Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ephemeral accounts don't leave an audit trail, and that's a problem

Ephemeral accounts are temporary, high-privilege accounts created for short-term use. They’re a convenient way to get quick, temporary access to systems, data or applications for one-off tasks. Need temporary admin rights for a few minutes? Just create an ephemeral account, complete your task and move on. But behind the convenience of these temporary credentials loom serious security threats.

Beyond the Audit Box: Building Security That Works in the Real World

Many years ago, a friend of mine worked as a security director at a firm and had what they called an “audit box.” It was a pre-prepared box filled with policies, network diagrams, security controls and checkboxes. Basically, all the things an auditor would want to see during a visit. Except they weren’t always a true reflection of reality. That's a tidy version of cybersecurity. You purchase a tool, deploy it, tick the box and the problem goes away.

IT compliance audit checklist: 7 steps to follow

As IT threats and vulnerabilities continue to evolve, regulatory and compliance demands are growing in response. Many organizations today need to navigate multiple mandatory security frameworks and regulations. According to Vanta’s 2025 Trust Maturity Report, 90% of respondents cite compliance requirements as a top driver for investing in security. ‍ Maintaining compliance with the necessary frameworks requires continuous monitoring of your security posture and critical controls updates.

Internxt Successfully Passes an Updated Security Audit

We are pleased to announce that Internxt has passed its second consecutive security audit for all its services from the leading independent European pentesting company, Securitum, which also works with firms as relevant as Proton. Having become the first cloud storage with post-quantum, plus our zero-knowledge policies, when we say your data is private and secure from hackers, it’s not just a claim, but verifiable by external security professionals and experts in the field.

Why Legacy Penetration Testing Is Dead Between the Audits: How Lean Security Teams Can Finally Get Ahead

For decades, penetration testing has been the gold seal of cybersecurity. Auditors love them. Insurance brokers demand them. Your board sees them and believes the “secure” box for your company has been sufficiently checked. And to be clear: manual pen tests have an important place. For compliance mandates, regulatory filings, or mission-critical systems, there’s no substitute for a skilled third-party team that probes your environment.

Why ISO 27001 Auditors Can Reject Documentation

ISO 27001 is one of the most complex security frameworks commonly in use around the world. That complexity comes from the way it is designed: not as a checklist to follow, but rather as a series of guidelines to achieve. The difference between those two things is stark, even if it doesn’t sound like it. The way ISO 27001 works is that you develop an ISMS, or Information Security Management System.

Time for an IoT Audit?

IoT is everywhere, quietly powering everything from smart thermostats in homes to complex systems in industrial networks. While these devices bring incredible convenience and innovation, they also open the door to significant cybersecurity risks, especially in manufacturing and similarly sensitive sectors. The longer devices stay online, the more likely they are to become vulnerable due to outdated software, misconfigurations, or a lack of ongoing security management.

Human Error Is the New Attack Vector: Why Access Control Is Your First Line of Defense

In modern business environments, many data leaks do not begin with hackers breaking through firewalls. Instead, they start with a small mistake committed by an employee, contract worker, or team member who had unnecessary access rights. As phishing attacks, stolen passwords, and accidental errors continue to cause serious security problems, companies must recognize that access control is just as critical as anti-virus software.