Latest news with #IT
Fast Company
6 hours ago
- Business
- Fast Company
The rise of the CTO in the age of ‘business unusual'
Years ago, I spent a lot of time making the case for why IT mattered in large enterprises. It's fair to say the landscape has changed—dramatically. Where I once had to argue for IT's strategic importance, I now find myself doing the opposite—pushing back on the exuberant view that technology alone can fix everything from poorly designed processes to unclear roles and responsibilities. After decades of serving as essential—but often background—enablers of enterprise strategy, technologists and our alphabet soup of leadership titles (CIOs, CDTOs, CDOs, CTOs) are now at the center of business transformation. In more than 30 years in this industry, I've never witnessed IT play such a central role in shaping business dynamics. With the tailwind of generative AI and automated code completion, technology teams are now leading what can only be described as 'business as unusual'—creating previously unimaginable products, services, business models, customer and partner relationships, and employee experiences. Today, tech strategy is business strategy. The Great Unbundling Begins The traditional way we think about enterprise software is being upended. Suddenly, it's both cool and affordable to build genuinely useful things. For decades, CIOs were forced to manage constant trade-offs: lower total cost of ownership versus future-proofing, slick user interfaces versus seamless integration, best-of-breed solutions versus end-to-end platforms, on-premises versus cloud. The market subsequently converged to the point where most companies now run virtually identical application stacks. And yet, despite spending tens of millions on carefully crafted user interfaces, most employees still dislike using the enterprise software we provide. They use it because they must, not because they want to. At their core, most enterprise software platforms aren't so different from the Excel spreadsheets my brother uses to run his small business—they just come with multimillion-dollar interfaces layered on top. Whether it's HR systems, data platforms, or CRMs, the underlying logic often mirrors the same basic workflows and decision trees. What sets them apart isn't complexity—it's scale, integration capability, and the stakes involved. To put it more bluntly, all of us are spending enormous sums on the equivalent of a car that boasts luxury exterior finishes but moves you along with the horsepower of a Yugo GV. Regardless of how nice the outside looks, the engine is what actually delivers impact and value. The AI-Powered Reconstruction The emergence of agentic AI is fundamentally disrupting how we evaluate enterprise software as an industry. With novel AI frameworks like Model Context Protocol (MCP) and Agent-to-Agent (ATA) protocols, we're starting to see a future where user interfaces can be disaggregated from the underlying data itself. If AI-based tool calling delivers on its promise, there's no reason someone shouldn't be able to change an address, retrieve a paystub, modify a customer order, reset a password, or increase a purchase order—all from the same pane of glass or GenAI prompt bar. The ability to design this unified interface finally enables meaningful IT differentiation among companies. Until now, enterprise customers had no choice but to purchase software for virtually everything because developing and maintaining applications with exceptional UI, robust databases, and enterprise-grade security was prohibitively costly. With AI, the economics have shifted dramatically—the cost of building something uniquely tailored to our business is plummeting as software learns to write, maintain, and improve itself. In my field, every pharmaceutical company has historically relied on the same suite of enterprise applications, making differentiation nearly impossible. This raises a fundamental question, especially at this moment of accelerating AI innovation: Should we continue purchasing the costly applications everyone else uses, or should we start building solutions that give us an edge? AI First By adopting an AI-first approach, my company has developed an enterprise software catalog that outperforms—and costs less than—anything available for purchase, solving the age-old challenge of data discovery across our corporate systems. Throughout our organization, even in processes far removed from laboratory work, we're starting to see how bespoke tools without traditional user interfaces can execute tasks in seconds that previously required 30+ minutes across multiple systems, accelerating how we discover and develop lifesaving medicines. I'm not suggesting companies should build custom ERP systems or replace every piece of software. Rather, AI and agentic frameworks give us the freedom to assess where real value is being created—which is typically closer to the end user. We can now selectively build applications that directly improve our competitive advantage while continuing to rely on proven solutions for core operational functions. The Tech Is Changing, and So Is the Talent With this newfound ability to build transformative solutions, the domain of configuring software, while still crucial, remains a necessary but insufficient skill set. The way we think about talent is fundamentally changing. By becoming more comfortable building technology—not just buying or configuring it—my organization has doubled in size while significantly reducing its cost to the company. We're still hungry for more people with the right skills. Fortunately, we're seeing the next generation of undergraduate and graduate programs blend AI, computer and life sciences, and computational drug discovery and development. The twin torrent of advances in AI and biomedicine is creating rewarding career paths for emerging tech talent—offering purpose, future-shaping potential, and the opportunity to make a uniquely human impact. It's a uniquely exciting time to be a technologist in life sciences. In five years, the work we do to benefit patients—the applications and software we create to speed the discovery and delivery of new medicines—will be almost unrecognizable. While change at this pace brings inevitable turbulence, it also expands the role of tech leaders from enablers to architects of enterprise strategy.
