E-time | the software company
What Is Identity Governance and Administration (IGA) and How It Works in Digital Identity Management
INDEX
- What Is Identity Governance and Administration (IGA): Full Definition
- Identity Governance and Administration (IGA): Objectives and Enterprise Use Cases
- Why IGA Is Essential in Digital Identity and IT Security Management
- What Are the Components of an IGA System: Identity Lifecycle, Roles, Policies, and Access Control
- Identity Lifecycle Management: Provisioning, Update, and Deprovisioning of Users
- How IGA and IAM Work Together in Digital Identity Management
- Integration Between YooPoint IGA and Yookey IAM: Governance and Access Management
What Is Identity Governance and Administration (IGA): Full Definition
Identity Governance and Administration (IGA) is the set of processes, rules, and technologies that enable organizations to effectively govern digital identities and their access rights to enterprise systems. Its goal is to ensure that each user has only the permissions necessary to perform their activities, in compliance with security policies and regulatory requirements.
IGA platforms combine two complementary aspects: on one side identity governance, which ensures control, visibility, and compliance; on the other side identity administration, which operationally manages activities such as account creation, permission assignment, and revocation.
Identity Governance and Administration (IGA): Objectives and Enterprise Use Cases
Identity Governance and Administration (IGA) arises from the need to structurally control who can access enterprise resources, what permissions they have, and for how long these permissions remain valid. This approach helps reduce risks related to improper access, increase traceability of operations, and improve overall organizational security.
IGA solutions are applied across multiple sectors. In healthcare, they help protect sensitive data and medical records; in the financial sector, they enable monitoring of privileges and role conflicts; in organizations using cloud services and SaaS applications, they facilitate automated access management across complex and distributed environments.
Why IGA Is Essential in Digital Identity and IT Security Management
The growing adoption of cloud environments, hybrid infrastructures, and distributed applications has made it increasingly difficult to manually manage users, roles, and permissions. In this context, an IGA system enables centralized control over access and reduces the risk of exposing enterprise resources.
The adoption of policies based on the principle of least privilege ensures that each user is granted only the permissions strictly necessary, limiting the possibility that compromised accounts or misconfigurations become an attack vector for the organization.
What Are the Components of an IGA System: Identity Lifecycle, Roles, Policies, and Access Control
An IGA platform is based on several elements that work together to ensure control over digital identities. These include user lifecycle management, definition of business roles, application of access policies, and periodic access review activities. Particular importance is given to models such as Role-Based Access Control (RBAC), which allows permissions to be assigned based on job role, and Separation of Duties (SoD), used to prevent situations where a single user may accumulate conflicting privileges.
Identity Lifecycle Management: Provisioning, Update, and Deprovisioning of Users
Identity Lifecycle Management accompanies the user throughout all stages of their presence within the organization, from account creation to deactivation. During onboarding, the IGA system can automate account creation and permission assignment based on the user’s business role. During the working lifecycle, any role or organizational changes are handled by dynamically updating permissions and attributes while maintaining consistency with company policies.
In parallel, IGA process automation eliminates many manual access management activities through predefined workflows and rules that govern approval, assignment, and revocation of privileges. This approach ensures higher operational efficiency, reduces human error, and guarantees that every access change is applied in a timely and controlled manner throughout the identity lifecycle.
How IGA and IAM Work Together in Digital Identity Management
Although they serve different purposes, Identity Governance and Administration (IGA) and Identity and Access Management (IAM) are complementary technologies that work together to ensure secure and efficient management of digital identities.
IAM solutions handle operational access aspects such as authentication, authorization, Single Sign-On, and credential management, while IGA introduces a governance layer that verifies the correctness, compliance, and consistency of assigned user permissions. By integrating IGA and IAM, organizations can centralize identity control, automate provisioning processes, and enforce consistent security policies across on-premise systems, cloud environments, and enterprise applications, improving security, compliance, and access traceability.
