Tool sprawl is an expensive aspect of technical debt. IDC recently found that 43% of organizations doing business in the Americas have 500 or more software applications in their portfolios today (Application Services — Worldwide Regions, 2023, IDC #US50490416, April 2023). In the area of monitoring and observability tools alone, 50% of companies reported having between 11 and 40 tools.

Our teams are always hard at work improving the TrustCloud platform. Here are this month’s biggest updates. Introducing our ServiceNow integration! This is a bidirectional integration with ServiceNow to pull ticket details into TrustCloud. Teams can create new ServiceNow tasks in TrustCloud and attach ServiceNow links as evidence to your tests. The integration also supports automatic task creation from TrustCloud. Just go to Admin -> Connected Apps, where you can automate task creation.

Security teams have a wide range of tools in their arsenal to combat cybersecurity threats, but the expanding attack surface and the sheer number of tools can make their jobs more difficult to manage. As we enter this new era of cybersecurity, security and risk management, leaders are focused on validating the efficacy of their security investments, improving ROI, and taking a more programmatic approach in order to enhance their efficiency.

After speaking to a wide spectrum of customers ranging from SMBs to enterprises, three things have become clear: Add that together, and we get Shadow AI. This refers to AI usage that is not known or visible to an organization’s IT and security teams. Shadow AI comes in many forms, but in this blog we’ll stick to a discussion of Shadow AI as it pertains to applications. Application security teams are well aware that AI models come with additional risk.

In a recent cybersecurity alert, the infamous Iranian hacking group APT33 (also known as Peach Sandstorm and Refined Kitten) has unleashed a new form of malware named "Tickler" to compromise the networks of various organizations across critical sectors in the United States and the United Arab Emirates. This latest campaign, observed between April and July 2024, has primarily targeted government, defense, satellite, and oil and gas industries.

1Password surveyed 600 small business cybersecurity professionals to better understand their unique challenges.

The enterprise technology landscape has changed significantly, driven by the rapid adoption of cloud technologies, evolving IT infrastructures, and evolving exploitation activities. This transformation requires that organizations take an updated approach to vulnerability management—one that goes beyond the traditional focus on patch management to encompass a broader spectrum of risks.

Organizations whose IT infrastructure relies heavily on Microsoft will often adopt Azure Functions as part of their cloud modernization strategy. Azure Functions is an on-demand serverless solution that enables you to build and deploy event-driven code without worrying about provisioning and managing infrastructure. Azure Functions offers simplified development and deployment, automatic scaling, and seamless integration with other Azure services all within a cost-efficient pay-for-what-you-use model.

As developers, we're constantly juggling features, fixes, and deadlines. Yet, a lurking issue has been surprisingly overlooked: the continued use of vulnerable Log4j and Spring Framework versions in many projects. Despite the high-profile exposure of Log4Shell and Spring4Shell vulnerabilities, a shocking number of applications are still running on these ticking time bombs. This isn't just a minor oversight — it's a major risk.