The Shadow Insider – When AI Agents Touch Your Data Some data security controls can tell you who accessed sensitive data, as long as “who” means a human. In the age of agentic AI, that’s no longer enough. For years, when a security team investigated a data incident, the first question was simple: who touched […]
5 Steps to Shrink Your Blast Radius Your team generated 4723 “Anyone with the link” shares in the past 3 months. How many of them are still active now? The challenge for security leaders isn’t a lack of motivation. It’s the fear of breaking the business in the process. You can’t just revoke everything. You […]
Your Cloud Shared Files are a Ticking Time Bomb Should we need to stop talking about “the cloud”? For most organizations, the cloud isn’t a nebulous collection of AWS buckets or Azure instances, at least not to the people who actually run the business. To your Marketing Director, your Head of HR, and your Finance […]
Scroll through TikTok or Instagram today and you’ll quickly notice a familiar pattern: throwback photos from 2016, vintage filters, and references to “the good old days.” What makes this trend noteworthy isn’t the aesthetics. It’s the tone. This isn’t ironic nostalgia or playful retro styling. It’s reflective. Sometimes even reflective. Celebrities have joined in. […]
Who Touched What, And Why Permissions Aren’t Enough When something goes wrong, whether it’s a suspected breach, a regulatory inquiry, or an internal anomaly, organizations face a deceptively simple question: Who accessed the data? Not who could have accessed it. But who actually did. For many security teams, this is the moment when confidence begins […]
The Data Access Gap Putting Financial Institutions at Risk Data access almost always grows faster than it shrinks. This is even more true for financial institutions as it is a tangible risk on both the security and the compliance side. New permissions are granted as people change roles, support projects, or onboard new systems. But […]
2026 Security Resolutions: Fewer Assumptions, More Evidence Security failures rarely come from missing controls. They come from assumptions that hardened into policy and stopped being questioned. Risk emerges from access and data decisions made over time, through role changes, project work, access sharing, temporary exceptions, and system evolution, that quietly persist long after their original […]
