ZUHvccG7dhVxKAtQP5bmUX-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 11 Jan 2022 13:19:54 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:48:43 +0000</updated>
                                                                                                                                            <category><![CDATA[Encryption]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Rene Millman ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/vwWuTPNRCuw9vEaWzuXYnR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/ZUHvccG7dhVxKAtQP5bmUX-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Cyber security represented by a digital screen with encryption data background]]></media:description>                                                            <media:text><![CDATA[Cyber security represented by a digital screen with encryption data background]]></media:text>
                                <media:title type="plain"><![CDATA[Cyber security represented by a digital screen with encryption data background]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ZUHvccG7dhVxKAtQP5bmUX-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>In the early days of computer networking, <a href="https://www.itpro.com/security/28133/what-is-cyber-security" target="_blank" data-original-url="https://www.itpro.com/security/28133/what-is-cyber-security">cyber security</a> was predominantly focused on the perimeter because it was thought you needed to keep the bad guys out. Within the perimeters was thought to be safe and trusted, while outside the enterprise firewalls danger lurked.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/vulnerability/361951/log4shell-nearly-half-of-all-log4j-downloads-remain-vulnerable" data-original-url="/security/vulnerability/361951/log4shell-nearly-half-of-all-log4j-downloads-remain-vulnerable">Nearly half of all Log4j downloads remain critically vulnerable</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-attacks/361944/cyber-attacks-on-corporate-networks-increased-50-in-2021" data-original-url="/security/cyber-attacks/361944/cyber-attacks-on-corporate-networks-increased-50-in-2021">Cyber attacks on corporate networks increased 50% in 2021</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/server-storage/network-attached-storage-nas/361938/qnap-warns-ransomware-targeting-nas-devices" data-original-url="/server-storage/network-attached-storage-nas/361938/qnap-warns-ransomware-targeting-nas-devices">QNAP warns of ransomware targeting internet-facing NAS products</a></p></div></div><p>However, this assumes that hackers haven’t already got into the network and started doing damage. Cyber criminals can get a grip within a businesses' infrastructure by exploiting a vulnerable system, <a href="https://www.itpro.com/security/34616/the-top-password-cracking-techniques-used-by-hackers" target="_blank" data-original-url="https://www.itpro.com/security/34616/the-top-password-cracking-techniques-used-by-hackers">stolen credentials</a>, or by exploiting poorly configured wireless connections. To counteract this scenario, many modern enterprises are adopting a zero trust model.</p><h2 id="what-is-a-zero-trust-model">What is a zero trust model?</h2><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="kxVpxFJ7B6cp5Fs3CYkpBN" name="kxVpxFJ7B6cp5Fs3CYkpBN.jpg" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/kxVpxFJ7B6cp5Fs3CYkpBN.jpg" mos="https://cdn.mos.cms.futurecdn.net/kxVpxFJ7B6cp5Fs3CYkpBN.jpg" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Identity is key to stopping these five cyber security attacks</strong></p><p class="fancy-box__body-text">Many attacks begin with the same weakness: user accounts</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/366339/identity-is-key-to-stopping-these-five-cyber-security-attacks" data-original-url="/security/366339/identity-is-key-to-stopping-these-five-cyber-security-attacks">FREE DOWNLOAD</a></p></div></div><p><a href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust" data-original-url="https://www.itpro.com/security/network-security/358282/what-is-zero-trust">Zero trust</a> is a relatively new and evolving approach to network design. It means “never trust, always verify”. By default, devices on a network are not trusted, even when connected to a corporate network and even if previously verified.</p><p>This model protects the environment by using methods and processes such as network segmentation, strong authentication, preventing lateral network movement, and simplifying “least access” policies.</p><p>So how does an organisation go about building, running, and using a zero trust model in the <a href="https://www.itpro.com/infrastructure" data-original-url="https://www.itpro.com/infrastructure">infrastructure</a>?</p><h3 class="article-body__section" id="section-network-segmentation"><span>Network segmentation</span></h3><p>The foundation of a zero trust architecture is network segmentation. Systems and devices must be segregated according to the types of data they process and the access they permit. This can then limit the reach of a hacker once they get into the network.</p><p>To segment a network, organisations should create a comprehensive roadmap based on business and security aims. They should then map application dependencies so that organisations know how apps communicate to endpoints within the infrastructure. Finally, a network should not be over-segmented as this can lead to over complexity and may prevent employees from doing their jobs properly if they can’t access the systems they need to.</p><h3 class="article-body__section" id="section-identity-and-access-management-improvement"><span>Identity and access management improvement</span></h3><p>A strong identity and access management infrastructure is another precondition of a zero-trust model. <a href="https://www.itpro.com/security/361870/five-things-to-consider-before-choosing-an-mfa-solution" data-original-url="https://www.itpro.com/security/361870/five-things-to-consider-before-choosing-an-mfa-solution">Multi-factor authentication</a> offers additional reassurance of identity and defends against credential stealing. Implementing role-based access control permits applications to limit access in a way that implements the principle of least privilege.</p><h3 class="article-body__section" id="section-deploying-least-privilege-at-the-firewall"><span>Deploying least privilege at the firewall</span></h3><p><a href="https://www.itpro.com/security/cyber-security/357381/why-you-should-prioritise-privileged-access-management" data-original-url="https://www.itpro.com/security/cyber-security/357381/why-you-should-prioritise-privileged-access-management">Least privilege</a> not only applies to users, but it also applies to networks. After network segmentation, access between networks should be locked down to only allow traffic between them according to business needs.</p><p>Using a next-generation firewall (NGFW) can help organisations to implement what <a href="https://www.gartner.com/en/information-technology/glossary/next-generation-firewalls-ngfws#:~:text=Next%2Dgeneration%20firewalls%20(NGFWs)%20are%20deep%2Dpacket%20inspection,intelligence%20from%20outside%20the%20firewall.">Gartner</a> defines as a “deep-packet inspection firewall that moves beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.”</p><h3 class="article-body__section" id="section-monitoring-using-ai-and-machine-learning"><span>Monitoring using AI and machine learning</span></h3><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="kxVpxFJ7B6cp5Fs3CYkpBN" name="kxVpxFJ7B6cp5Fs3CYkpBN.jpg" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/kxVpxFJ7B6cp5Fs3CYkpBN.jpg" mos="https://cdn.mos.cms.futurecdn.net/kxVpxFJ7B6cp5Fs3CYkpBN.jpg" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Identity is key to stopping these five cyber security attacks</strong></p><p class="fancy-box__body-text">Many attacks begin with the same weakness: user accounts</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/366339/identity-is-key-to-stopping-these-five-cyber-security-attacks" data-original-url="/security/366339/identity-is-key-to-stopping-these-five-cyber-security-attacks">FREE DOWNLOAD</a></p></div></div><p>Machine learning can be used by organisations to speed up the work of detecting and mitigating threats. Usually, security analysts would use security information and event management (SIEM) solutions to gain a comprehensive understanding of security events collected from systems, devices, and applications across an organisation’s network and clouds. <a href="https://www.itpro.com/strategy/28071/what-is-machine-learning" data-original-url="https://www.itpro.com/strategy/28071/what-is-machine-learning">Machine learning</a> and artificial intelligence (AI) can help to surface threat indicators that would otherwise be lost in reams of data.</p><p>This gives security teams a better way of recognising what activity is taking place and if it is normal activity that machine learning has been trained to identify. If this activity falls outside normal usage patterns, AI can flag this up as suspicious and help enterprises improve their defences from both internal and external threats and deploy a more full-bodied zero trust security model.</p><h3 class="article-body__section" id="section-ongoing-management-and-issues"><span>Ongoing management and issues</span></h3><p>A zero trust model should be thought of as part of an organisation’s overall digital transformation strategy. It should be by design and not simply retrofitted. This means implementing technology to achieve zero trust as more systems move to the cloud and legacy systems are replaced.</p><div class="youtube-video" data-nosnippet ><div class="video-aspect-box"><iframe data-lazy-priority="low" data-lazy-src="https://www.youtube-nocookie.com/embed/pzAeJFCAexg" allowfullscreen></iframe></div></div><p>Moving to zero trust should involve an ongoing conversation between security and the rest of the organisation to prioritise what moves to a zero-trust model and what can wait.</p><p>When up and running, managing zero trust should involve security teams developing and maintaining zero trust models, while network teams manage networks. The security team should also carry out regular audits to ensure that the network adheres to the policies and protocols of zero trust. Critical workloads will need more analysis of users and devices compared to other, less important, workloads.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Bridging the DevSecOps divide: Spotlight on zero trust ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/development/devops/361752/bridging-devsecops-divide-spotlight-zero-trust</link>
                                                                            <description>
                            <![CDATA[ Security at the forefront ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">6ytRNwbPL2tGkaN4GyPzip</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/NkAGjo7HqvvMBukUGhwvQA-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 03 Dec 2021 13:07:03 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:44:26 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/NkAGjo7HqvvMBukUGhwvQA-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Whitepaper title on a white page with a green trapezoid across the cover]]></media:description>                                                            <media:text><![CDATA[Whitepaper title on a white page with a green trapezoid across the cover]]></media:text>
                                <media:title type="plain"><![CDATA[Whitepaper title on a white page with a green trapezoid across the cover]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/NkAGjo7HqvvMBukUGhwvQA-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Did you know that Forrester research reports that only four in 10 of developers understand why a zero trust framework is important?</p><p>Only 41% understand the impact zero trust has on the organisation. To address this, understanding how improving the relationship between security and development teams can ensure that ownership, responsibilities, and priorities around zero trust are crystal clear.</p><p>This study provides the insight and actions needed to understand and act. Use this insight to lead your DevSecOps teams to success with a zero trust game plan.</p><p><em>Provided by </em></p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="dKkgZwcAW6ixeLxZGTnRRj" name="" alt="VMWare logo on a white background" src="https://cdn.mos.cms.futurecdn.net/dKkgZwcAW6ixeLxZGTnRRj.jpg" mos="https://cdn.mos.cms.futurecdn.net/dKkgZwcAW6ixeLxZGTnRRj.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/49446/form-9600?locale=1&p=false&wp=7898"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Your journey to zero trust ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/identity-and-access-management-iam/361718/your-journey-to-zero-trust</link>
