EMA Research Blog: Navigating IT and Security Horizons

Google's upcoming Android Developer Verification Program (ADVP), which launches fully in 2026, requires all developers to register and verify their identities before their applications can be installed on certified Android devices.

When I attended the Identity Week conference in Washington, D.C. last year, I noted a heavy focus on biometrics, especially focused on employee onboarding and background checks. While this is an important topic, I was disappointed that there wasn’t more focus on identity security and non-human identities. This year at Identity Week, that changed significantly.

The recent U.S. strikes on Iranian nuclear facilities dramatically reshaped the cyberthreat landscape facing American networks. In the weeks and possibly even months following the bombings, cybersecurity professionals should anticipate a surge in both opportunistic and state-aligned intrusions aimed at disrupting critical systems, stealing sensitive data, or undermining public confidence in digital infrastructure. Understanding the motivations, tactics, and potential targets of these adversaries is essential for organizations seeking to bolster their defenses and maintain operational resilience.

Black Hat Asia 2025 returned to Singapore with a dynamic mix of technical depth, real-world impact, and plenty of sobering insights about the evolving cybersecurity landscape. Across two packed days, experts from around the globe tackled threats old and new, offering live demonstrations, original research, and thought-provoking commentary on the increasingly blurred lines between digital, physical, and even quantum attack surfaces.

In an era when government operations increasingly rely on digital infrastructure to remain effective, accountable, and secure, messaging platforms emerged as both an enabler and a risk vector. The question of how government agencies communicate—internally, externally, and across jurisdictional lines—is no longer merely a matter of workflow optimization. It is a fundamental aspect of mission assurance, public trust, and operational integrity. Yet even as messaging tools proliferate and mature, the gulf between platforms built for accountability and those designed for privacy remains pronounced. Nowhere is that divide more evident than in the ongoing tension between Microsoft Teams and Signal—two platforms that, while often deployed in parallel, represent fundamentally different answers to the same set of urgent questions about security, control, and digital sovereignty.

In an era when cybersecurity threats continue to evolve at an unprecedented pace, organizations are seeking robust, goal-oriented solutions to identify and remediate security vulnerabilities effectively. Traditionally, penetration testing as a service (PTaaS) played a critical role in structured, systematic security assessments. However, as the industry shifts toward more dynamic and continuous testing models, it is becoming increasingly clear that PTaaS needs a redefinition—one that includes the advantages of bug bounty programs under its umbrella.

In today’s interconnected digital landscape, identity has become the cornerstone of both organizational security and user experience. Whether onboarding a new employee or granting a customer access to services, the journey of identity—commonly referred to as the identity supply chain—encompasses a series of critical stages, from initial verification to continuous authentication and authorization.

OpenText World 2024 highlighted the growing role of AI in enterprise transformation, with Aviator, OpenText’s AI platform, as a focal point. Now one year into its deployment, Aviator has demonstrated significant potential in addressing challenges across industries by integrating AI into business processes. The platform reflects OpenText’s broader strategy of “Elevating Human Potential,” focusing on AI, cloud, and security as key drivers of innovation. Aviator’s emphasis on secure, data-driven AI models has positioned it as a useful tool for tackling the complexity of modern information management.

I recently had the opportunity to attend Identity Week in Washington, D.C. While this is a smaller conference compared to RSA Conference or Black Hat, some of the conversations were just as powerful and much more focused on the identity market. I was at first encouraged by the large focus of biometrics at the conference, but quickly discouraged upon seeing the limited use cases many of the vendors were promoting.

According to the RSA Conference website, there was a total of 641 vendors exhibiting or sponsoring the conference in the over 738,000 square feet of exhibit space dedicated within the two-million-square-foot Moscone Center. I had meetings scheduled with approximately 20 of these vendors and met with a small handful of additional vendors on the expo floor as time permitted. I didn’t keep track of how far I walked this year, but the entire Moscone Center complex is approximately 87 acres in size. For comparison, the United States Capitol building is only 4 acres. I made several laps around the expo floor each day, as well as walking around the entire complex throughout various parts of the day. Needless to say, my feet are quite tired, but with the conversations I had with vendors, it was worth it.