Security News

Attackers tried to insert backdoor into PHP source codeThe PHP development team has averted an attempted supply chain compromise that could have opened a backdoor into many web servers. The growing threat to CI/CD pipelinesBy hardening CI/CD pipelines and addressing security early in the development process, developers can deliver software faster and more securely.

Cloudentity and Okta are delivering on the promise of zero trust authorization for open banking services. Open banking enables customers, partners and employees to access applications, data and services regardless of their location, device or network.

Applications: Convert all shadow IT, shadow cloud, and bring-your-own applications to managed and secured applications. This is common because it seems easier to prove zero trust by starting with one application.

Security leaders embracing zero trust identity security. 88 percent of respondents said adopting more of a zero trust approach is "Very important" or "Important."

The pandemic-driven shift to remote work has significantly changed how companies are investing in identity and access management capabilities and zero trust security, according to a survey from Ping Identity. "Business leaders have been faced with an urgent need to invest more in identity security capabilities to effectively secure employees and customers in a dispersed work environment," said Andre Durand, CEO of Ping Identity.

One option that is often touted is a zero trust model through which access to critical resources is scaled back and granted only under specific conditions. Sponsored by CyberArk, "The CISO View 2021 Survey: Zero Trust and Privileged Access report" collected the advice based on interviews with 12 top security executives from Global 1000 companies.

Cyemptive Technologies announced Cyemptive Zero Trust Access, a technology that provides comprehensive secure access to networks from remote locations. Cyemptive informed the Department of Homeland Security and Senate of virtual private network hacks against mainstream firewall technologies in November 2019 and since then has focused on developing a secure remote access solution, resulting in Cyemptive Zero Trust Access.

Cloudflare launched Cloudflare Browser Isolation, a new zero trust service to make everyday web browsing safer and faster for all businesses, regardless of where their employees are. As businesses rely on employees working directly in browsers, Cloudflare Browser Isolation keeps them safe by creating a gap between end-user devices and potential threats.

The U.S. National Security Agency has published guidance on how security professionals can secure enterprise networks and sensitive data by adopting a Zero Trust security model. Titled "Embracing a Zero Trust Security Model," the document details the benefits and challenges of the security model, and also provides a series of recommendations on the implementation of Zero Trust within existing networks.

The National Security Agency and Microsoft are advocating for the Zero Trust security model as a more efficient way for enterprises to defend against today's increasingly sophisticated threats. Google implemented zero-trust security concepts following Operation Aurora in 2009 for an internal project that became BeyondCorp. Zero Trust defense for critical networks.