                                                                            <description>
                            <![CDATA[ What you wish you knew before you started ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">oYJuGJ163jXK31VcTQhT7</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/sUMT9GoLTN2RCULyLudTNJ-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 02 Dec 2021 10:49:31 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:56:08 +0000</updated>
                                                                                                                                            <category><![CDATA[Networking]]></category>
                                                    <category><![CDATA[Infrastructure]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/sUMT9GoLTN2RCULyLudTNJ-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Image of speaker Dave Gruber in black and white with associated company logos along bottom]]></media:description>                                                            <media:text><![CDATA[Image of speaker Dave Gruber in black and white with associated company logos along bottom]]></media:text>
                                <media:title type="plain"><![CDATA[Image of speaker Dave Gruber in black and white with associated company logos along bottom]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/sUMT9GoLTN2RCULyLudTNJ-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Employees have gotten used to the flexibility of the fully remote workplace, and even if they’re happy to return to the office or a hybrid model, your business needs to maintain that flexibility for all its workers. </p><p>Whether it’s working from home or another out-of-office location, using personal devices, or something else, this level of flexibility requires an identity and access management (IAM) solution to keep your people secure and productive. </p><p>Watch this on-demand webinar to hear from security and IAM experts about: </p><ul><li>Priorities for security professionals as we settle into permanent hybrid work models</li><li>How CISOs perceive the importance of implementing zero trust</li><li>The components of a well-structured IAM platform</li></ul><p><em>Provided by </em></p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="aVingsbZaxsFEzjgWucZgF" name="" alt="Okta logo" src="https://cdn.mos.cms.futurecdn.net/aVingsbZaxsFEzjgWucZgF.png" mos="https://cdn.mos.cms.futurecdn.net/aVingsbZaxsFEzjgWucZgF.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/49424/form-8172?locale=1&p=false&wp=7988"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Identity's role in zero trust ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/identity-and-access-management-iam/361716/identity-zero-trust</link>
                                                                            <description>
                            <![CDATA[ Zero trust starts with a change in philosophy ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">hbU3LtQXjhibUEP7E9Uvex</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/kVYvFQ3Z7Cx7aPiv3GEG6K-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 02 Dec 2021 10:37:37 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:55:46 +0000</updated>
                                                                                                                                            <category><![CDATA[Networking]]></category>
                                                    <category><![CDATA[Infrastructure]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/kVYvFQ3Z7Cx7aPiv3GEG6K-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Title of the webinar on a blue background with an &amp;#039;O&amp;#039; pattern]]></media:description>                                                            <media:text><![CDATA[Title of the webinar on a blue background with an &amp;#039;O&amp;#039; pattern]]></media:text>
                                <media:title type="plain"><![CDATA[Title of the webinar on a blue background with an &amp;#039;O&amp;#039; pattern]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/kVYvFQ3Z7Cx7aPiv3GEG6K-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Cloud and mobile have dissolved the network perimeter, and remote workers have also escaped the perimeter - so how do you keep your applications secure? </p><p>Moving from a perimeter-centric to a zero trust model is key to staying secure in our modern world of work. </p><p>In this on-demand presentation, Sami Laine, principal security architect at Okta, discusses: </p><ul><li>Frameworks for a zero trust model</li><li>What contextual access is and how it works</li><li>The zero trust IAM maturity curve</li><li>Three fundamental zero trust properties</li></ul><p><em>Provided by </em></p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="aVingsbZaxsFEzjgWucZgF" name="" alt="Okta logo" src="https://cdn.mos.cms.futurecdn.net/aVingsbZaxsFEzjgWucZgF.png" mos="https://cdn.mos.cms.futurecdn.net/aVingsbZaxsFEzjgWucZgF.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/49424/form-9450?locale=1&p=false&wp=7987"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Identity-focussed security for your zero trust journey ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/identity-and-access-management-iam/361566/identity-focussed-security-for-your-zero-trust</link>
                                                                            <description>
                            <![CDATA[ Steps to protect your business from identity-driven threats ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">fE2Uw5KR2q7rwk3MzQpNi2</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/XEodomHb9jn7VwXYzAFsXa-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 16 Nov 2021 17:01:48 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:55:13 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/XEodomHb9jn7VwXYzAFsXa-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Title of the webinar in white text against a blue background]]></media:description>                                                            <media:text><![CDATA[Title of the webinar in white text against a blue background]]></media:text>
                                <media:title type="plain"><![CDATA[Title of the webinar in white text against a blue background]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/XEodomHb9jn7VwXYzAFsXa-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>How do you protect your organisation when some or all of its employees work outside of the network perimeter?</p><p>Identity ensures the right person has the right access, no matter where they are and what devices they’re working on. </p><p>Watch this on-demand webinar to find out: </p><ul><li>How identity-first security increases productivity through frictionless experiences</li><li>Stages 0-3 of the zero trust maturity model</li><li>How companies worldwide are prioritising components of a zero trust model in the next 12-18 months</li></ul><p><em>Provided by </em></p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="aVingsbZaxsFEzjgWucZgF" name="" alt="Okta logo" src="https://cdn.mos.cms.futurecdn.net/aVingsbZaxsFEzjgWucZgF.png" mos="https://cdn.mos.cms.futurecdn.net/aVingsbZaxsFEzjgWucZgF.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/49424/form-9238?locale=1&p=false&wp=7986"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ How to increase zero trust maturity ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/361564/how-to-increase-zero-trust-maturity</link>
                                                                            <description>
                            <![CDATA[ The business benefits of modern identity ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">hhVCbm8WvQwPszdNQczKao</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Zn86NSXT2b5b3mbwKmD8RF-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 16 Nov 2021 16:51:40 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:47:22 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Zn86NSXT2b5b3mbwKmD8RF-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A stack of three white blocs next to a blue panel saying &amp;#039;Digital Identity Webcast Series&amp;#039;]]></media:description>                                                            <media:text><![CDATA[A stack of three white blocs next to a blue panel saying &amp;#039;Digital Identity Webcast Series&amp;#039;]]></media:text>
                                <media:title type="plain"><![CDATA[A stack of three white blocs next to a blue panel saying &amp;#039;Digital Identity Webcast Series&amp;#039;]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Zn86NSXT2b5b3mbwKmD8RF-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>How do you secure your workforce when the traditional security perimeter of the office is gone? Identity is the new perimeter, and zero trust is the way to protect it. </p><p>In this episode of the Digital Identity Webcast series, security experts discuss: </p><ul><li>How modern identity helps you manage separate identification policies across on-premises and cloud</li><li>The business goals of zero trust</li><li>Where many organisations are on their zero trust journey</li></ul><p>The companies that are thriving today are those that are leveraging cloud - and safely accessing their cloud applications with a modern IAM solution. Get started today.</p><p><em>Provided by </em></p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="aVingsbZaxsFEzjgWucZgF" name="" alt="Okta logo" src="https://cdn.mos.cms.futurecdn.net/aVingsbZaxsFEzjgWucZgF.png" mos="https://cdn.mos.cms.futurecdn.net/aVingsbZaxsFEzjgWucZgF.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/49424/form-9554?locale=1&p=false&wp=7985"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ IBM launches SASE services  ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/cloud/cloud-computing/360692/ibm-launches-sase-services</link>
                                                                            <description>
                            <![CDATA[ Zscaler provides zero-trust component for cloud-based IBM security play ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">aZjAW5u5DfMJf7WULkCKu4</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/C7kkcUp5VB2hwgVPJUDHLg-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 25 Aug 2021 16:46:10 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:43:40 +0000</updated>
                                                                                                                                            <category><![CDATA[Technology]]></category>
                                                                                                                    <dc:creator><![CDATA[ Danny Bradbury ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/C7kkcUp5VB2hwgVPJUDHLg-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[IBM logo on the side of a building]]></media:description>                                                            <media:text><![CDATA[IBM logo on the side of a building]]></media:text>
