惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Application and Cybersecurity Blog
Application and Cybersecurity Blog
T
Threat Research - Cisco Blogs
Latest news
Latest news
Project Zero
Project Zero
TaoSecurity Blog
TaoSecurity Blog
Cyberwarzone
Cyberwarzone
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Google DeepMind News
Google DeepMind News
P
Privacy & Cybersecurity Law Blog
T
Troy Hunt's Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
AWS News Blog
AWS News Blog
Hacker News: Ask HN
Hacker News: Ask HN
S
Security @ Cisco Blogs
C
Cisco Blogs
Help Net Security
Help Net Security
I
Intezer
W
WeLiveSecurity
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
腾讯CDC
S
Secure Thoughts
MyScale Blog
MyScale Blog
Recorded Future
Recorded Future
G
GRAHAM CLULEY
L
LINUX DO - 热门话题
A
About on SuperTechFans
C
CXSECURITY Database RSS Feed - CXSecurity.com
IT之家
IT之家
J
Java Code Geeks
The Hacker News
The Hacker News
阮一峰的网络日志
阮一峰的网络日志
Scott Helme
Scott Helme
Recent Announcements
Recent Announcements
AI
AI
Cisco Talos Blog
Cisco Talos Blog
B
Blog RSS Feed
V
Vulnerabilities – Threatpost
C
Check Point Blog
Security Latest
Security Latest
S
SegmentFault 最新的问题
T
The Exploit Database - CXSecurity.com
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
M
MIT News - Artificial intelligence
T
The Blog of Author Tim Ferriss
Attack and Defense Labs
Attack and Defense Labs
PCI Perspectives
PCI Perspectives
Recent Commits to openclaw:main
Recent Commits to openclaw:main
T
Tailwind CSS Blog
Apple Machine Learning Research
Apple Machine Learning Research