Integration Between YooPoint IGA and Yookey IAM: Governance and Access Management
The integration between YooPoint, the Identity Governance and Administration (IGA) solution, and Yookey, the Identity and Access Management (IAM) platform based on Keycloak, enables the unification of governance and operational identity management within a single ecosystem. In this model, Yoopoint governs roles, permissions, and access approval processes, while Yookey handles user authentication and the enforcement of access policies through features such as Single Sign-On (SSO), Multi-Factor Authentication (MFA), and identity federation.
The connection between the two platforms makes it possible to automate the entire identity lifecycle, from account creation to permission assignment and revocation. In this way, organizations can keep users, roles, and privileges aligned across on-premise and cloud applications, improving security, regulatory compliance, and operational efficiency.
RAG vs Fine-Tuning: Differences, Benefits, and Which One to Choose for AI Models
INDEX
- RAG vs Fine-Tuning: Comparing Differences, Costs, and Scalability
- What Is Fine-Tuning and When Should You Use It for LLMs?
- Vantaggi del Fine-Tuning nei modelli di linguaggio
- Choosing Between RAG and Fine-Tuning for Customer Service
- Alternatives to RAG and Fine-Tuning: Prompt Engineering and Embeddings
- How to Choose the Best AI Approach for Your Use Case
- Applying RAG to Enterprise Customer Service with Margot
RAG vs Fine-Tuning: Comparing Differences, Costs, and Scalability
The main difference between Retrieval-Augmented Generation (RAG) and Fine-Tuning lies in how knowledge is managed. RAG retrieves information from external sources in real time, while Fine-Tuning embeds knowledge directly into the model through additional training.
As a result, Fine-Tuning provides greater specialization but may introduce the risk of catastrophic forgetting, whereas RAG preserves the model’s original capabilities and simplifies knowledge updates.
- Costs: Fine-Tuning requires high-quality datasets, data preparation activities, and dedicated hardware resources. RAG generally involves lower upfront costs.
- Implementation Time: RAG can be deployed more quickly, while Fine-Tuning requires an additional training phase.
- Knowledge Updates: With RAG, knowledge bases can be updated without modifying the model. Fine-Tuning typically requires retraining whenever significant new information must be incorporated.
- Scalability: RAG makes it easy to expand document repositories and information sources, whereas Fine-Tuning becomes more complex as the amount of knowledge increases.
- Performance: Fine-Tuning delivers highly specialized and consistent responses, while RAG excels when access to dynamic and continuously updated information is required.
What Is Fine-Tuning and When Should You Use It for LLMs?
Fine-tuning is a technique used to specialize a pre-trained language model for a specific domain or task. Instead of building a model from scratch, organizations start with an already trained LLM and further train it using carefully selected datasets relevant to the intended use case.
During this process, the model’s internal parameters are updated, enabling it to acquire deeper expertise, specialized terminology, and response patterns tailored to industries such as healthcare, finance, insurance, or customer support.
Benefits of Fine-Tuning in Language Models
The main strength of fine-tuning lies in its ability to adapt model behavior to the specific needs of an organization. Through targeted training, AI systems can learn technical terminology, business processes, communication style, and operational rules, generating more consistent and context-aware responses.
This approach is particularly effective in scenarios where the information to be managed remains relatively stable over time and the system must replicate precise procedures or highly specialized language. Typical applications include technical documentation management, insurance workflows, regulatory procedures, and internal business processes.
Another key advantage is fast inference. Since the model already contains the required knowledge, it does not need to continuously query external databases to generate responses.
For use cases involving dynamic and frequently updated data, however, RAG represents an alternative approach with specific advantages for chatbots and enterprise AI systems.
Choosing Between RAG and Fine-Tuning for Customer Service
The choice between RAG and Fine-Tuning depends on project objectives and the type of information the system must manage. When a chatbot needs access to frequently changing, personalized, or real-time data—such as product availability, customer information, financial data, or case status—RAG is generally the most effective solution.
On the other hand, if the goal is to build an assistant that consistently reflects a company’s tone of voice, follows established business rules, and handles standardized processes, Fine-Tuning may deliver better results. Training smaller models can create highly specialized, fast, and controllable AI systems.
In many advanced implementations, both technologies are combined to leverage the specialization of Fine-Tuning alongside the real-time knowledge access provided by RAG.
