Insights
News and Insights
HIPAA for Italian companies serving US clients: what it actually takes
A company handling health data on behalf of US clients is a Business Associate under HIPAA: a BAA is required, a US datacenter is not, and HIPAA certification does not exist. The mapping to ISO 27001, the HHS cloud guidance and the upcoming Security Rule update.
Read the articleJune 2026 Patch Tuesday: 200 vulnerabilities, six zero-days and the KB5087424 printing bug
The largest Patch Tuesday ever: around 200 vulnerabilities fixed, 33 critical, six zero-days closed (including GreenPlasma, YellowKey and HTTP/2 Bomb). And if printing stopped working on Windows Server 2022, the culprit is hotpatch KB5087424. What to install, what to verify and what remains exposed.
Read the articleAzure Virtual Desktop without Active Directory: how it works and when it makes sense
Microsoft Entra Kerberos lets Azure Virtual Desktop and FSLogix profiles on Azure Files run without a domain controller: it is still Kerberos, but the tickets are issued by the cloud rather than by Active Directory. How it really works, hybrid vs cloud-only, and which companies it makes sense for.
Read the articleGoodbye NTLM: Kerberos everywhere with IAKerb, LocalKDC and what to do now
Microsoft will disable NTLM by default. IAKerb and LocalKDC bring Kerberos to scenarios that used to fall back to NTLM: local accounts, domains with no line of sight to the KDC, heterogeneous environments with NAS and macOS. How it works, why it is a zero-trust matter and what to do today.
Read the articleQilin ransomware: how it attacks Italian SMEs and how to defend against it
The Italian CSIRT reports systematic Qilin ransomware campaigns against Italian SMEs: access via VPN appliances without MFA, encryption of VMware ESXi hypervisors and backup neutralisation. The 5-step kill chain and the 5 countermeasures to defend your business.
Read the articleManaged backup vs. backup platform: how internal IT should choose
End-to-end managed service or platform-only delivery on which the internal IT team operates autonomously: differences, five decision questions, the hybrid model and compliance coverage for NIS2 (art. 21 of Italian Legislative Decree 138/2024), ISO/IEC 27001:2022 A.8.13 / A.5.30 and DORA.
Read the articleZTNA: how to replace the corporate VPN with Zero Trust Network Access
May 2026 unauthenticated RCEs in Cisco SD-WAN (CVE-2026-20182) and Fortinet (AL04/260513) expose the limits of the VPN model. What ZTNA is, how Microsoft Entra Private Access works, a 6-step migration path and NIS2 + ISO 27001:2022 coverage.
Read the articleTen years of GDPR: a balance sheet for Italian SMEs and the road ahead with NIS2 and the AI Act
On 24 May 2026 Regulation (EU) 2016/679 turns ten. More than €6 billion in fines across Europe, €311 million in Italy spread over 538 cases: a story of continuous evolution. In many SMEs, however, privacy is still seen as a bureaucratic chore handled by non-specialist consultants. Balance, real cases, and convergence with NIS2 and ISO 27001.
Read the articleNIS2 relevant suppliers: how to manage subcontractors and intra-group on the ACN platform by 31 May 2026
ACN FAQs FRN.5–FRN.10 (18 May 2026) clarify intermediated supply (FRN.8) and intra-group suppliers (FRN.9). What to do by 31 May 2026 for the annual update of NIS entities on the ACN platform.
Read the articleExchange Server OWA zero-day (CVE-2026-42897): why to migrate to Microsoft 365 now
CVE-2026-42897, an XSS vulnerability in Outlook Web Access on Exchange Server 2016/2019/SE: active exploitation in the wild, no official patch and CISA KEV listing. What to do today and why Microsoft 365 closes the problem at its root.
Read the articleCyber Resilience Act: how to prepare for CE marking of software by 2027
EU Regulation 2024/2847: the CE mark comes to software, IoT and connected devices. ENISA vulnerability notification within 24h from 11 September 2026, full application from 11 December 2027. What changes for European SMEs that buy software.
Read the articleDANE and MTA-STS for SMTP: enforced email encryption and downgrade-attack protection
SMTP relies on opportunistic StartTLS, which is vulnerable to downgrade attacks. MTA-STS (RFC 8461) and DANE (RFC 7672) make TLS mandatory between mail servers. Microsoft Exchange Online has rolled out outbound DANE. A practical rollout path for your organisation.
Read the articleIT supply chain: what NIS2, GDPR and ISO 27001 really require from professional services firms and SMEs
A real 2026 case: an IT vendor asks for a permanent VPN into a client network to manage a phone system. The right answer is not technical, it is risk governance. What NIS2, GDPR and ISO 27001 say about the IT supply chain, and why it matters for accountants, lawyers and SMEs well beyond NIS2 entities.