Omnissa

Discover which solution is best for you: VDI, DaaS, or RDSH From on-prem to cloud: how Horizon licensing adapts to you Inside the Forrester TEI findings: Workspace ONE UEM delivered 170% ROI As security continues to evolve, has your mobile strategy? Introducing automated enrollment for Horizon Cloud desktops with Workspace ONE UEM Omnissa and GEMA partner to empower organizations with a modern digital sovereignty solution Attention Omnissa Intelligence users: Show off your dashboard! How P&O Cruises and Cunard manage devices & IT support at sea Omnissa Solution Exchange: Discover additional ways to maximize your Omnissa investments Horizon Cloud on vSphere: Hybrid DaaS made easy 10 challenges that hold back Horizon success Omnissa named a Leader in the 2025 Gartner® Magic Quadrant™ for Desktop as a Service Omnissa scores highest in 4 out of 4 Use Cases in 2026 Gartner® Critical Capabilities for Endpoint Management Tools Enabling the Modern Workforce with Omnissa Workspace ONE and Samsung Knox Suite Point of view: The autonomous workspace will reshape the role of enterprise IT Introducing Workspace ONE UEM 2602: A feature packed release with updates across the board Why security fundamentals matter more than ever Android XR Management with Workspace ONE What's new with DEX for Horizon: expanding partner ecosystems and integrations Customer adoption grows for Omnissa Horizon deployments on Nutanix AHV Optimize secure, seamless workspaces with IGEL and Omnissa Omnissa Secure Access Suite delivers secure browser functionality with the Omnissa platform ICYMI: Highlights from our “App Management Reimagined” event Omnissa Pass: Native MFA for stronger, simpler security Modern education—any device, everywhere learning with smarter IT DEX is a value strategy: How Omnissa helps turn IT from cost center to value engine From fragmentation to fruition: Why a platform approach wins Mod Stack architecture: Rebuilding for flexibility, scalability, and resilience New Omnissa 2026 study finds shadow AI, security gaps, and device instability expose need for end-to-end IT observability Omnissa accelerates global market momentum with strategic board expansion and executive leadership appointment Enhanced VDI can help maximize productivity without breaking the bank Device Timeline: Precision troubleshooting for the modern IT team Omnissa Horizon on Nutanix AHV: One year of momentum Omnissa is named a Leader for the third consecutive year in the 2025 Gartner Magic Quadrant for Desktop as a Service Celebrating innovation in digital work: Announcing the 2026 Omnissa Customer Achievement Awards All About Mobile in 2: Mobile risk explained Three IT challenges that Omnissa Secure Access Suite aims to address Omnissa Sovereign Solution: The modern path to sovereign digital workspaces An Expectation—Secure by Design and Omnissa All about mobile in 2: Four million+ social engineering attacks Flying blind in the AI era: Why observability is key to scaling digital work Omnissa partners with Red Hat to offer more flexibility to Horizon 8 customers Omnissa App Volumes delivers industry-first on-demand Windows app delivery, drastically reducing costs of traditional app management Omnissa collaborates with Google Workspace Omnissa delivers secure, browser-based access to enterprise applications with Google Chrome Enterprise Premium Omnissa Workspace ONE brings centralized eSIM management to the enterprise Omnissa strengthens its digital work platform with new AI capabilities designed with trust and transparency at the core Omnissa unveils Workspace ONE Vulnerability Defense to transform security management across all endpoints and applications Omnissa strengthens its platform with IT consolidation and open ecosystem flexibility to give customers more choice and a better experience Horizon 2512 arrives with new capabilities for Amazon WorkSpaces Core Extending Horizon Cloud flexibility to OpenStack-based private clouds When “update” becomes the attack: what the Notepad++ incident teaches IT Omnissa leads the future of digital employee experience Deliver secure, simple modern digital workspaces with Horizon and IGEL Compress complexity and simplify healthcare IT for better care Introducing the next generation of Windows management with Workspace ONE UEM App lifecycle management with App Volumes: Now available for traditional PCs Optimize your retail operations at every touchpoint The next wave of the autonomous workspace is here: Omni now GA Announcing Self-Managed Pools on Horizon Cloud: More flexibility, broader use cases Unlock Horizon management savings with a special UEM and DEX offer Explore what's new in App Volumes 2506 and Dynamic Environment Manager 2506 Meet our AI-powered Data Explorer in Omnissa Intelligence Bridging the app gap and supporting Apple adoption with Horizon Omnissa announces Day 0 support for version 26 of Apple OS Horizon 8 2512: Delivering a more intuitive experience, broader platform support, and deeper hybrid cloud integration It's mission-critical that federal IT shift from reaction to readiness 4 trends that will reshape the autonomous workspace in 2026 Omnissa ranks highest across all four Use Cases in the Gartner® Critical Capabilities for Endpoint Management Tools report Omnissa announces winners of its inaugural Customer Achievement Awards Driving the future of endpoint management: Omnissa named a Leader in four 2025-2026 IDC MarketScape assessments for UEM Omnissa Value Center: Maximize your tech investment ROI From panic to presents: Holiday retail enablement made smooth by Omnissa Introducing the new Horizon Client for a consistent employee experience across platforms Omnissa recognized as a Leader across four IDC MarketScapes for Unified Endpoint Management Choice and simplicity delivered: Horizon 8 support for Nutanix AHV reaches general availability Workspace ONE supports Platform SSO with Entra ID via Secure Enclave Why IT teams resist change—and how to overcome it The top 5 takeaways from Omnissa ONE 2025 Las Vegas Greater deployment flexibility with Horizon Cloud and Platform9 5 things you didn’t know you could do in Omnissa Connect The platform imperative: From chaos to consolidation Close the endpoint vulnerability gap to reduce risk and improve compliance Workspace ONE Access supports Platform SSO for Apple macOS Simplify IT ops with Quickflows in Freestyle Orchestrator The modern enterprise thrives with Omnissa, Okta, and Google Omnissa and WWT launch new webinar series “Walk This Way” Horizon 8 on Nutanix AHV: A powerful new frontier in VDI Follow-up: Horizon 8 Term licenses now deployable in the public cloud Omnissa Listed in 2025 Gartner® Critical Capabilities for DEX Management Tools Workspace ONE includes new Apple features in latest release Security and management innovations Omnissa launches DEX Playbooks to boost help desk efficiency Workspace ONE integrates with Apple GitHub to automate DDM Celebrating excellence: Announcing the 2025 Omnissa Customer Achievement Award program Omnissa accelerates go-to-market momentum with key leadership appointments Horizon 8 2506: Featuring improved control and productivity Omnissa celebrates first year of independence highlighting growth, innovation and industry recognition Charting our own path: Reflections on our first year of independence Trust is priority one for Omnissa cloud services
Lessons from the Stryker incident: From access to impact
Brian Link · 2026-03-27 · via Omnissa

March 26, 2026

  • Brian Link

    Product CTO (Americas) and Head of Platform (AI, Data, Automation)

    Brian Link is Product CTO (Americas) and Head of Platform (AI, Data, Automation) at Omnissa, where he helps shape product strategy and enables global enterprises to realize the full potential of modern management across security, AI-driven automation, and digital employee experience.

    With prior executive IT and product leadership roles at Nike, Capital One, VMware, and Microsoft, Brian has a proven track record of guiding enterprise technology strategy, scaling EUC platforms, and delivering measurable business outcomes at global scale.

    A tech enthusiast, investor, and accomplished musician, Brian thrives at the intersection of creativity and strategy, whether building high-performing technology teams, designing next-generation platform experiences, or creating art that resonates with audiences around the world.

    Read More From the Author

Based on what has been publicly shared about the recent Stryker incident, this doesn’t appear to be a case of a platform being exploited in the traditional sense. There’s no smoking gun of a systemic failure. Rather, it’s a useful reminder of something we don’t talk about enough in enterprise IT. Not all major security events come from exploits. Some come from perfectly valid actions executed with the wrong authority.

