Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cloudflare was designed to be simple to use for even the smallest customers, but it’s also critical that it scales to meet the needs of the largest enterprises. While smaller customers might work solo or in a small team, enterprises often have thousands of users making use of Cloudflare’s developer, security, and networking capabilities. This scale can add complexity, as these users represent multiple teams and job functions.

Microsoft just dropped their latest critical infrastructure threat guidance along with their latest Digital Defense Report. And if you read between the lines, there’s a very clear story: Attackers aren’t smashing windows anymore. They’re walking in the front door… quietly… with your credentials. Let me say that again. They’re logging in. Not breaking in.

On March 10, 2026, Progress ShareFile released fixes for two critical severity vulnerabilities in Progress ShareFile Storage Zones Controller (SZC) 5.x, tracked as CVE-2026-2699 and CVE-2026-2701.

On April 4, 2026, Fortinet released a hotfix for a critical vulnerability in FortiClient EMS (CVE-2026-35616) that allows unauthenticated remote threat actors to execute unauthorized code or commands via crafted requests. The flaw stems from improper access control in the API authentication. Fortinet has confirmed observing exploitation of CVE-2026-35616 in the wild. The vulnerability was responsibly disclosed by Defused, which had observed exploitation prior to Fortinet’s official disclosure.

When it comes to email security, phishing and other social engineering attacks tend to grab headlines. But a simple mistake by an employee, like addressing an email to the wrong person, can be just as damaging. Misdirected emails like these remain one of the most common and costly forms of accidental data exposure.

AI adoption does not happen uniformly across an organization. Some employees have integrated generative AI (genAI) tools into core parts of their workflow. Others have barely opened one. Most are somewhere in between, experimenting on an ad hoc basis, without consistent visibility into what data those tools handle or where it goes. That variance is the problem. Security programs built around either universal AI adoption or zero AI adoption will miss most of the actual risk.

You picked a cloud provider, migrated your workloads, customized everything to fit their ecosystem, and now switching feels nearly impossible. That’s vendor lock-in, and it’s one of the biggest strategic risks facing IT teams today. Nearly all (94%) of IT leaders worry about it, pushing many organizations toward hybrid infrastructure.

The hype is deafening, the booths were packed, but most of what the industry is calling "agentic AI security" is point products wearing platform clothes. Here is what the real thing requires.

Most organizations treat compliance as a cost of doing business — a box to check, an audit to survive, a regulatory hurdle to clear. Compliance rarely inspires excitement. For many organizations it is treated as a necessary obligation, something to satisfy regulators and auditors so the business can move forward. Security and IT teams often experience compliance as a cycle of documentation, manual processes and audit preparation that consumes valuable time and resources.

At Gartner IAM Summit 2026, the strongest conversations were about machine identities, AI agents, secrets, trusted integrations, and the growing realization that credential abuse now sits much closer to the center of enterprise risk.