If it wasn’t clear already, the RSA 2022 Conference highlighted that zero trust is the conversation every technology vendor wants to have and somehow associate with their products. This week at InfoSec 2022 we are seeing exactly the same. But how should an organisation weed through the hype to understand true value? Zero trust is certainly not a new concept.

Behind tremendous interest in zero trust security and its crucial role in the SASE journey, many practitioners choose zero trust network access (ZTNA) as their first step toward transformation. If you are planning a ZTNA project, here are some ideas and tips that can increase your odds of success and provide a smooth transition from legacy remote access VPNs to ZTNA.

It’s been over two years since offices around the world closed their doors, sending employees to work from home to ride out a series of pandemic lockdowns. Those two years saw a succession of commands to close, reopen, close again, and reopen again, during which office workers in many industries embraced remote work and the benefits of eliminating the commute and providing a better work-life balance.

Security transformation is upon us, and the global pandemic further accelerated macro-trends such as work-from-anywhere that were already well underway. But with so many ideas now competing for airtime when it comes to describing that transformation and how to do it successfully, security professionals could be forgiven for thinking that the right moves and the good advice are getting buried under an avalanche of marketing, buzzwords, and acronyms.

It is a sentence I hear a lot; “We treat Microsoft 365 as an exception in our cloud security because it is a managed app.” You might think that’s a reasonable approach to take, after all Microsoft’s security credentials are impressive, all OneDrive app traffic is encrypted, and there are plenty of other unmanaged cloud applications in use as shadow IT all over your organisation that pull your attention.

The role of information security in modern enterprises is evolving like never before. Security will need to improve third-party oversight as organizations increasingly depend on outsourcing models for scale flexibility, efficiency, and cost savings. It will also need to do a better job of balancing security requirements (e.g., regulatory compliance, risk management) against business objectives (e.g., user experience, network performance, reducing costs).

It’s no secret that the security leaders, especially chief information security officers (CISOs), have one of the most stressful jobs in the C-suite. They are bumping up against high demand, high risk, and often unrealistic expectations for their work.

In March 2022, researchers spotted a new ransomware family named GoodWill, with a new method to collect the ransom. Instead of requesting payment through crypto coins like other threats such as Night Sky or Hive, GoodWill requests that its victims help vulnerable people by following a sequence of steps, such as donating clothes, feeding less fortunate children, or providing financial assistance to hospital patients.

By 2025, there will be 55.7 billion connected IoT devices (or “things”), generating almost 80B zettabytes (ZB) of data. These are just some of the statistics that underscore enormous opportunity in IoT—and the enormous security risks all those IoT devices create.

On May 27, 2022, a Microsoft Office document was submitted from Belarus to VirusTotal, using a novel method to deliver its payload. This new technique was identified as a Zero-Day RCE (Remote Code Execution) vulnerability in Microsoft Support Diagnostic Tool (MSDT), which is now being tracked as CVE-2022-30190. As of this writing, it affects only Windows computers running with MSDT URI protocol enabled.