Alternatives to RAG and Fine-Tuning: Prompt Engineering and Embeddings
In addition to RAG and Fine-Tuning, several other techniques can enhance AI system performance.
Prompt Engineering focuses on optimizing the instructions provided to a model in order to influence its behavior without modifying internal parameters. In many scenarios, this approach can achieve excellent results without incurring additional training costs.
Embeddings are a core technology behind semantic search and RAG systems. By converting content into vector representations, embeddings enable AI systems to identify and retrieve the most relevant information in response to user queries.
How to Choose the Best AI Approach for Your Use Case
The most suitable solution depends primarily on the nature of the data, the level of specialization required, and the characteristics of the model being used.
For large, general-purpose language models, such as modern LLMs, RAG is often the preferred option because it allows organizations to add up-to-date knowledge without altering the capabilities acquired during pre-training.
In summary, RAG is particularly well suited for dynamic information, continuously evolving documentation, and personalized data. Fine-Tuning is generally more effective for repetitive tasks, regulated processes, and environments where terminology, style, and procedures remain stable over time.
Applying RAG to Enterprise Customer Service with Margot
In enterprise customer service environments, RAG can be implemented through solutions such as Margot, E-time’s AI Agent, integrated with Rexpondo, the ticketing and IT Service Management platform. By dynamically retrieving information from the company knowledge base, Margot can provide accurate and up-to-date answers, automatically classify requests, and support both users and operators across multiple channels.
The combination of conversational AI and an Rexpondo ITSM platform enables organizations to automate support processes, reduce ticket handling times, and improve the overall customer experience while maintaining high standards of security, privacy, and regulatory compliance.
Discover Margot, E-time’s AI Agent, and Other Available Services
Cloud & Cybersecurity Voucher 2026: incentives for businesses
INDEX
What is the Cloud & Cybersecurity Voucher 2026 and who is it for
The Cloud & Cybersecurity Voucher 2026 is a measure introduced by the Italian Ministry of Enterprises and Made in Italy (MIMIT) aimed at supporting business digitalization and strengthening cybersecurity.
The initiative provides a non-repayable grant covering 50% of eligible expenses, up to a maximum of €20,000, for investments in cloud technologies, software solutions, hardware infrastructure, and cybersecurity services.
The incentive is targeted at Italian micro, small and medium-sized enterprises (SMEs), but it is also available to professionals and self-employed workers with a business presence in Italy who want to improve their digital security or modernize their IT infrastructure.
For technical details and to consult all the official attachments, read the full text of the Ministerial Decree of July 18, 2025.
How the Cloud & Cybersecurity Voucher works 2026
The grant can be requested by submitting an investment project ranging from €4,000 to €40,000. Eligible expenses must relate to the purchase of innovative technologies or services, or the upgrade of existing cloud and cybersecurity tools within the company.
The application process is divided into two main phases. First, an official list of qualified providers authorized to deliver eligible services will be established, expected between March and May 2026. Afterwards, a dedicated application window will open for businesses to submit their requests.
Applications will be evaluated on a first-come, first-served basis until available funds are exhausted. To access the incentive, companies must purchase services exclusively from accredited providers included in the ministerial register.
Requirements to access the Cloud & Cybersecurity Voucher
To apply for the Cloud & Cybersecurity Voucher 2026, businesses and professionals must meet specific eligibility criteria defined by the program. Key requirements include being legally registered and operational in Italy, as well as having an internet connection with a minimum download speed of 30 Mbps.
A further requirement introduced recently is compliance with insurance obligations covering damages caused by natural disasters and catastrophic events, which is mandatory to access the funding.
The incentive does not apply to sectors excluded under the EU “de minimis” regulation, such as primary agricultural production, fisheries, and aquaculture.
Benefits of the Cloud & Cybersecurity Voucher for businesses
The Cloud & Cybersecurity Voucher enables companies to invest in innovative technologies while significantly reducing initial project costs. Thanks to the non-repayable grant, businesses and professionals can adopt advanced cybersecurity and cloud solutions while covering only part of the total investment.