                                <media:title type="plain"><![CDATA[IBM logo on the side of a building]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/C7kkcUp5VB2hwgVPJUDHLg-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="https://www.itpro.com/tag/ibm" data-original-url="https://www.itpro.com/search/ibm">IBM</a> has unveiled a set of secure access service edge (SASE) solutions to help customers secure complex distributed work environments. </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-security/359074/why-sase-is-on-the-rise" data-original-url="/security/cyber-security/359074/why-sase-is-on-the-rise">Why SASE is on the rise</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/server-storage/high-performance-computing-hpc/360650/ibm-telum-ai-chip-fraud-detection-official" data-original-url="/server-storage/high-performance-computing-hpc/360650/ibm-telum-ai-chip-fraud-detection-official">IBM unveils on-chip AI accelerator for fraud detection</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/mobile/5g/360538/ibm-and-verizon-expand-texas-lab-to-test-new-5g-use-cases" data-original-url="/mobile/5g/360538/ibm-and-verizon-expand-texas-lab-to-test-new-5g-use-cases">IBM and Verizon expand Texas lab to test new 5G use cases</a></p></div></div><p>SASE is a concept first articulated by <a href="https://www.itpro.com/tag/gartner" data-original-url="https://www.itpro.com/tags/gartner">Gartner</a> in a 2019 white paper. It combines security and <a href="https://www.itpro.com/software-defined-wide-area-network-sd-wan/33346/what-is-sd-wan" data-original-url="https://www.itpro.com/software-defined-wide-area-network-sd-wan/33346/what-is-sd-wan">SD-WAN</a> in a cloud-based approach designed to embed <a href="https://www.itpro.com/security" data-original-url="https://www.itpro.com/security">security</a> directly into the network. This enables companies to apply security policies in the cloud that govern users no matter where they are. </p><p>Because the network and security are <a href="https://www.itpro.com/software" data-original-url="https://www.itpro.com/software">software</a>-defined, administrators can manage them programmatically, making it easier to update these policies across the organization. </p><p>IBM Security Services for SASE is an end-to-end offering covering strategic consulting, design and integration, and application onboarding. It also encompasses a set of managed security services in the cloud to protect user sessions and data, such as secure web gateways, cloud-based firewalls, cloud access security broker services and data loss prevention. </p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="hqxjmaqbxyxnQ7e4kT2cXa" name="hqxjmaqbxyxnQ7e4kT2cXa.jpg" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/hqxjmaqbxyxnQ7e4kT2cXa.jpg" mos="https://cdn.mos.cms.futurecdn.net/hqxjmaqbxyxnQ7e4kT2cXa.jpg" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>The secure cloud configuration imperative</strong></p><p class="fancy-box__body-text">The central role of cloud security posture management</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/359672/the-secure-cloud-configuration-imperative" data-original-url="/cloud/359672/the-secure-cloud-configuration-imperative">FREE DOWNLOAD</a></p></div></div><p><a href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust" data-original-url="https://www.itpro.com/security/network-security/358282/what-is-zero-trust">Zero-trust</a> security is another big component of SASE. This part of the solution removes implicit trust for people that access the network and verifies their identity when accessing resources inside the company's infrastructure. Zscaler, with which IBM partnered in May, will provide the zero-trust functionality for IBM's SASE portfolio. </p><p>IBM sees potential for its SASE services in areas such as hybrid workforce access, contractor and third-party access, and <a href="https://www.itpro.com/cloud/31389/what-is-edge-computing" data-original-url="https://www.itpro.com/cloud/31389/what-is-edge-computing">edge computing</a> scenarios. It can also help to secure businesses undergoing mergers and acquisitions, the company said. </p><p><a href="https://www.itpro.com/cloud/31389/what-is-edge-computing" data-original-url="https://www.itpro.com/cloud/31389/what-is-edge-computing">IBM commissioned a study from Forrester</a> to support its SASE roll-out, and it found 60% of companies lacked a clear security strategy spanning their entire cloud deployment.</p><p>Most companies (70%) found it challenging to implement centralized security controls across multi-cloud environments, while almost two-thirds found it difficult to secure their remote and in-office employees across multiple devices and locations. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ McAfee’s zero trust solution strengthens private applications’ security ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/cyber-security/360465/mcafees-zero-trust-solution-strengthens-private-applications</link>
                                                                            <description>
                            <![CDATA[ MVISION Private Access grants secure access to private resources from any device or location ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">iB2ATANbSMFr4uciF1vzY3</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/hi7t87AjBop3kGL36UuQDF-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 03 Aug 2021 17:42:41 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:54:25 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Praharsha Anand ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/hi7t87AjBop3kGL36UuQDF-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The McAfee company logo hung above the entrance to company offices]]></media:description>                                                            <media:text><![CDATA[The McAfee company logo hung above the entrance to company offices]]></media:text>
                                <media:title type="plain"><![CDATA[The McAfee company logo hung above the entrance to company offices]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/hi7t87AjBop3kGL36UuQDF-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>McAfee has launched MVISION Private Access to safeguard private applications deployed across hybrid IT environments.</p><p>“As private applications increasingly move to the <a href="https://www.itpro.com/cloud" data-original-url="https://www.itpro.com/tags/cloud">cloud</a>, organizations are rapidly adopting Zero Trust Network Access due to its <a href="https://www.itpro.com/security" data-original-url="https://www.itpro.com/security">security</a> and flexibility advantages compared to VPN,” explained Christopher Rodriguez, research director at IDC Network Security. </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/antivirus/359674/mcafee-to-refund-customers-following-cma-investigation" data-original-url="/security/antivirus/359674/mcafee-to-refund-customers-following-cma-investigation">McAfee to refund customers following CMA auto-renew probe</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/business-strategy/mergers-and-acquisitions/358810/mcafee-to-sell-enterprise-business-to-stg-for" data-original-url="/business-strategy/mergers-and-acquisitions/358810/mcafee-to-sell-enterprise-business-to-stg-for">McAfee to sell enterprise business to STG for £2.8 billion</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/357669/mcafee-75-million-attacks-on-cloud-accounts-recorded-in-q2" data-original-url="/security/357669/mcafee-75-million-attacks-on-cloud-accounts-recorded-in-q2">McAfee: 7.5 million attacks on cloud accounts recorded in Q2</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/business/business-strategy/357270/mcafee-files-to-go-public-in-sec-submission" data-original-url="/business/business-strategy/357270/mcafee-files-to-go-public-in-sec-submission">McAfee files to go public in SEC submission</a></p></div></div><p>“However, organizations need to recognize that private applications are just as likely to pose a data theft risk as SaaS apps, and that this risk needs to be mitigated.”</p><p>Upending the zero trust network access (ZTNA) arena, McAfee’s MVISION Private Access offers “granular zero trust" access to private applications hosted in private, public, or <a href="https://www.itpro.com/cloud/hybrid-cloud/357216/hybrid-cloud-the-new-architecture-for-todays-business" data-original-url="https://www.itpro.com/cloud/hybrid-cloud/357216/hybrid-cloud-the-new-architecture-for-todays-business">hybrid cloud</a> environments. </p><p>By leveraging McAfee’s <a href="https://www.itpro.com/security/28968/the-importance-of-endpoint-security" data-original-url="https://www.itpro.com/security/28968/the-importance-of-endpoint-security">Endpoint Security</a> for threat detection and remediation, the platform performs continuous risk assessment by monitoring device posture. Furthermore, MVISION Private Access is integrated with MVISION Unified Cloud Edge (UCE), enabling unified visibility and control across clouds, private applications, web, and endpoints.</p><p>MVISION Private Access’s other interesting features include remote browser isolation (RBI), granular controls for unmanaged devices, endpoint security and posture assessment, direct-to-app access, and more.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="4BCvbZowg9SJqNeQxYKsxk" name="4BCvbZowg9SJqNeQxYKsxk.jpg" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/4BCvbZowg9SJqNeQxYKsxk.jpg" mos="https://cdn.mos.cms.futurecdn.net/4BCvbZowg9SJqNeQxYKsxk.jpg" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>2021 IBM Security X-Force Insider Threat Report</strong></p><p class="fancy-box__body-text">Top discovery methods and recommendations for insider attacks</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-security/360176/2021-ibm-security-x-force-insider-threat-report" data-original-url="/security/cyber-security/360176/2021-ibm-security-x-force-insider-threat-report">FREE DOWNLOAD</a></p></div></div><p>Lastly, MVISION Private Access includes built-in identity and access management (IAM) and <a href="https://www.itpro.com/security/29982/what-is-two-factor-authentication" data-original-url="https://www.itpro.com/security/29982/what-is-two-factor-authentication">multi-factor authentication (MFA)</a> solutions, enabling strong authentication and context-based access control. </p><p>“ZTNA is built for cloud-first deployments, simplifying technology stacks, reducing cost and complexity, and improving productivity. However, existing ZTNA solutions lack the data-centric security controls associated with cloud and web security needed to secure today’s increasing remote connections,” said Shishir Singh, chief product officer at McAfee Enterprise. </p><p>Singh added, “MVISION Private Access unlocks secure, seamless and ultra-fast access to private applications for remote workforces and eliminates the additional <a href="https://www.itpro.com/hardware" data-original-url="https://www.itpro.com/hardware">hardware</a> costs, time-consuming setup process and complicated architecture associated with traditional <a href="https://www.itpro.com/security/27098/best-vpn-services" data-original-url="https://www.itpro.com/security/27098/best-vpn-services">VPN</a>s.”</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Kemp’s Zero Trust Gateway fortifies sensitive applications’ security  ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/cyber-security/359638/kemps-zero-trust-architecture-gateway-fortifies-sensitive</link>
                                                                            <description>
                            <![CDATA[ The new architecture enables granular conditional access for organizations’ proxied applications ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">cRC2aKVAasXAdLBiCFJtJX</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/LSJrDLL3V6PnCGuztpouk4-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 21 May 2021 15:28:48 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:53:02 +0000</updated>
                                                                                                                                            <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Praharsha Anand ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/LSJrDLL3V6PnCGuztpouk4-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Metallic Zero Trust on a gray background with padlocks]]></media:description>                                                            <media:text><![CDATA[Metallic Zero Trust on a gray background with padlocks]]></media:text>