Forbes
7 hours ago
- Business
- Forbes
Why Hybrid Cloud Security Is A Top CISO Priority For 2025
Jonathan Fischbein is the Chief Information Security Officer at Check Point Software Technologies. Cloud infrastructure has become the backbone of modern IT frameworks, playing a critical role in supporting services ranging from email and data storage to application hosting and DevOps. As organizations continue to accelerate their adoption of cloud technology to streamline operations and drive business efficiency; they may also be exposing themselves to an expanding array of security risks and vulnerabilities. The rise of hybrid cloud environments—where companies utilize a mix of private and public clouds—has only compounded these security risks. According to research by my company, Check Point, security risks from hybrid cloud deployments pose a unique set of challenges for cybersecurity professionals. From vulnerabilities related to administration and misconfigurations to challenges in threat detection and prevention, global CISOs must become more vigilant in their treatment of hybrid environments. The Complexity Of Cloud Administration As organizations expand their cloud footprint to take advantage of cost, performance and geographic efficiencies, they must now monitor for issues across a more diverse and disconnected cloud ecosystem. With each new cloud service provider comes a new potential threat surface and an opportunity for administrative oversight. Navigating this ever-expanding landscape is no easy task, especially when administrators are tasked with managing myriad configurations and settings to ensure the security of their environments. One of the most challenging aspects of cloud security is the management of non-human identities (NHIs), such as service accounts, API keys and built-in user accounts. These entities are critical to the functionality of cloud systems but can often be misconfigured or inadequately secured, providing easy points of entry for attackers. One example occurred in January 2024, when the advanced nation-state threat group Midnight Blizzard exploited a misconfigured OAuth application in Microsoft's Azure environment. This vulnerability allowed attackers to pivot from testing environments to production, accessing sensitive systems and even internal emails from top Microsoft executives. In India, a misconfigured S3 bucket exposed over 500GB of sensitive personal and biometric data, including information from military personnel, while other major corporations also experienced breaches due to misconfigured cloud storage containers. The Hazards Of Hybrid Environments Many organizations use identity and access management (IAM) solutions to integrate and streamline user authentication across both cloud and on-premises systems. While this integration provides seamless user experiences, it also creates potential pathways for lateral movement by attackers. Why is this so important? Once attackers compromise an on-premises network, they can pivot into cloud environments through various vectors, including hybrid user accounts and cloud connectors. In 2024, an attack like this occurred when the financially motivated threat actor Storm-0501 launched a series of multi-stage attacks against hybrid cloud environments. These attacks allowed the actor to deploy backdoor accounts, spread ransomware and infiltrate sensitive systems across the network. Securing Single Sign-On Accounts Single sign-on (SSO) systems have become a popular method for managing authentication across cloud and on-premises applications. However, as organizations increasingly rely on third-party SSO providers, cybercriminals have shifted more focus to exploiting these services. Credential stuffing and brute-force attacks are common tactics used to compromise SSO accounts, making them prime targets for advanced persistent threat (APT) groups. This highlights a critical concern: the reliance on third-party SSO providers for security can be risky, especially if their own security practices are not up to par. Without comprehensive visibility into log data and account activity, organizations may struggle to detect and respond to security incidents in a timely manner. The Emergence Of AI-Driven Threats As cloud providers integrate more advanced technologies into their offerings, one of the most significant emerging threats comes from generative AI. Cloud services now provide the infrastructure to build, train and deploy custom large language models (LLMs), enabling companies to create tailored AI solutions for their specific business needs. These models can integrate proprietary data, offering better control over sensitive information and ensuring privacy. However, as AI becomes more accessible, threat actors are finding new ways to exploit these technologies. One of the newest threats is a form of cloud hijacking known as LLM-jacking. In this attack, malicious actors compromise cloud accounts to take control of existing hosted LLM models or deploy their own. Once in control, attackers can resell access to these models or exploit them for malicious purposes. For example, one group used an LLM proxy to resell access to the model, while others leveraged jailbreaks to create and sell uncensored chatbot characters. This trend isn't just hypothetical. Threat groups have been caught using ChatGPT to generate advanced tools and research