Read the articleNIS2: ACN clarifications from the Clusit event of 29 April 2026
At the Clusit event of 29 April 2026 ACN clarified categorisation of activities, non-fungible suppliers, the 24-hour window starting from evidence and the responsibility of management bodies. NIS2 enters the phase of real risk governance.
Read the articleKB5082063 April 2026: domain controllers in LSASS crash and BitLocker recovery, what to do
Microsoft’s KB5082063 April 2026 update sends domain controllers into LSASS reboot loops and triggers unexpected BitLocker recovery prompts on Windows Server 2016/2019/2022/2025. Symptoms, mitigations and operational checklist.
Read the articleVNC exposed on the Internet: risks for SCADA, IoT and manufacturing SMEs per Italy’s CSIRT
Italy’s CSIRT reports a surge in attacks on SCADA, IoT and industrial systems exposed via VNC on the Internet. Weak encryption, brute force, hacktivism. Mitigations and Zero Trust checklist for SMEs.
Read the articleNIS2 categorization: how to file activities and services on the ACN platform by 30 June 2026
Italy’s ACN determination 155238/2026 introduces 10 macro-areas and 4 relevance categories for NIS2 entities. Mandatory submission on the ACN platform from 1 May to 30 June 2026.
Read the articleBuy or rent a server: how to calculate the real TCO
How much does a business server really cost? The 5 line items that drive real TCO: hardware (only 30-40%), electricity, IT staff time (20-25%), licensing, maintenance. When cloud rental really wins.
Read the articleWorld Password Day 2026: passkeys, phishing-resistant MFA and post-quantum cryptography
May 7, 2026 is World Password Day. Passkeys supported by M365, Google, Apple and GitHub, SMS/TOTP MFA no longer enough, NIST PQC standards since 2024. Three concrete actions for your business in 2026.
Read the articleUS CLOUD Act and data sovereignty: why choose European datacentres
The US CLOUD Act allows extraterritorial access to data hosted by American providers, even in Europe. What changes with Schrems II, the Data Privacy Framework and EU Data Boundary.
Read the articleOAuth Consent Phishing on Microsoft 365: how it bypasses MFA
Italy’s CSIRT has reported an OAuth campaign against Microsoft 365 that bypasses MFA. Consent Phishing and Device Code Grant: mechanism, risks and practical Entra ID countermeasures.
Read the articleDigital signatures and PA documents: why they expire without a timestamp
Digitally signed documents without a timestamp stop being verifiable when the certificate expires. Why publishing them online is risky and how to correctly apply CAdES-T for PA supplies.
Read the articleKerberos RC4 enforcement in Active Directory: what changes from 14 April 2026
From 14 April 2026, the Active Directory KDC no longer issues Kerberos RC4 tickets. Legacy service accounts, NAS with keytabs and non-Windows devices may stop authenticating. How to check and migrate to AES.
Read the articleAkira ransomware hits Italian SMEs: 13 incidents confirmed by CSIRT Italia
Italy’s CSIRT has confirmed 13 Akira ransomware incidents against Italian SMEs in early 2026. Unpatched perimeter firewalls and SSL VPN gateways remain the main vector. What to do today.
Read the articleEmail archiving: why legal retention is no longer optional
Ten-year civil obligations, electronic invoicing, GDPR, NIS2 and Italian PEC: in 2026 corporate email must be retained in an immutable, signed and searchable way. Mailbox backup is no longer enough.
Read the articleACN QC1 Qualification: Two New AtWorkStudio Services in the Italian Cloud Catalogue
The Italian National Cybersecurity Agency (ACN) has awarded the QC1 qualification to ATWS Email Security Gateway (SA-7582) and ATWS Secure Backup for Microsoft 365 (SA-7583). Valid for 36 months.
Read the articleCorporate database server: who has the keys to your data?
Software vendors with sysadmin access, overlapping backup tools, no governance. The database server in SMEs is the most critical and least controlled system. How to regain control.
Read the articleWordPress vulnerability: the problem is the architecture, not the plugin
CVE-2026-3098 in Smart Slider 3 exposes 500,000 WordPress sites. But the problem is not the individual plugin: it’s the architecture itself. Why static sites on cloud infrastructure are the alternative.
Read the articleEmail Security Gateway: why basic spam filters are no longer enough
Over 90% of cyber attacks begin with an email. How an email security gateway with Libraesva protects business mailboxes from phishing, BEC and malware.