                                <media:title type="plain"><![CDATA[Metallic Zero Trust on a gray background with padlocks]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/LSJrDLL3V6PnCGuztpouk4-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Kemp has launched a low-friction <a href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust" data-original-url="https://www.itpro.com/security/network-security/358282/what-is-zero-trust">Zero Trust</a> Access Gateway (ZTAG) architecture to help organizations implement zero trust policies across their application ecosystems.</p><p>“The increase in <a href="https://www.itpro.com/security/cyber-security/359567/cyber-attacks-against-organizations-increasing-as-more-staff-work" data-original-url="https://www.itpro.com/security/cyber-security/359567/cyber-attacks-against-organizations-increasing-as-more-staff-work">work-from-home</a>, <a href="https://www.itpro.com/cloud/hybrid-cloud/357216/hybrid-cloud-the-new-architecture-for-todays-business" data-original-url="https://www.itpro.com/cloud/hybrid-cloud/357216/hybrid-cloud-the-new-architecture-for-todays-business">hybrid cloud</a>, BYOD, and <a href="https://www.itpro.com/cloud-computing/28037/what-is-iot" data-original-url="https://www.itpro.com/cloud-computing/28037/what-is-iot">IoT</a> blurs the border between what is <a href="https://www.itpro.com/infrastructure/server-storage/356955/it-pro-live-why-on-premise-isnt-a-dirty-word" data-original-url="https://www.itpro.com/infrastructure/server-storage/356955/it-pro-live-why-on-premise-isnt-a-dirty-word">on premises</a> and what is beyond the perimeter. This raises new challenges around maintaining <a href="https://www.itpro.com/policy-legislation/compliance/354495/testing-for-compliance-just-became-easier" data-original-url="https://www.itpro.com/policy-legislation/compliance/354495/testing-for-compliance-just-became-easier">compliance</a> and a consistent <a href="https://www.itpro.com/security" data-original-url="https://www.itpro.com/security">security</a> posture without detriment to the easy access to services for users,” said Kemp.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/enterprise-security/358751/microsoft-doubles-down-on-zero-trust-security-policies" data-original-url="/security/enterprise-security/358751/microsoft-doubles-down-on-zero-trust-security-policies">Microsoft doubles down on zero trust security policies</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust" data-original-url="/security/network-security/358282/what-is-zero-trust">What is zero trust?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/358070/the-inevitable-ascent-of-zero-trust" data-original-url="/security/358070/the-inevitable-ascent-of-zero-trust">The inevitable ascent of zero trust</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/cloud-security/357119/why-it-leaders-should-consider-a-zero-trust-network-access-strategy" data-original-url="/cloud/cloud-security/357119/why-it-leaders-should-consider-a-zero-trust-network-access-strategy">Why IT leaders should consider a zero trust network access strategy</a></p></div></div><p>Kemp’s zero trust architecture enables secure <a href="https://www.itpro.com/tag/remote-access" data-original-url="https://www.itpro.com/remote-access">remote access</a> to load-balanced web applications through a suite of policy-based access control services, including active traffic steering, intelligent content-based routing, and contextual identity validation.</p><p>ZTAG also allows for Identity Provider (iDP) integration, so businesses can validate clients’ credentials before granting access to sensitive applications.</p><p>Kemp LoadMaster actively directs traffic based on the geographical location of customers and security zone levels of backend services, adding an extra layer of security. Several factors influence service access, including security group membership, source network, and information embedded in <a href="https://www.itpro.com/network-internet/30416/http-vs-https-what-difference-does-it-make-to-security" data-original-url="https://www.itpro.com/network-internet/30416/http-vs-https-what-difference-does-it-make-to-security">HTTP</a> communication.</p><p>An embedded web application firewall (WAF) and intrusion prevention system (IPS) on Kemp identifies violations in authenticated client traffic and prevents exploits from taking place.</p><p>Organizations can also apply granular restrictions to application and user access depending on clients’ security zones and identities. For instance, a client in security zone A can only read, while those in security zone B may be trusted to execute read and write operations.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="AKkGYsfmHkvE9CEuHNKm2B" name="AKkGYsfmHkvE9CEuHNKm2B.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/AKkGYsfmHkvE9CEuHNKm2B.png" mos="https://cdn.mos.cms.futurecdn.net/AKkGYsfmHkvE9CEuHNKm2B.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Rise to the challenge</strong></p><p class="fancy-box__body-text">Shaping the workplace of the future</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/business-strategy/flexible-working/359292/rise-to-the-challenge" data-original-url="/business-strategy/flexible-working/359292/rise-to-the-challenge">FREE DOWNLOAD</a></p></div></div><p>Kemp’s other interesting features include <a href="https://www.itpro.com/security/29982/what-is-two-factor-authentication" data-original-url="https://www.itpro.com/security/29982/what-is-two-factor-authentication">multi-factor authentication</a> (MFA), automated configuration and deployment via REST-based policy builder, application reverse proxying, and multi-network service publishing.</p><p>"Zero trust is the future of application access and continues to gain traction for customers," said Jason Dover, VP of product strategy at Kemp.</p><p>"Kemp is leveraging the privileged position of the load balancer combined with our extensible automation framework to help customers simplify the introduction of a zero trust model into their application ecosystem."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Four key benefits Zero Trust can bring to your channel firm ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/366925/four-key-benefits-zero-trust-can-bring-to-your-channel-firm</link>
                                                                            <description>
                            <![CDATA[ Clients need strategic partners rather than those who just throw buzzwords into their sales pitches, claims Scott Walker ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">6KJstJBZjBgXR6LZBye3nu</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/GXPUCybF5xfZTNWiRCeNu9-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 28 Apr 2021 13:10:03 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:50:40 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Scott Walker ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/GXPUCybF5xfZTNWiRCeNu9-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Abstract visualisation of padlock icon]]></media:description>                                                            <media:text><![CDATA[Abstract visualisation of padlock icon]]></media:text>
                                <media:title type="plain"><![CDATA[Abstract visualisation of padlock icon]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/GXPUCybF5xfZTNWiRCeNu9-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The IT industry has long had a problem with buzzwords, with marketing teams latching onto the latest trends and using them to push their products as ‘the next big thing’. It’s even more pronounced in cyber security, where buzzwords can be backed up with a dose of fear, uncertainty, and doubt over new threats.</p><p>As a result, it can be difficult for buyers to parse the genuinely valuable solutions from those that simply have the latest buzzwords thrown into their sales pitches. This makes it more challenging for partners to decide which solutions to bring into their portfolio and can also make it more difficult for them to cut through the noise and sell successfully. </p><p>Zero Trust is one such trend, providing increased assurance that only trusted identities are able to access critical networks, systems and data. It’s become particularly beneficial as organisations must now deal with a largely remote workforce that falls outside the scope of normal processes.</p><p>However, there are a few barriers to implementing this model that may have some organisations holding back. Nevertheless, there's a real opportunity for channel firms in adding Zero Trust to their portfolio. While Zero Trust is time and resource-intensive, the value that it adds can make taking the plunge more worthwhile. Based on our experience with our growing channel community, here are four real-world outcomes partners can achieve if they invest in Zero Trust. </p><h3 class="article-body__section" id="section-establishing-strategic-value"><span>Establishing strategic value</span></h3><p>Partners should be striving to create strong, long-term strategic relationships with their clients rather than simply selling products on a transactional basis. Establishing a role as a trusted adviser can vastly improve customer retention and the lifetime value of a customer. </p><p>Zero Trust is ideally suited for forging or strengthening this relationship. Partners have an opportunity to play a major role in the delivery of the Zero Trust model, which will impact the wider security strategy, providing further opportunity to establish their credibility as a trusted adviser and deliver more value. </p><h3 class="article-body__section" id="section-increasing-the-share-of-income"><span>Increasing the share of income</span></h3><p>Zero Trust is not a specific, singular product, but a framework incorporating technology across five main areas: people, data, devices, networks, and workloads. All of these areas are supported by a process of continual improvement that delivers visibility and automation. </p><p>This means that helping to deliver a Zero Trust model creates a huge opportunity to influence and support the wider security strategy of the organisation. Partners with the right services and solutions can significantly increase their share of wallet by providing all the products and services the customer needs to continue on their Zero Trust journey. </p><h3 class="article-body__section" id="section-establishing-39-ztaas-39"><span>Establishing 'ZTaaS'</span></h3><p>Zero Trust is not a “one and done” type of solution that can be delivered and signed off but is a project of continual improvement. Because it spans multiple pillars of technology, channel partners can establish an MSP agreement that delivers service engagements across their portfolio. </p><p>A Zero Trust as a service (ZTaaS) package will both provide the partner with multiple, repeatable streams of revenue, and ensure that the customer has access to best of breed, marketing leading solutions. </p><h3 class="article-body__section" id="section-safeguarding-gross-product-margins"><span>Safeguarding gross product margins</span></h3><p>Achieving and maintaining high gross product margins is always a challenge when rivals are offering competing bids offering like-for-like comparison or undercutting on price. </p><p>The powerful differentiator created by becoming an established, strategic adviser ensures that channel partners are shielded against competing bids that are sold on price alone. The more involved a partner is in the Zero Trust project, the more strategic and financial sense it will make for the customer to expand the existing relationship rather than explore competing bids. </p><h3 class="article-body__section" id="section-seizing-the-opportunity"><span>Seizing the opportunity</span></h3><p>Zero Trust has a huge potential global market, with the majority of security teams planning to adopt the model in future, and many already implementing a framework. Business needs have, of course, changed drastically in recent months due to COVID-19, and the model’s ability to manage user authentication has become more important for dealing with remote workforces. </p><p>Organisations need strategic partners that can genuinely deliver the technology, services and expertise needed to implement a successful Zero Trust model, rather than those that are simply throwing the latest buzzwords into their sales pitches. Partners equipped to meet these needs have a powerful opportunity to create and maintain highly valued and long-lasting strategic relationships.</p><p><em>Scott Walker is senior director for channel and alliances for EMEA at Illumio</em></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft doubles down on zero trust security policies ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/enterprise-security/358751/microsoft-doubles-down-on-zero-trust-security-policies</link>