vulnerabilities. There is also now growing evidence that threat actors may pivot to private LLM instances to gain better operational security, using cloud-based AI for more sophisticated, harder-to-detect attacks. Hybrid Cloud Visibility And Protection Have Become Mission-Critical The cloud's attack surface is growing exponentially as businesses continue to leverage its capabilities for operational efficiency. Protecting these environments requires staying ahead of evolving threats, securing both cloud and hybrid infrastructures, and continuously refining security practices. The key to mitigating cloud vulnerabilities lies in understanding the technology's evolving nature and taking proactive measures to safeguard sensitive data and systems. Of course, in the AI era, a prevention-first security strategy means organizations must leverage AI solutions to drive real-time detection and response and consolidate security operations. Most importantly, security must be a primary business goal. Building modern cyber resilience requires a robust zero trust strategy, automated threat and misconfiguration management, agile and comprehensive data protection and more. Organizations must prioritize the investments and tactics that will help them build the cybersecurity foundation they need. By staying ahead of the curve, businesses can defend against the next generation of cloud-based cyberattacks. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
The Verge
a day ago
- Business
- The Verge
Chrome will let you switch between personal and work accounts on iOS
Google is introducing the option to easily switch between personal and work profiles in its Chrome browser on iOS, with data kept separate between the two. The new option is part of Google's enterprise software package, and doesn't allow non-enterprise users to switch freely between two Google accounts in the browser. Companies that adopt Chrome Enterprise can let employees sign into managed Google accounts on iOS and switch freely between their personal and work accounts within Chrome. Like on desktop, users switch by tapping their account icon and then selecting the other profile to browse with. Browsing data including tabs, history, and passwords will be kept separate between the two accounts, and IT admins will be able to access security reports and restrict browsing to certain sites while in the work profile. Android has no direct analog to this feature, but instead supports device-wide work profiles that cover the full suite of Google apps, including Chrome. This is presented as a different version of the Chrome app, and so unlike on iOS, Android users can't switch to a work profile from within Chrome itself. Chrome users are unable to switch freely between non-enterprise Google accounts on either mobile operating system, despite having the option on desktop versions of the browser.
Associated Press
a day ago
- Business
- Associated Press
Growing Adoption of Cloud and Integration of AI/ML into Endpoint Security Solutions Fueling Opportunities
DUBLIN--(BUSINESS WIRE)--Jul 21, 2025-- The 'Endpoint Security Market by Solution, Service, Enforcement Point, Vertical, Region - Global Forecast to 2030" report has been added to offering. The global endpoint security market size is projected to grow from USD 27.46 billion in 2025 to USD 38.28 billion by 2030 at a Compound Annual Growth Rate (CAGR) of 6.3%. The report will help market leaders and new entrants with information on the closest approximations of the revenue numbers for the overall endpoint security market and its subsegments. It will also help stakeholders understand the competitive landscape and gain more insights to better position their businesses and plan suitable go-to-market strategies. The report also helps stakeholders understand the market pulse and provides information on key market drivers, restraints, challenges, and opportunities. Organizations are increasingly aware of the risks of internal misuse of entitlement, whether on purpose or inadvertently, with remote work architectures, third-party access, and hybrid IT prevalent. The potential for excessive user privileges or poorly managed user privileges is likely to be greater than ever. Endpoint privilege management is able to mitigate this issue by applying the principle of least privilege, meaning users have the minimum permission that they require, when required. This approach decreases the potential attack surface, decreases lateral movement risk, and mitigates inappropriate access to data. Given the requirement for strong privilege controls in regulated industries such as BFSI, healthcare, and IT services, strong privilege controls in any endpoint security policy are now table stakes for any successful policy. The key players in the endpoint security market include Microsoft (US), Palo Alto (US), SentinelOne (US), Trend Micro (Japan), Fortinet (US), Cisco (US), Check Point (Israel), Blackberry (Canada), ESET (Slovakia), Kaspersky (Russia), Trellix (US), CrowdStrike (US), IBM (US), Broadcom (US), Sophos (UK), and others. By vertical, the BFSI segment accounts for the largest market share during the forecast period. Endpoint security is very important for BFSI organizations, which involve a considerable amount of sensitive financial and personal information. It is all about protecting all devices connected to the network, such as laptops, mobile