Read the articleIdentity Management Day: digital identity is the new enterprise perimeter
80% of breaches start with compromised credentials. MFA, Conditional Access and Zero Trust: how to protect digital identities and comply with NIS2 and DORA.
Read the articleDNS Security: Protecting Enterprise DNS Resolution with Azure
Over 85% of malware uses DNS to communicate with C2 servers. How Azure DNS Security Policy protects enterprise DNS resolution: filtering, DNSSEC, monitoring and NIS2 compliance.
Read the articleOutsourced CSIRT: how SMEs can meet NIS2 obligations without an internal team
NIS2 requires a CSIRT contact point and strict incident notification timelines. For SMEs without a dedicated team, an outsourced CSIRT is the solution to achieve compliance without building internal capabilities.
Read the articleTISAX in Piacenza: why automotive supply chain companies can no longer wait
OEMs increasingly require TISAX compliance from their suppliers. For automotive supply chain companies in Piacenza and Emilia-Romagna, getting prepared is a competitive priority.
Read the articleClusit Report 2026: 5,265 Attacks in 2025, Italy Still in the Crosshairs
+49% cyber incidents in 2025. Italy accounts for 9.6% of global attacks with 507 serious incidents. Manufacturing +79%, healthcare +19%. Key findings and what they mean for SMEs.
Read the articleWorld Backup Day 2026: Why Business Backup Decides Your Company’s Future
60% of SMEs that lose their data close within 6 months. The 5 most common mistakes, the 3-2-1-1-0 rule and how to truly protect your business with tested, resilient backups.
Read the articleHow to Secure Your Azure Environment: A Practical Guide
Identity, networking, data protection, monitoring and compliance: the five essential controls for a secure Microsoft Azure environment.
Read the articleNIST Assessment now available in Italian, English and German
The free cybersecurity self-assessment at nist.atws.app is now available in three languages: Italian, English and German. Same 106 questions based on NIST CSF 2.0, with a fully localised interface and report.
Read the articleThe corporate perimeter no longer exists: why firewalls and VPNs are not enough
The Zscaler report on 1,750 IT leaders and the WEF confirm: corporate security strategies are still too inward-focused. The new perimeter is user identity.
Read the articleHow to choose an IT company in Piacenza
Certifications, vendor independence, cloud and cybersecurity expertise: concrete criteria for evaluating an IT partner in Piacenza.
Read the articleCloud services for businesses in Piacenza: what to look for
Managed cloud vs hosting, data residency, ISO certifications and NIS2 compliance: what to ask your cloud provider.
Read the articleDatacenters for businesses in Piacenza: local or European?
On-premise server, local datacenter or European cloud? A practical comparison for businesses in Piacenza: costs, security and compliance.
Read the articleCybersecurity, AI and cloud: weekly news roundup
Trivy compromised twice in a month, NVIDIA reaches 1 million GPUs in AI factories, Tycoon 2FA dismantled and AWS-Google launch multicloud networking.
Read the articleWhy 2026 is the right time to migrate to Microsoft 365
MIMIT voucher, NIS2 deadlines and Exchange 2016 end of support: three concrete reasons to migrate email and files to Microsoft 365 in 2026. A practical guide for SMEs.
Read the articleCyber Index PMI 2026: the cyber maturity of Italian SMEs
Average score 55/100, only 16% of SMEs classified as mature, and 1 in 4 hit by a breach in the past three years. Key findings from the third Cyber Index PMI report.
Read the articleMIMIT Cloud and Cybersecurity Voucher 2026
ATWS has applied to register as a supplier for the MIMIT 2026 voucher programme. Non-repayable grants up to €20,000 for cloud and cybersecurity services for SMEs and professionals.
Read the articleNIST 2.0 Cybersecurity Assessment: evaluate your security posture for free
Our free self-assessment tool based on the NIST CSF 2.0 framework is now available. 106 questions, instant report and analysis of your organisation’s security posture.
Read the articleATWS Secure Backup for Microsoft 365: ACN qualification submitted
ACN qualification request submitted for the SaaS backup service for Microsoft 365. Protection of Exchange, SharePoint, OneDrive and Teams with encrypted EU storage.
Read the articleATWS Email Security Gateway: ACN qualification submitted
ACN qualification request submitted for the email security gateway. Filtering, antispam, antivirus and configurable policies on European cloud infrastructure.
Read the articleATWS Secure Workspace qualified by ACN for the Public Administration
ATWS Secure Workspace is ACN-qualified and listed in the Cloud Catalogue for the Italian Public Administration. Secure SaaS desktop with MFA and EU-only data.
Read the article