                                                                            <description>
                            <![CDATA[ New features across Azure, Microsoft 365 and Defender aim to protect customers against external breaches and insider threats ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">cbdofwqXYptuWsWTVTBiTM</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/N4CFmjp7ckcWHZFiXF4cwa-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 02 Mar 2021 14:00:00 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:54:51 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ keumars.afifi-sabet@futurenet.com (Keumars Afifi-Sabet) ]]></author>                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/N4CFmjp7ckcWHZFiXF4cwa-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Microsoft logo and a padlock placed on a black keyboard]]></media:description>                                                            <media:text><![CDATA[The Microsoft logo and a padlock placed on a black keyboard]]></media:text>
                                <media:title type="plain"><![CDATA[The Microsoft logo and a padlock placed on a black keyboard]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/N4CFmjp7ckcWHZFiXF4cwa-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Microsoft has launched new functionality across its Azure Active Directory (AD) authentication portal and Microsoft 365 to advance its <a href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust" data-original-url="https://www.itpro.com/security/network-security/358282/what-is-zero-trust">zero trust security strategy</a> and protect its customers against insider threats. </p><p>‘Zero trust’ is a security strategy based on the need for businesses to adapt to increasingly sophisticated threats, and is based on the assumption that nothing within the corporate network can be trusted. </p><p>Microsoft is among a <a href="https://www.itpro.com/security/358063/aws-ciso-urges-companies-to-adopt-zero-trust-security-approach" target="_blank" data-original-url="https://www.itpro.com/security/358063/aws-ciso-urges-companies-to-adopt-zero-trust-security-approach">handful of tech companies</a> to adopt these policies in a meaningful way over the past few years, with features revealed at its Ignite 2021 conference in Azure AD and Microsoft 365 bolstering the firm’s zero trust capabilities. </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust" data-original-url="/security/network-security/358282/what-is-zero-trust">What is zero trust?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/358063/aws-ciso-urges-companies-to-adopt-zero-trust-security-approach" data-original-url="/security/358063/aws-ciso-urges-companies-to-adopt-zero-trust-security-approach">AWS CISO urges companies to adopt a zero-trust security approach</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/network-internet/virtual-private-network-vpn/355421/google-launches-beyondcorp-remote-access-to" data-original-url="/network-internet/virtual-private-network-vpn/355421/google-launches-beyondcorp-remote-access-to">Google Launches BeyondCorp Remote Access to lessen the burden on enterprise VPNs</a></p></div></div><p><a href="https://www.itpro.com/security/cyber-security/354468/if-not-passwords-then-what" target="_blank" data-original-url="https://www.itpro.com/security/cyber-security/354468/if-not-passwords-then-what">Passwordless authentication</a> is now generally available in AD across all cloud and hybrid environments, with users able to use <a href="https://www.itpro.com/security/29705/what-are-biometrics" target="_blank" data-original-url="https://www.itpro.com/security/29705/what-are-biometrics">biometrics</a>, Windows Hello for Business, the Microsoft Authenticator app or FIDO2 security key to log-in.</p><p>The policy engine Azure AD Conditional Access now uses authentication context to enforce more granular policies based on user interactions within an app, also taking into account the sensitivity of data they’re trying to access. </p><p>Verifiable credentials, which lets organisations confirm pieces of information on their employees such as education or professional certificates, is also entering public preview within the next few weeks. This verifies claims made without collecting any personal data. The government of Flanders and the NHS are already piloting this service.</p><p>“As defenders ourselves, we are passionate proponents of a Zero Trust mindset, encompassing all types of threats - both outside in and inside out,” said Microsoft’s corporate VP for security, compliance and identity, Vasu Jakkal.</p><p>“We believe the right approach is to address security, compliance, identity, and device management as an interdependent whole, and to extend protection to all data, devices, identities, platforms, and clouds – whether those things are from Microsoft, or not.”</p><p>Changes in Microsoft 365 are largely based on trying to <a href="https://www.itpro.com/security/data-breaches/357545/insider-data-breaches-third-2021" target="_blank" data-original-url="https://www.itpro.com/security/data-breaches/357545/insider-data-breaches-third-2021">eliminate the insider threat</a>, both malicious and unwitting, with the firm investing in creating inside-out protection by extending its capabilities to third parties.</p><p>Improvements in compliance include co-authoring documents protected with Microsoft Information Protection, which allows multiple users to work simultaneously on documents while benefitting from the extensive protection for documents and emails across Microsoft 365 apps.</p><p>Microsoft 365’s Insider Risk Management Analytics will allow customers to identify potential insider risk activity within an organisation, which will then inform policy configurations. Tools include daily scans of tenant audit logs, including historical activities, with <a href="https://www.itpro.com/strategy/28071/what-is-machine-learning" target="_blank" data-original-url="https://www.itpro.com/strategy/28071/what-is-machine-learning">machine learning</a> used to identify any risky activity.</p><p>Azure Pureview, Microsoft’s unified government platform for on-premises, multi-cloud and software as a service (Saas) data, can also be used to scan and classify data residing in AWS S3 buckets, SAP EEC, SAP S4/HANA and Oracle Database.</p><p>“Adopting a Zero Trust strategy is a journey,” Jakkal continued. “Every single step you take will make you more secure. In today’s world, with disappearing corporate network perimeters, identity is your first line of defence. </p><p>“While your Zero Trust journey will be unique, if you are wondering where to start, our recommendation is to start with a strong cloud identity foundation. The most fundamental steps like strong authentication, protecting user credentials, and protecting devices are the most essential.”</p><p>Microsoft is also launching what it calls an “assume breach” toolset, which comprises tools and features that can help customers adopt the assume breach mentality without being hampered by the complexity that it can often entail. This is a critical component of the overall zero trust umbrella. </p><p>Among the improvements, <a href="https://www.itpro.com/desktop-software/26635/how-to-turn-on-windows-defender" target="_blank" data-original-url="https://www.itpro.com/desktop-software/26635/how-to-turn-on-windows-defender">Microsoft Defender</a> for Endpoint and Defender for Office 365 customers can now probe threats directly from the Microsoft 365 Defender portal, which provides alerts and in-depth investigation pages. A Threat Analytics section also provides a set of reports from Microsoft security researchers that help customers understand, prevent and mitigate active threats.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Supporting customers on their zero trust journey ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/366818/supporting-customers-on-their-zero-trust-journey</link>
                                                                            <description>
                            <![CDATA[ Adrian Rowley discusses how partners can help customers adopt this new security mindset ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">sLVrcqt9kPUa7HbNRFJUEZ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/QPZegrKvNtCsE8SurFUDf3-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 03 Feb 2021 13:02:41 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:49:57 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Adrian Rowley  ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/QPZegrKvNtCsE8SurFUDf3-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Hand reaching for other hand]]></media:description>                                                            <media:text><![CDATA[Hand reaching for other hand]]></media:text>
                                <media:title type="plain"><![CDATA[Hand reaching for other hand]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/QPZegrKvNtCsE8SurFUDf3-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The cyber security landscape has been completely transformed over the last 12 months, with the majority of organisations seeing a rise in threats since the beginning of last year. The era of remote working has only exacerbated this problem due to workers accessing networks at any time, from anywhere, with their personal or work devices, through their home or public Wi-Fi connections. Coupled with employee disengagement, this makes an organisation far more vulnerable to attack. </p><p>For channel partners set on providing a positive customer experience, it’s essential this raised threat level is acknowledged, at the very least. They should be prepared to support customers in tackling their security challenges, acting as key advisors in the mission to address client pain points by offering bespoke services.</p><p>A good place to start for many channel partners working to support CIO/CISOs and their teams is encouraging a zero trust model. This is an important aspect in the era of digital transformation and remote working, and channel partners can be well-placed leverage their knowledge of it so it can become a beneficial framework for customers.</p><h3 class="article-body__section" id="section-a-new-way-of-thinking"><span>A new way of thinking </span></h3><p>To create security resilience in times of uncertainty, companies must move away from the idea that any asset or user within the network perimeter can be trusted. It’s necessary for channel partners to help customers understand that zero trust is neither a technology nor a setup, but instead an attitude.</p><p>It’s a concept that requires every user, including internal members of an organisation, to be regularly authenticated. Because it’s impossible to monitor what you can’t see, moreover, companies need help to obtain a clear view of everything that’s happening on their network. </p><p>Zero trust typically involves negative connotations stemming from the idea that ‘no one is trusted’. Fortunately, opinions on zero trust have started to shift, especially because it allows IT and security leaders much more control at a time where networks are only getting more dispersed and complex. Rather than the inherent trust previously offered to those inside the network, a lack of visibility, increase in endpoints and dramatic shift to the usage of personal devices means it’s less practical to trust those within the network. </p><p>While it may come as a culture shock to some, this philosophy will expand in 2021 and become the ideal security architecture as hybrid working takes precedence. With more and more businesses adopting zero trust, it’s becoming one of the most sought-after methods to combat the expanding threatscape - and rightly so. </p><h3 class="article-body__section" id="section-the-cyber-crime-fightback"><span>The cyber crime fightback</span></h3><p>For channel partners to stay relevant, they must share their technical knowledge with clients and become an active part of their zero trust journeys. Shifting to this model is no easy feat but it’s imperative to ensure fool-proof protection at a time when IT environments are complicated by a fluid workforce and fiercer cyber attacks than ever. There are three steps that can truly benefit channel partners, allowing them to help their customers succeed in this challenging landscape:</p><p><strong>Communicate</strong><strong>:</strong> Zero trust is not a new idea, yet it’s one that can often be misunderstood. With proper communication, channel partners can explain the processes, correct company culture and recommend best network visibility tools that all contribute towards creating the ideal environment. They will begin to gain the customer’s trust and step into the role of a supportive ally in the face of escalating cyber attacks.