Articles about Q&A

For enterprises, making the right cyber security investment isn't just about selecting the most advanced technology. To truly get the best return, decision-makers must also consider the strategic and financial aspects of their choices.

We spoke to Ben Vaughan, chief commercial officer at Bridewell, to discuss how by engaging with the right teams, businesses can ensure their security solutions are not only technically sound but also aligned with their long-term financial goals and sustainable growth.

Continue reading →

In DevOps and IT circles, the word 'observability' has been bandied about for the past few years. Observability is one of those hot and trendy terms which also means different things to different people.

Yet the goal is generally the same: how can we observe our environment and then proactively and even automatically make fixes to things that aren't working, are anomalous, suspicious and/or could potentially cause a disastrous outcome? Such outcomes could include a network failure, a security breach, a server reaching capacity, or in the unstructured data management world -- something else entirely.

Continue reading →

As the European Union updated the Network and Information Security (NIS 2) Directive in October last year, many companies were asking: what does it take to comply with this sweeping new regulation? Designed to tighten cybersecurity across critical industries, NIS 2 goes beyond the original directive’s framework, bringing strict rules, wider sectoral reach, and substantial penalties.

We spoke to Sam Peters, chief product officer at isms.online, to find out what businesses need to know to ensure compliance and understand the directive's impact on both operations and reputation.

Continue reading →

Blockchain technology has often been touted as a game changer for the security of transactions in different fields.

However, many organizations still don't full appreciate its value or how to incorporate it into their applications. We spoke to Lee Jacobson, senior vice president business development Web3 at video game commerce company Xsolla to find out about how blockchain implementation can be made easier.

Continue reading →

While many organizations have solutions in place to identify patchable CVEs, non-patchable security issues such as misconfigurations continue to provide threat actors with consistent access points to exploit organizations.

We spoke to Jason Mar-Tang, field CISO at Pentera, to discuss the challenge of non-patchable security issues vs. CVEs, what makes them so much more difficult to identify, the challenges of remediation, and what standards organizations should implement to tackle this challenge.

Continue reading →

Enterprises are increasingly using GenAI to transform their organization. As they move ahead, they're evaluating their preparedness from a business, safety, skills, and product level. But there's another key factor at the backend that's being overlooked: the network.

Full GenAI adoption introduces significant new challenges and demands on the network, such as bandwidth strain and unique security vulnerabilities. If these demands aren't accommodated, organizations won't realize the benefits of GenAI.

Continue reading →

It's becoming common in the cybersecurity industry to encounter two situations that are equally untenable.

On the one hand, the job of a typical chief information security officer (CISO) has become overburdened with the high stress of constantly evolving risks, talent shortages, budget constraints, board disconnects and more, leading to burnout. On the other, many organizations, particularly small to midmarket ones, don't have the resources to afford a full-time security executive, despite facing the same cybersecurity and compliance challenges as everyone else.

Continue reading →

Increased use of open source and third-party code leaves organizations open to more attacks on the software supply chain.

Open source vulnerabilities have become a prime target for attackers and organizations need to strengthen their defenses. We spoke to Richard Clark, senior solutions architect at JFrog, to discuss the importance of proactive measures in protecting against these threats.

Continue reading →

More and more businesses are turning to generative AI in the hope of gaining greater value from their data. But there are issues around governance, access to data and lack of appropriate skills that mean projects can either stall or not deliver as expected.

We spoke to Srujan Akula, CEO of The Modern Data Company, about why he believes that giving 'power to the people' and democratizing AI by putting it in the hands of non-technical users can deliver real business value.

Continue reading →

The cybersecurity landscape is constantly evolving and organizations need to stay up to date if they're to adequately protect themselves.

At the end of last year, O'Reilly released its 2024 State of Security survey, which analyzes the threats that concern frontline practitioners most, the projects they're implementing to safeguard systems and infrastructure, the skills companies are hiring for, and more.

Continue reading →

There are many factors to consider when deploying AI into an organization, not least of which is maintaining transparency and trust in the process.

We spoke to Iccha Sethi, VP of engineering at Vanta, to learn more about why transparency is so important and how governments and enterprises are responding to this challenge.

Continue reading →

Developers historically have not been all that security savvy, but as software supply chain security becomes a larger and larger problem every day, enterprises are going to need to secure packages before they are put into production environments.

We spoke to Phylum CEO, Aaron Bray, to learn more about 'secure by design' and how it can make sure developers are being taught security as part of their development and training process and are also being provided with the necessary resources to code securely from the beginning.

Continue reading →

As cloud environments become complex, security teams face increasing challenges in detecting, prioritizing, and addressing risks.

While cloud security posture management (CSPM) tools were created to provide visibility into cloud configurations and cloud workload protection platforms (CWPP) to manage threats to cloud workloads, they created gaps in providing holistic context that enables efficient risk management and didn't extend across the full software development life cycle (SDLC).

Continue reading →

It's an increasingly rare system these days that doesn't claim to have incorporated artificial intelligence in some form or another.

But when implementing AI it's important to look beyond the hype and ensure that it can deliver real value for the business. We spoke to Ajay Kumar, CEO of SLK Software, about the need for a holistic approach to allow enterprises to leverage AI for solving complex business challenges.

Continue reading →

Non-human identities (NHIs) outnumber human identities by between 10 and 50 times, but the industry lacks solutions to properly address this hole in the security perimeter.

Traditional IAM solutions and best practices aren't sufficient when it comes to managing NHIs, as evidenced by some recent breaches that have stemmed from exploitation of NHIs.

Continue reading →