The measure strengthens corporate security by reducing risks related to cyberattacks and operational disruptions. At the same time, it supports the transition toward more modern and scalable infrastructures, improving efficiency, reliability, and long-term growth potential.
Another key benefit is regulatory compliance: investing in cybersecurity and data protection helps companies more easily meet information security standards, including the new and stringent obligations of the NIS 2 Directive; this investment allows for a timely response to the regulation, ensuring full compliance by the upcoming deadlines set for 2026.
Why Choose E-time for Cloud Solutions and Cybersecurity Services
Choosing E-time for IT and cybersecurity projects means partnering with a structured technology provider that combines expertise, experience, and a strong focus on scalable and reliable solutions.
- Enterprise Experience: Consolidated expertise in software development for complex sectors such as banking, insurance, companies and Public Administration.
- Specialized Expertise: Advanced security solutions (risk management with Rexguard), Identity Management, and [Service Desk & ITSM] platforms.
- Tailor-made Solutions: Custom design integrating proprietary and open-source technologies to turn IT into a strategic business asset.
- International Certifications: High standards guaranteed by ISO 9001:2015 and ISO/IEC 27001, with cloud extensions (27017 and 27018).
In view of the application window opening, E-time has already started the accreditation process for the official MIMIT register, confirming its role as a qualified technology partner to support companies in implementing cloud and SaaS solutions that meet the voucher requirements.
Leverage the Cloud & Cybersecurity Voucher 2026
with E-time!
with E-time!
YooPoint: the new IGA solution of the E-time suite for identity governance
Digital identity and corporate access management is now a key element for security, compliance, and internal organization.
For this reason, the E-time suite introduces YooPoint, the new IGA (Identity Governance and Administration) solution designed to simplify the management of users, permissions, and corporate access.
What is YooPoint, Identity Governance solution
YooPoint is an IGA solution developed to centrally manage identities, permissions, and corporate access.
The platform enables you to:
- manage users and credentials;
- control permissions and access rights;
- monitor access and transits;
- automate onboarding and credentialing processes;
- improve security and traceability.
Key features of the IGA solution
Identity governance
YooPoint supports companies in the structured management of digital identities, simplifying the control of roles, permissions, and authorizations.
Corporate access management
The IGA solution enables monitoring of entries, access, and user activity, improving security and operational control.
Process automation and system integration
YooPoint automates several access management activities, reducing manual operations and management time.
The platform can be integrated with existing access control systems and IT infrastructure, enabling centralized identity management.
Why choose an IGA software like YooPoint: benefits and advantages
YooPoint is designed to support companies in the digitalization of access control processes, identity governance, and visitor management, offering a modern, centralized platform that can be integrated with existing infrastructure.
With YooPoint, companies can:
- improve digital identity governance;
- increase access security;
- centralize permissions and access rights;
- simplify onboarding processes;
- reduce manual activities and operational inefficiencies.
YooPoint: IGA solution for Municipalities and Public Administration
YooPoint is the ideal IGA solution to support Public Administration organizations in the centralized management of digital identities and access to information systems. Municipalities, public entities, and multi-site organizations can simplify the control of users, roles, and permissions, improving security, compliance, and activity traceability.
Thanks to the automation of provisioning and access management processes, YooPoint helps public organizations reduce manual activities, minimize operational errors, and optimize digital identity governance. The platform also enables more efficient management of onboarding, role changes, and permission revocation, ensuring greater operational continuity and improved control over access to Public Administration services.
IGA & IAM: two complementary layers
YooPoint’s IGA (Identity Governance and Administration) solution is fully integrated with Yookey, the Identity & Access Management (IAM) software of the E-time family.
The integration between IGA and IAM allows organizations to centrally manage both identity governance and permissions, as well as authentication and access control processes.
This approach improves security, compliance, and traceability, while simplifying the operational management of users and corporate permissions.
NIS 2 and cybersecurity incidents: how to recognize and manage them
What is a cybersecurity significant incident under NIS 2
The NIS 2 Directive introduces the concept of “significant incidents”, meaning events that have caused, or could potentially cause, a serious disruption to the operational continuity of services or significant financial losses for an organization.