</p><p><strong>Understand:</strong> Following a challenging financial year for many, channel partners need to understand their customers won’t have huge budgets which can be used to invest in new technologies. Rather, partners must tailor their proposals to what is realistic for the organisation by implementing technologies that will help optimise their existing investments.</p><p><strong>Demonstrate</strong><strong>:</strong> While security will be a big concern for many companies, it won’t be their sole focus. It’s important that channel firms demonstrate how a zero trust mindset may help their customers in more ways than one. This architecture can help to boost employee productivity, as well as allow the wider business to better cope with the current climate. With potentially sensitive data flowing between corporate networks and personal devices, a framework that increases security, reducing the threat of breaches from internal and external sources, without impacting productivity is a no-brainer. As long as channel partners demonstrate the benefits of zero trust, it’ll be difficult for clients to ignore its potential. </p><p>Cyber security worries are plaguing many businesses. While employee engagement weakens as further lockdown restrictions are put in place, this remote and distributed landscape looks set to sta. However, embarking on a zero trust journey is an effective means to fight back against cyber crime, with many more IT leaders adopting the philosophy. If channel partners want to help their customers emerge victorious this year, they should embrace the zero trust mindset and become the support system for every business looking to invest in cybersecurity. </p><p><em>Adrian Rowley is senior director sales engineering EMEA with Gigamon</em></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ What is Zero Trust? ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/network-security/358282/what-is-zero-trust</link>
                                                                            <description>
                            <![CDATA[ Zero Trust is the protection framework sweeping the cyber security industry. Here's what you need to know ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">jsKyb56jZoYxyRsAtpUPcR</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/HHD2EtATaAQrgDqHgB2mCY-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 11 Jan 2021 12:21:07 +0000</pubDate>                                                                                                                                <updated>Wed, 23 Oct 2024 15:40:50 +0000</updated>
                                                                                                                                            <category><![CDATA[Cyber Crime]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Drew Turney ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/6H5MTKayRu4E8ukZSEVkHX.jpeg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Drew Turney is a freelance journalist who has been working in the industry for more than 25 years. He has written on a range of topics including technology, film, science, and publishing.&lt;/p&gt;
&lt;p&gt;Since 1995, Drew has written for publications including MacWorld, PCMag, io9, Variety, Empire, GQ, and the Daily Telegraph.In all, he has contributed to more than 150 titles. He is an experienced interviewer, features writer, and media reviewer with a strong background in scientific knowledge.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;At &lt;em&gt;ITPro&lt;/em&gt;, Drew has written on the topics of smart manufacturing, cyber security certifications, computing degrees, data analytics, and mixed reality technologies.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;He has worked as a film reviewer for many years and has led a number of interviews with the cast and crew of notable films and has also written extensively on books, authors, and the publishing industry.&lt;/p&gt;
&lt;p&gt;Before entering the field of journalism full-time, Drew was a graphic designer. He spent time working on a combination of web and print media throughout the early 2000s, before pursuing freelance journalism as his sole pursuit in 2006.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/HHD2EtATaAQrgDqHgB2mCY-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Two hands clasped in a handshake, overlaid with circuit boards]]></media:description>                                                            <media:text><![CDATA[Two hands clasped in a handshake, overlaid with circuit boards]]></media:text>
                                <media:title type="plain"><![CDATA[Two hands clasped in a handshake, overlaid with circuit boards]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/HHD2EtATaAQrgDqHgB2mCY-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The pandemic upended a lot of things in the business world, but one thing it accelerated was remote access. More staff than ever before worked from home and systems and platforms like <a href="https://www.itpro.com/software/355486/zoom-review-are-we-alone-now">Zoom</a> got the kind of attention and publicity money can&apos;t buy.</p><p>Organizations both large and small scrambled to migrate applications and data to the cloud, embracing the <a href="https://www.itpro.com/hybrid-cloud/29668/what-is-hybrid-cloud"><u>hybrid cloud</u></a> model so we could access work from our home devices. The remote worker age finally arrived en masse.</p><p>However, some platforms simply hadn&apos;t been built for the new <a href="https://www.itpro.com/security/world-economic-forum-warns-of-growing-cyber-insecurity-amid-heightened-threat-landscape"><u>threat landscape</u></a> and were left scrambling to <a href="https://www.itpro.com/security/patch-management-why-firms-ignore-vulnerabilities-at-their-own-risk"><u>patch vulnerabilities</u></a> even as users and data generation skyrocketed. Since then, cyber attacks have risen sharply. During the first quarter of 2024, a report by security provider Check Point Research <a href="https://blog.checkpoint.com/research/shifting-attack-landscapes-and-sectors-in-q1-2024-with-a-28-increase-in-cyber-attacks-globally/"><u>recorded</u></a> a 28% surge in the number of cyber attacks compared to the previous quarter.</p><p>It&apos;s not just an issue of inadequately secured software; it&apos;s clear that that user education often falls short. A <a href="https://www3.weforum.org/docs/WEF_The_Global_Risks_Report_2022.pdf" target="_blank">report published by WEC</a> in 2022 found that 95% of cyber security incidents were the result of &apos;human error&apos;, with weak passwords, sharing work devices with family and friends, smartphones that aren&apos;t locked by default, and other unsafe behaviors still rife.</p><p>So along with giving workers the flexibility they now demanded, organizations needed to work harder than ever to fortify their domains and networks, and the devices that access them, against breaches. This had led to a rise in the so-called Zero Trust model, a paradigm change that might finally secure the remote work age.</p><h2 id="how-zero-trust-works">How Zero Trust works</h2><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:2291px;"><p class="vanilla-image-block" style="padding-top:56.26%;"><img id="bb5XzfLRpAzDPgd3wgwV9E" name="GettyImages-2132585085-zero-trust-crop" alt="A CGI render of a multi-colored padlock hologram, floating above computer hardware and surrounded by blue padlocks to represent zero trust security." src="https://cdn.mos.cms.futurecdn.net/bb5XzfLRpAzDPgd3wgwV9E.jpg" mos="" align="middle" fullscreen="" width="2291" height="1289" attribution="" endorsement="" class=""></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p>The old methodology – castle and moat security – assumed that all devices and applications inside the network perimeter were trusted in perpetuity as long as they&apos;d been onboarded according to security protocols. But security analysts and providers were saying as long ago as 2022 such an approach had no place in a remote work, cloud-enabled world.</p><p>Zero Trust means exactly what it says – every request from an application, device, human operator, or process is treated with suspicion and blocked until it can be proven to be trustworthy. It&apos;s also built on the awareness that the point of infiltration is only the doorway, not the target. That means it has multiple verification methods like <a href="https://www.itpro.com/security/29982/what-is-two-factor-authentication"><u>two-factor authentication (2FA)</u></a> or micro-segmentation for users or processes even after they&apos;ve logged in.</p><p>This also prevents attackers from carrying out lateral attacks, spreading throughout a victim’s network, after gaining initial access.</p><p>Zero Trust is catching on fast as a security model. The market is expected to be worth over $82.45 billion (£63 billion) by 2030, according to Grand View Research <a href="https://www.grandviewresearch.com/press-release/global-zero-trust-security-market"><u>data</u></a>, with small and medium-sized enterprises (SMEs) projected to drive the most growth in this area.</p><h2 id="what-strategies-does-a-zero-trust-network-model-use">What strategies does a Zero Trust network model use?</h2><p>One of Zero Trust&apos;s selling points is that it can be built into existing architectures by deploying systems and safeguards such as:</p><p><strong>Least Privilege</strong></p><p>The principle of Least Privilege states that users, systems, and processes should be granted access only to those resources necessary to to perform their job function. Any time a user requests access to an application, process, data store, or domain, the request is judged against what is necessary for their role. Least privilege goes hand in hand with Zero Trust, building on that idea that access is blocked by default and only granted if a clear and valid reason is given.</p><p><strong>Identity and access management (IAM)</strong></p><p><a href="https://www.itpro.com/security/how-to-implement-identity-and-access-management-iam-effectively-in-your-business"><u>IAM</u></a> automates the processes of authenticating users and managing the appropriate levels of access for each user. IAM systems will provision users with access based on their role and de-provision employees who leave the company. This is often the workhorse behind a Zero Trust system, and the mechanism by which Least Privilege is enforced.</p><p><strong>Multi-factor authentication (MFA)</strong></p><p>Also very common in the consumer world, especially when logging in to sensitive accounts like finance, government, or health records, 2FA or MFA is simply making the user confirm an access request through an unrelated network vector like getting a code via SMS or email. This simply increases the robustness of an organization&apos;s authentication process, and makes it more likely that the person requesting access is who they say they are.</p><p><strong>Endpoint security</strong></p><p>Even before we started working from home, <a href="https://www.itpro.com/business/business-strategy/the-top-4-byod-risks-businesses-face"><u>bring your own device (BYOD)</u></a> was a popular methodology. The endpoints that workers use to access company information – whether their own or company-supplied – need to be properly secured with endpoint security software. This is usually achieved with endpoint detection and response (EDR) software, which is capable of monitoring devices, flagging any vulnerabilities, and automatically responding to threats.</p><p><strong>Segmentation</strong></p><p>Although common in other security models, segmentation plays a pivotal role in supporting the other strategies listed above and mitigating the impact of any breach. This method divides workloads into separate zones and secures them individually, creating more barriers that attackers would have to bypass. This is critical for ensuring that, should a breach occur, an attacker is unable to easily move between systems or user accounts.