Ian Barker

As businesses continue to generate and rely on vast amounts of data, the traditional approach to managing that data is no longer sufficient.

Enter the concept of a data mesh -- a decentralized, domain-driven approach to data architecture that promises to transform how organizations handle and leverage their data. But the question remains: should a business create a data mesh? What value does it add, and what challenges does it help solve?

New research reveals a surge in interest in data sovereignty among UK IT leaders since the implementation of the United States government's historic raft of tariffs in April.

The study from Civo, of over 1,000 UK-based IT leaders, shows more than 60 percent now feel that the UK government’s use of US cloud services exposes the country's digital economy to significant risks, damages its domestic industry, and threatens data security.

The technology world is a fast moving one and keeping up with the latest trends can be difficult. Yet it's also essential if you're not to lose competitive edge or get caught out by new risks.

We spoke to Myke Lyons, CISO of data infrastructure company Cribl, to discuss what the priorities for cyber leaders should be and what things are likely to keep them awake at night.

While the average total compensation for CISOs at large enterprises is $700K, those at $20B+ firms average $1.1M, with top earners exceeding $1.3M. These people are often managing $100M+ security budgets and teams of over 200 staff.

A new report from IANS Research along with Artico Search looks at data from more than 860 CISOs, including 406 at enterprises with $1B+ in annual revenue.

New research from EasyDMARC reveals that just 7.7 percent of the world's top 1.8 million email domains are fully protected against phishing and spoofing, having implemented the most stringent DMARC policy.

While this configuration, known as 'p=reject', actively blocks malicious emails from reaching inboxes, many businesses have only adopted the passive monitoring setting known as 'p=none', which passively monitors inboxes for threats without intercepting them. This means it doesn't block fraudulent emails or provide full visibility into authentication failures.

New research finds that 32 percent of security professionals think they can deliver zero-vulnerability software despite rising threats and compliance regulations. 68 percent are more realistic, noting they feel uncertain about achieving this near-impossible outcome.

The study from Lineaje, carried out among RSA attendees, also shows that while software bill of material (SBOM) regulations and guidelines continue to increase, organizations vary in their level of adoption.

Not all browser extensions are created equal, and just because one is available in a high-profile store doesn't mean it's safe. Stores may do simple verifications to check for obvious red flags, but it's not part of their workflow to investigate deeper indicators of suspicious or malicious behavior.

ExtensionPedia, a new database developed by LayerX, changes that by providing individuals and businesses with detailed risk analyses on over 200,000 extensions to distinguish between safe, risky and malicious tools.

According to recent projections from Gartner, by 2028 90 percent of enterprise software engineers will use AI code assistants, up from less than 14 percent in early 2024. But relying on AI in development roles also introduces risks.

Snyk is launching a new AI-native agentic platform specifically built to secure and govern software development in the AI Era.

The promise of GenAI is undeniable, it offers transformative potential to streamline workflows, boost efficiencies, and deliver competitive advantage. Yet, for many organizations, the journey to implement AI is far from straightforward.

Obstacles typically fall into three categories: strategic, technological, and operational. We spoke with Dorian Selz, CEO and co-founder of Squirro, to explore these obstacles in more detail, as well as looking at some of the biggest misconceptions enterprises have when starting their GenAI journey.

A new report from Orchid Security shows nearly half of enterprise applications violate basic credential-handling guidance, with 44 percent undermining centralized identity provider (IdP) policies and 40 percent falling short of widely accepted identity-control standards.

Orchid analyzed authentication flows and authorization practices embedded deep within enterprise applications and finds clear-text credentials in nearly half. These are normally associated with alternative access flows, often for non-human accounts, but they also present an easy target for threat actors seeking entry or lateral movement.

In recent years more and more organizations have been turning to the cloud for their IT requirements.

But with public, private and hybrid options to choose from the cloud landscape is complex. It's no surprise then that enterprises are increasingly leveraging MSPs to manage their public cloud deployments for them.

We all know that businesses are facing a raft of more sophisticated cyberthreats, partly driven by AI. We also know that there can be an impact beyond the financial in terms of damage to reputation and loss of customers.

A new report from cyber insurance specialist Hiscox reveals that 67 percent of organizations report increase in attacks and 34 percent of firms have compromised cybersecurity measures due to lack of expertise in managing emerging tech risks.

As Java marks its 30th anniversary on May 23rd, it's a powerful reminder that few technologies have had the longevity -- or the impact -- of a language first launched in 1995.

Today, Java continues to underpin much of modern software development, from cloud-native systems to enterprise-scale applications.

To mark this milestone, we caught up with Dewan Ahmed, principal developer advocate at Harness. Dewan, whose work focuses on empowering DevOps and engineering teams to deliver reliable, efficient, and secure software. He has seen first-hand just how much Java has changed over the past decade.

Non-human identities (NHIs) -- such as service accounts, tokens, API keys, and workloads -- are exploding in volume, now outnumbering humans 50 to one, but they remain under-observed, under-protected, and dangerously over-privileged.

New data from identity security platform Silverfort shows 40 percent of cloud NHIs do not have an owner. These accounts are often excluded from proper lifecycle management, leaving them unobserved, unprotected, and open to abuse.

Ignoring vulnerabilities and exposures may not seem like a good idea, but conventional strategies rely heavily on vulnerability severity (CVSS) and exploitability indicators (EPSS), which ignore whether vulnerabilities are exploitable or already mitigated by existing defenses in a specific organization.

More than 40,000 new CVEs were disclosed in 2024, of which 61 percent were labeled as high or critical, but they won't all be a risk to every business. A new tool from Picus Security allows security teams to verify the exploitability of vulnerabilities and determine which pose real-world risks based on their unique environments.