In this case, there was no fundamental breakdown of the platform. No zero-day vulnerability or novel attack vector. Instead, attackers simply appeared to gain access to privileged credentials and used the system as it was designed to be used.

Not all major security events come from exploits. Some come from perfectly valid actions executed with the wrong authority.

The uncomfortable truth is that the platform is not what failed. The system behaved as intended, and the commands were valid. 

The problem lies in the model of authority. We tend to anchor security posture around: 

  • Preventing unauthorized access
  • Hardening endpoints
  • Detecting anomalous behavior 

And all of that still matters, of course, but incidents like this expose a different class of risk.  

What happens when access is legitimate, but the action itself can be catastrophic?  

Remote wipe” is a perfectly valid administrative function. It’s used every day across countless workflows around the world. But in the wrong hands, at the wrong scale…  it starts to look a lot like an operational weapon.

UEM hygiene is security hygiene. (I’ll say it louder for the folks in the back!) Your MDM or UEM solution is one of the most powerful execution layers in your environment. That is why mastering the fundamentals is so paramount.

We tend to think about “hygiene” in terms of table stakes:

  • Device compliance
  • Patch levels
  • Encryption
  • Configuration drift

But what about these considerations:

  • How is your administrative authority structured?
  • How are your actions scoped and constrained?
  • What safeguards exist for those high-impact operations?
  • How are you controlling blast radius before execution?

Your hygiene cannot just be about device state. You have to consider action governance.

Now, make no mistake. I’m not here to say that those table stakes no longer matter. On the contrary, you should patch early and often. You should encrypt all the things. You should maintain device state and compliance. But perhaps there are a few other things worth stress testing in your environment, especially in light of recent incidents:

  1. Is your administrative access equivalent to unlimited impact? In many environments, the answer is effectively ‘yes’. Once someone inherits privileged credentials, they inherit the full operational capability of that role. And that, my friends, is a problem. Administrative access alone should not automatically allow unrestricted impact.
     
  2. Is your authority compartmentalized or is it centralized? The architectural difference between the two matters. For example, in Workspace ONE UEM administrative authority can be segmented across:
  • Hierarchical organizational groups
  • Multi-tenant boundaries
  • Scoped permissions across device populations, business units, geographies, etc.

This allows our enterprise customers to constrain authority, rather than concentrating it into global roles. If your model centralizes power, then compromise becomes exponentially more dangerous. 

  1. Are you truly operating with least-privilege administration? Most organizations will say they are, but I can’t help but wonder how many actually are. Folks… fine-grained RBAC matters. Scope your permissions by:
  • Device group
  • Resource type
  • Operational function
  • And so on 

The goal is simple… no single role should have more power than it absolutely needs. 

  1. Should your high-impact actions require additional confirmation? Not all actions are equal, nor should they be treated as such. Destructive or high-scale operations should introduce friction by design because, in a compromised scenario, speed and scale work against you. 
     
    For example, in Workspace ONE UEM you can (and should) require an administrative confirmation factor such as MFA. We even offer an admin PIN and intentionally store that control within the management platform itself, rather than solely in the identity provider. Why? Because if identity is compromised and all enforcement lives there, you’ve effectively lost your last line of defense. 
     
  2. Can you control blast radius before execution? It’s not enough to log or alert after the fact. You need mechanisms to:
  • Define thresholds for high-impact actions (like mass device wipes)
  • Trigger additional authorization when those thresholds are exceeded
  • Enforce separation of duties between policy definition and policy execution 

In Workspace ONE UEM, this shows up in capabilities like Device Wipe Protection, where operations exceeding a defined scope require added controls. 

Say it with me: Scope and scale should never be accidental. 

Where is all this heading?

We have to acknowledge that the industry is moving like a rocket toward a world where actions are faster, automation is more pervasive, and AI will increasingly participate in execution. At face value that is a powerful concoction that breathes life into a canvas of infinite possibilities. But it is also dangerous if governance doesn’t evolve alongside it.

We’re already seeing the next steps emerge before our eyes.

  • We must expand threshold protections beyond singular actions and broaden them across all resources.
  • Approval workflows may well become the new normal, especially when we consider what it means to have humans in, on, and out of the loop across operational tasks.
  • We need to hold ourselves accountable and enable tighter controls over how configurations and payloads are authorized and deployed.

None of this is about slowing things down. If it were only that simple. We have to make sure that speed doesn’t outrun control.

I’ll say it again… the more I squint at it, the more it feels clear to me that the Stryker incident wasn’t a failure of technology. It was a reminder that in modern enterprise environments, the most dangerous thing is not unauthorized access; it is unrestricted, ungoverned authority operating at scale.

That is the next frontier of UEM hygiene, and we can’t afford to ignore it.

Back to insights