</p><h2 id="how-do-you-enact-zero-trust-in-an-organization">How do you enact Zero Trust in an organization?</h2><p>There is no one-size fits all process for implementing Zero Trust, although most resources will suggest following a broad approach of:</p><p><strong>1. </strong>Define your attack surface</p><p><strong>2. </strong>Implement security controls</p><p><strong>3. </strong>Architect your Zero Trust network</p><p><strong>4. </strong>Create policies that enforce Zero Trust</p><p><strong>5. </strong>Monitor and audit</p><p>Start by identifying your most sensitive information and silo it somewhere separate from everything else – automated discovery tools can help you decide which data flows are absolutely essential. </p><p>Next, create a map of the surrounding traffic so you know how it will be accessed, used and shared.</p><p>You can then architect your network and data structures into micro-segments that each need their own Zero Trust security verification to allow process and requests through.</p><p>Once your controls are in place, you need to support these with clear security policies. These are critical for ensuring employees follow correct procedures and that Zero Trust is enforced consistently across the enterprise.</p><p>Finally, the process of monitoring can begin, allowing you to assess how effective the approach has been implemented, and whether system performance or workflows have been adversely effected. Changes may need to be implemented following an audit.</p><p>If that all sounds complicated and unwieldy for users, the beauty is much of the verification can be automated, all working in the background and notifying human operators only when a request access isn&apos;t verified.</p><h2 id="the-challenges-of-implementing-zero-trust">The challenges of implementing Zero Trust</h2><p>Like all new technology approaches, Zero Trust can be complex and will seldom be cheap – although it will be far more cost effective than the average cost of a data breach, which <a href="https://www.ibm.com/reports/data-breach" target="_blank">IBM put at $4.45 million last year</a>. That&apos;s before considering the intangible, and possibly far more expensive, blow to the trustworthiness of your brand.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="aiNgm37C8uisAVy9qJkyEg" name="IBM_GettyImages-2128592887.jpg" caption="" alt="IBM logo  displayed at their pavilion during the Mobile World Congress in Barcelona, Spain, on February 28, 2024" src="https://cdn.mos.cms.futurecdn.net/aiNgm37C8uisAVy9qJkyEg.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/business/business-strategy/accelerated-gen-ai-powered-mainframe-app-modernization-with-ibm-watsonx-code-assistant-for-z"><em>Speed up code development and increase programmer productivity</em></a></p></div></div><p>It&apos;s possible to install Zero Trust in current generation architectures, but the IT team might have to purpose build segments into the network to establish access points. Do your sums and you might find it more cost effective to engage a security vendor and migrate to a new architecture with Zero Trust already built in.</p><p>You should also plan for a period of time post-implementation to allow for <a href="https://www.itpro.com/security/357406/four-tips-for-building-effective-security-awareness-training">staff training</a>, and potentially some customer education. While nobody wants their security landscape to be onerous and irritating, you have to get people used to new user management, even if it&apos;s convincing them that two-factor authentication is necessary.</p><p>Staff are now enjoying a mix of working from the office and home and many companies feel confident that they finally have their security architecture sorted out. The thought of adopting a whole new cyber security philosophy that will only cost more money may seem daunting, but since the costs of cyber crime are expected to rise to <a href="https://www.cobalt.io/blog/cybersecurity-statistics-2024">$10.5 trillion next year</a>, can you afford not to?</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ The inevitable ascent of zero trust ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/358070/the-inevitable-ascent-of-zero-trust</link>
                                                                            <description>
                            <![CDATA[ Ensure user activities are trustworthy without interrupting workflow ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">fLnUu4fzwcj2qKfEvqVrz</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/SpyGzZ2ynsUFzj48ZbjPhQ-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Wed, 09 Dec 2020 16:27:00 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:46:01 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/SpyGzZ2ynsUFzj48ZbjPhQ-1280-80.png">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[What is zero trust and how to implement it - whitepaper]]></media:description>                                                            <media:text><![CDATA[What is zero trust and how to implement it - whitepaper]]></media:text>
                                <media:title type="plain"><![CDATA[What is zero trust and how to implement it - whitepaper]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/SpyGzZ2ynsUFzj48ZbjPhQ-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="goEs3yXkEswdZYauMFGATd" name="" alt="BlackBerry logo" src="https://cdn.mos.cms.futurecdn.net/goEs3yXkEswdZYauMFGATd.jpg" mos="https://cdn.mos.cms.futurecdn.net/goEs3yXkEswdZYauMFGATd.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Zero trust is a security model built around the idea that nothing inside or outside of an organisation can be trusted. Read this whitepaper to consider how this model will impact your workforce and what benefits you can reap from implementing such a strategy. </p><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/blackberry-april-may-li-259027-1?locale=1&p=false&wp=5513"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ AWS CISO urges companies to adopt a zero-trust security approach ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/358063/aws-ciso-urges-companies-to-adopt-zero-trust-security-approach</link>
                                                                            <description>
                            <![CDATA[ Steve Schmidt outlines how his entire security strategy is based around the zero-trust philosophy ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">ji9cm5ZygKjRaDy3ozo1ES</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Pz3CFWeJxcZh89pBoB28YV-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 09 Dec 2020 13:25:02 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:45:39 +0000</updated>
                                                                                                                                            <category><![CDATA[Networking]]></category>
                                                    <category><![CDATA[Infrastructure]]></category>
                                                                                                <author><![CDATA[ keumars.afifi-sabet@futurenet.com (Keumars Afifi-Sabet) ]]></author>                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Pz3CFWeJxcZh89pBoB28YV-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Mockup image with padlocks to symbolise a cyber security vulnerability]]></media:description>                                                            <media:text><![CDATA[Mockup image with padlocks to symbolise a cyber security vulnerability]]></media:text>
                                <media:title type="plain"><![CDATA[Mockup image with padlocks to symbolise a cyber security vulnerability]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Pz3CFWeJxcZh89pBoB28YV-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Organisations should embrace the philosophy and principles of zero-trust security to keep up to date with modern demands and security threats, AWS’ <a href="https://www.itpro.com/careers/28228/ciso-job-description-what-does-a-ciso-do" target="_blank" data-original-url="https://www.itpro.com/careers/28228/ciso-job-description-what-does-a-ciso-do">chief information security officer (CISO)</a> Steve Schmidt has urged.</p><p>Adopting the core tenets of a zero-trust philosophy, including accessibility and usability, and ensuring you’re focusing on the <a href="https://www.itpro.com/security/28133/what-is-cyber-security" target="_blank" data-original-url="https://www.itpro.com/security/28133/what-is-cyber-security">core fundamentals of security</a>, will ensure businesses can eliminate needless risks in their IT estates.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-security/357250/the-new-world-of-cybersecurity" data-original-url="/security/cyber-security/357250/the-new-world-of-cybersecurity">The new world of cyber security</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/357783/ransomware-remains-the-top-cyber-security-risk-for-smbs" data-original-url="/security/357783/ransomware-remains-the-top-cyber-security-risk-for-smbs">Ransomware remains the top cyber security risk for SMBs</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/357717/uk-businesses-prioritise-cyber-security-pwc" data-original-url="/security/357717/uk-businesses-prioritise-cyber-security-pwc">UK businesses make cyber security a priority in light of COVID-19</a></p></div></div><p>Doing so, however, isn’t as straightforward as businesses may hope, according to Schmidt. This is because the term ‘zero-trust’ can mean different things in different contexts, with this ambiguity the product of a diversity of use cases to which it applies.</p><p>“Zero-trust is, to me, a set of mechanisms that focus on providing security controls around digital access and assets while not solely depending on traditional network controls or network perimeters,” he explained, speaking at AWS re:Invent 2020. </p><p>“In other words, we aren’t going to trust a user based only on their location within a traditional network. Instead, we want to augment network-centric models with additional techniques, which we would describe as identity-centric controls.”</p><p>An example of one such use case that he provided was human-to-application security, which is particularly relevant given the surge in people <a href="https://www.itpro.com/business-strategy/flexible-working/355658/the-it-pro-podcast-staying-sane-while-working-from-home" target="_blank" data-original-url="https://www.itpro.com/business-strategy/flexible-working/355658/the-it-pro-podcast-staying-sane-while-working-from-home">working from home</a> in 2020. Traditionally, applications sat behind a <a href="https://www.itpro.com/networking/27210/do-i-need-a-vpn" target="_blank" data-original-url="https://www.itpro.com/networking/27210/do-i-need-a-vpn">virtual private network (VPN)</a> front door, but these aren’t compatible with the diversity of devices that workers use to access work-related services. Applying zero-trust principles generates the objective to make the locks on applications effective enough that you can eliminate a VPN-based front door altogether.</p><p>Zero-trust principles have become far more popular across the industry of late, with a number of companies quick to adopt and promote this philosophy either as part of their own strategies or in their products. </p><p>BlackBerry, for example, announced <a href="https://www.itpro.com/security/357341/blackberry-persona-desktop-delivers-zero-trust-security-at-the-endpoint" data-original-url="https://www.itpro.com/security/357341/blackberry-persona-desktop-delivers-zero-trust-security-at-the-endpoint">Persona Desktop</a> in October, a security platform that uses artificial intelligence (AI) and <a href="https://www.itpro.com/strategy/28071/what-is-machine-learning" target="_blank" data-original-url="https://www.itpro.com/strategy/28071/what-is-machine-learning">machine learning</a> to detect user and entity behaviour abnormalities. Persona Desktop works at the endpoint, and eliminates the need to share data back to the cloud before the system acts, and also aims to protect against stolen credentials, <a href="https://www.itpro.com/security/29543/insider-threats-make-up-74-of-business-cyber-security-incidents" target="_blank" data-original-url="https://www.itpro.com/security/29543/insider-threats-make-up-74-of-business-cyber-security-incidents">insider threats</a>, and physical compromise.