devices, ATMs, and point-of-sale terminals, from unauthorized access and threats. Endpoint security involves modern tools, threat detection, malware and protection, encryption, and access control to secure endpoints. In December 2022 alone, finance and insurance organizations across the world suffered 566 breaches that resulted in over 254 million records being leaked. In January 2024, LoanDepot was breached, with the impact of 16.9 million individuals' security being compromised, including sensitive personal and financial data. Evolve Bank & Trust reported a breach in security that compromised the security of 7.6 million people, including social security numbers and account information. By developing and investing in endpoint security solutions that include real-time detection, protecting customer information to uphold trust, and strategic investment to sustain customers, BFSI organizations are seeking to reduce legal and reputational exposure to US legislation. By region, North America accounts for the largest market share. North America's endpoint security landscape is changing fast through strong collaborations between public and private organizations and technology partnerships between organizations, large and small, across Canada and the US. In Canada, Bell Canada partnered with SentinelOne to provide next-generation Managed Threat Detection and Response (MTDR) capabilities to its Security Operations Centre, while the University of Toronto gained 'next-gen' centralized threat management for nearly 10,000 endpoints across its campuses. In the US, federal funding and cooperation with industry partners facilitated programs including: Xage Security's USD 1.5 million contract with the US Navy to deliver Zero Trust Access as a multi-faceted and complex naval environment; and the White House combined with Microsoft and Google to deploy endpoint security capabilities, including training to critical rural hospitals. Additionally, Shepherd and Intel partnered to provide advanced Threat Detection Technology against ransomware threats. Together, all of the above describe the continent-wide approach toward advancing endpoint security through collaboration and investment and innovative platforms, aimed at addressing evolving cyber threats in all sectors, including healthcare, defense, academia, and enterprise. Key Attributes: Market Overview and Industry Trends Market Dynamics Drivers Restraints Opportunities Challenges Porter's Five Forces Analysis Value Chain Analysis Technology Analysis Impact of Generative AI on Endpoint Security Market Tariffs and Regulatory Landscape Competitive Landscape For more information about this report visit About is the world's leading source for international market research reports and market data. We provide you with the latest data on international and regional markets, key industries, the top companies, new products and the latest trends. View source version on CONTACT: Laura Wood, Senior Press Manager [email protected] For E.S.T Office Hours Call 1-917-300-0470 For U.S./ CAN Toll Free Call 1-800-526-8630 For GMT Office Hours Call +353-1-416-8900 KEYWORD: INDUSTRY KEYWORD: SOFTWARE TECHNOLOGY INTERNET ARTIFICIAL INTELLIGENCE SOURCE: Research and Markets Copyright Business Wire 2025. PUB: 07/21/2025 12:05 PM/DISC: 07/21/2025 12:05 PM
National Post
a day ago
- Business
- National Post
Aspiring IT workers now have a workaround for expensive training materials
This article was created by StackCommerce. Postmedia may earn an affiliate commission from purchases made through our links on this page. Article content Breaking into the IT industry has never been more competitive. With rapidly evolving technologies and a growing demand for certified professionals, employers are looking for candidates who not only understand core concepts but also hold recognized credentials. Article content Article content Whether you're aiming for a cybersecurity role, a cloud engineering position or just trying to keep up with changes in the field, staying current is critical and often expensive. The Vision Training Systems 365 Training Pass is a useful way to study without paying for expensive formal study guides. It offers a practical, flexible alternative to traditional training programs by giving you one full year of unlimited access to a large library of expert-led IT courses. Article content With more than 3,000 hours of content and over 230 video-based courses, it's built for learners who want depth, breadth and affordability in one place. Article content The curriculum covers certifications like CompTIA A+, Network+, Security+, Cisco CCNA, Microsoft Azure, AWS and more. You can also explore emerging areas like AI, cybersecurity and cloud computing or branch out into project management, business strategy and soft skills development. Each course is taught by professionals with industry experience and includes practice exams to help reinforce your learning. Article content Article content The platform is accessible from any modern device, whether you're using a laptop, phone or tablet, so you can learn at your own pace. It's a flexible option for Canadians balancing work, school or family while trying to build a better career. Once redeemed, you will have access to all Vision Training Systems material for one year, so you have enough time to study without rushing. Article content Article content