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="7X8jna5L2xkBc6pQDbfRiL" name="7X8jna5L2xkBc6pQDbfRiL.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/7X8jna5L2xkBc6pQDbfRiL.png" mos="https://cdn.mos.cms.futurecdn.net/7X8jna5L2xkBc6pQDbfRiL.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>Securing a remote workforce with a zero-trust strategy</strong></p><p class="fancy-box__body-text">Why zero-trust is the latest foundational cyber security construct for the modern workplace</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-security/357177/securing-a-remote-workforce-with-a-zero-trust-strategy" data-original-url="/security/cyber-security/357177/securing-a-remote-workforce-with-a-zero-trust-strategy">FREE DOWNLOAD</a></p></div></div><p>Google, too, launched a zero-trust remote access service <a href="https://www.itpro.com/network-internet/virtual-private-network-vpn/355421/google-launches-beyondcorp-remote-access-to" data-original-url="https://www.itpro.com/network-internet/virtual-private-network-vpn/355421/google-launches-beyondcorp-remote-access-to">known as BeyondCorp Remote Access</a> earlier this year that’s designed to give remote teams access to their internal applications without the need for a VPN.</p><p>As part of Schmidt’s outline of AWS’ security strategy, he also proposed a set of questions that businesses and IT administrators should ask about their organisation’s security configuration. Elements such as where the perimeter is, and how large it is, as well as how easy it might be to monitor and audit, should be considered. </p><p>Schmidt also, by way of example, suggested that while VPNs are fine to use for network isolation, it would be best to make the implementation dynamic and hidden from the user experience. This might lead to users not even noticing that network boundaries are being created and torn down as required.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ BlackBerry Persona Desktop delivers zero-trust security at the endpoint ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/357341/blackberry-persona-desktop-delivers-zero-trust-security-at-the-endpoint</link>
                                                                            <description>
                            <![CDATA[ New security solution learns user behavior and can take action if there’s an abnormality ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">9RTW3f8QqdnN9r9VyHdPvb</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/4ALG2YggxXJLrCUg6DcjPn-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 06 Oct 2020 13:27:42 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:45:16 +0000</updated>
                                                                                                                                            <category><![CDATA[Mobile Phones]]></category>
                                                    <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Justin Cupler ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/4ALG2YggxXJLrCUg6DcjPn-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[screen showing BlackBerry Persona interface]]></media:description>                                                            <media:text><![CDATA[screen showing BlackBerry Persona interface]]></media:text>
                                <media:title type="plain"><![CDATA[screen showing BlackBerry Persona interface]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/4ALG2YggxXJLrCUg6DcjPn-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>BlackBerry has announced BlackBerry Persona Desktop, an all-new <a href="https://www.itpro.com/security" data-original-url="https://www.itpro.com/security">security</a> solution that uses advanced artificial intelligence (AI) and <a href="https://www.itpro.com/strategy/28071/what-is-machine-learning" data-original-url="https://www.itpro.com/strategy/28071/what-is-machine-learning">machine learning</a> to detect user and entity behavior abnormalities.</p><p>Once the new BlackBerry Persona Desktop notices an irregularity in behavior, it protects the endpoint, network and data. </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/616765/the-evolution-of-the-blackberry" data-original-url="/616765/the-evolution-of-the-blackberry">The evolution of the BlackBerry</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/632959/is-rims-blackberry-playbook-fit-for-business" data-original-url="/632959/is-rims-blackberry-playbook-fit-for-business">Is RIM’s BlackBerry PlayBook fit for business?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/92417/uk-businesses-gripped-by-blackberry-fever" data-original-url="/92417/uk-businesses-gripped-by-blackberry-fever">UK businesses gripped by BlackBerry fever</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/95409/deploying-blackberry-server-41" data-original-url="/95409/deploying-blackberry-server-41">Deploying BlackBerry Server 4.1</a></p></div></div><p>BlackBerry Persona Desktop works at the endpoint, eliminating the need to share data back to the cloud before acting. This allows it to work in real-time with minimal delay to prevent hacks and data breaches.</p><p>On top of working faster, BlackBerry Persona Desktop also protects against even the most challenging security challenges, including:</p><ul><li><strong>Stolen credentials:</strong> Persona Desktop protects in the event of stolen credentials by learning how a user works and their interaction with a device. If Persona Desktop senses abnormal interaction, it sends an alert through the cloud and takes other threat-mitigation actions, like asking for second-factor authentication.</li><li><strong>Insider threats:</strong> If a rogue employee attempts to breach your system, the Persona Desktop can detect the abnormal behavior and flag the risk. It’ll then alert the administrator, who determines what action Persona Desktop takes to mitigate the threat.</li><li><strong>Physical compromise:</strong> If someone physically compromises or steals a device, BlackBerry Persona Desktop uses biometric capabilities, including keystrokes and mouse movement, to sense a different user and alert an administrator or lock the user out.</li></ul><p>BlackBerry Personal is available with the <a href="https://www.blackberry.com/us/en/products/blackberry-cyber-suite">BlackBerry Cyber Suite</a>, which is a unique combination of endpoint protection (EPP), mobile threat defense (MTD), endpoint detection and response (EDR), and user and entity behavior analytics (UEBA) products together in one package.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Securing a remote workforce with a zero-trust strategy ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/cyber-security/357177/securing-a-remote-workforce-with-a-zero-trust-strategy</link>
                                                                            <description>
                            <![CDATA[ Why zero-trust is the latest foundational cyber security construct for the modern workplace ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">4CT1npr8uRLYk4tzMMKScM</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/7X8jna5L2xkBc6pQDbfRiL-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Mon, 21 Sep 2020 14:14:48 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:52:20 +0000</updated>
                                                                                                                                            <category><![CDATA[VPN]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/7X8jna5L2xkBc6pQDbfRiL-1280-80.png">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Citrix logo]]></media:description>                                                            <media:text><![CDATA[Citrix logo]]></media:text>
                                <media:title type="plain"><![CDATA[Citrix logo]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/7X8jna5L2xkBc6pQDbfRiL-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="vt9Hn8kHfKUiKra3x8KVNE" name="" alt="Citrix logo" src="https://cdn.mos.cms.futurecdn.net/vt9Hn8kHfKUiKra3x8KVNE.png" mos="https://cdn.mos.cms.futurecdn.net/vt9Hn8kHfKUiKra3x8KVNE.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>The sudden surge in remote work and direct-to-cloud consumption of SaaS applications are putting pressure on the role of the physical security perimeter to business applications. Users need access to on-premises applications from multiple locations, and IT and cyber security teams have an imperative to provide secure access to these critical resources across a hybrid cloud environment. </p><p>With this challenge comes the need to reevaluate existing approaches to and controls of the perimeter. Organisations are moving away from the traditional method of using Virtual Private Networks (VPNs) because the way VPNs require a connection between the corporate network and the individual’s device allows for threats to be introduced through unmanaged devices. </p><p>This whitepaper champions zero-trust as the perfect approach for securing access while also providing operational efficiency. It can secure both cloud and on-premises applications with its improved mobility, threat detection, and data-loss prevention. Download this whitepaper for a framework to successfully implement a zero-trust strategy.</p><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/citrix-abm-non-abm-workspace-leads?locale=1&p=false&wp=5302"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Why IT leaders should consider a zero trust network access strategy ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/cloud/cloud-security/357119/why-it-leaders-should-consider-a-zero-trust-network-access-strategy</link>
                                                                            <description>
                            <![CDATA[ Enabling business while staying secure ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">cp35yj76zteJvcNb97jR9J</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/RdmPz9Mx8jsM5EGYviDiNa-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 16 Sep 2020 09:20:26 +0000</pubDate>                                                                                                                                <updated>Wed, 12 Apr 2023 12:44:02 +0000</updated>
                                                                                                                                            <category><![CDATA[Cloud Security]]></category>
                                                    <category><![CDATA[Cloud]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/RdmPz9Mx8jsM5EGYviDiNa-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Zscaler logo in blue]]></media:description>                                                            <media:text><![CDATA[Zscaler logo in blue]]></media:text>
                                <media:title type="plain"><![CDATA[Zscaler logo in blue]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/RdmPz9Mx8jsM5EGYviDiNa-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="sfZVNRtitrCqz8nyHFZxjK" name="" alt="Zscaler logo in blue" src="https://cdn.mos.cms.futurecdn.net/sfZVNRtitrCqz8nyHFZxjK.png" mos="https://cdn.mos.cms.futurecdn.net/sfZVNRtitrCqz8nyHFZxjK.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>In an explosion of enterprise cloud adoption, many companies are leveraging cloud technologies to optimise business processes and deliver products and services more quickly at a lower cost. </p><p>However, with this shift comes a decreased security perimeter for users and internal services within the corporate network. Potential data breaches, and the cost of downtime and loss of reputation that would follow, are something that IT leaders need to consider. </p><p>This whitepaper provides an argument for the use of cloud-delivered services that can scale to meet user demand and are hosted by a cloud security provider. Download now to find out more about zero trust network access services.</p><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/47483-li-260837-zscaler-neur-tal-june-july-aug?locale=1&p=false&wp=4984"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
            </channel>
</rss>