Compared to the GDPR definition of a data breach, which focuses primarily on the violation of confidentiality, integrity, and availability of personal data, the NIS 2 approach is broader and more comprehensive. The regulation also considers incidents that cause significant material or immaterial harm to individuals or legal entities.
Furthermore, the Directive extends its scope to include events that, although they have not yet produced an immediate concrete impact, present a high risk of negative consequences. This means that potentially harmful situations become relevant regardless of whether the effect has already occurred.
Types of security incidents under NIS 2
Guidelines from the Italian National Cybersecurity Agency (ACN) classify reportable significant incidents into four main macro-categories:
- Confidentiality breach: includes cases of data exfiltration to unauthorized external parties.
- Integrity loss: refers to unauthorized modifications of data that may produce relevant external effects.
- Service level violation: occurs, for example, when a cloud service experiences an outage that exceeds contractually agreed thresholds.
- Unauthorized access or privilege abuse: includes cases where no actual data theft occurs, but system security is still compromised.
At the European level, the European Commission further refines these criteria by introducing quantitative and sector-specific thresholds.
Discover Rexpondo, the ticketing platform that supports compliance with NIS 2 requirements.
Incident reporting obligations under NIS 2
In addition to the general obligations of the NIS 2 Directive, the regulation establishes a multi-stage incident reporting process with strict timelines and mandatory communication to competent authorities such as CSIRT Italy and ACN.
- Early warning (within 24 hours): the process begins with a prompt notification to be sent within 24 hours from the moment the organization becomes aware of a significant incident. This initial phase provides a preliminary overview of the event and available information.
- Formal notification (within 72 hours): within 72 hours, a complete incident report must be submitted, updating and expanding the initial data. This stage includes a more accurate assessment of the severity of the event and any identified indicators of compromise.
- Final report (within 1 month): within one month, a final report must be delivered, containing a detailed analysis of the incident. It includes the root causes, the overall impact on the organization, and the corrective and preventive measures implemented to avoid recurrence.
How to manage a cybersecurity incident under NIS 2
To ensure effective incident management and regulatory compliance, organizations must adopt a proactive, metric-based security approach, aligned with measure DE.CM-01. They should first define their normal operational baseline in advance through a Business Impact Analysis (BIA), which allows them to establish expected service levels and corresponding tolerance thresholds.
Based on this, continuous monitoring of networks, systems, and services becomes essential to promptly detect deviations from defined parameters. When these deviations exceed established thresholds and qualify as a significant incident, the organization must immediately activate its incident response plan.
The procedures include impact assessment, implementation of containment and mitigation measures, and timely submission of the mandatory pre-notifications required by applicable regulations.
Rexpondo and incident management
Rexpondo is a ticketing and IT Service Management (ITSM) platform designed to track, organize, and manage support requests and security incidents in a structured way, including those that may compromise IT service continuity.
The system aims to ensure rapid restoration of normal operations, reducing business impact and service downtime.
A key feature of Rexpondo is priority management based on objective impact and urgency criteria. Incident classification can be performed manually by service desk operators or automatically assigned by the system.
Through a structured incident management approach, full event traceability, and support for fast and measurable response processes, Rexpondo helps organizations align with NIS 2 Directive requirements for incident management and reporting.
Discover how to be compliant
with the NIS 2 Directive
with the NIS 2 Directive
Benefits of RAG for enterprise AI: practical applications
Benefits of RAG in enterprise Artificial Intelligence Systems
Retrieval-Augmented Generation (RAG) enhances Artificial Intelligence systems by combining the advanced generative capabilities of language models (LLMs) with direct access to external data sources. This approach allows companies to obtain a highly customized AI capable of delivering precise, relevant, and contextualized answers.
Moreover, RAG extends the model’s expertise to specific business domains, offering a scalable and cost-effective solution without the need for long and expensive retraining of the base model.
Key advantages of RAG include:
- Real-time updated answers: connects the LLM to databases, feeds, and APIs, ensuring information is always fresh and relevant.
- Reduction of “hallucinations”: RAG limits the generation of inaccurate information by relying on verified documents and data, producing reliable and traceable outputs.
- Greater reliability and trust: cites data sources, increasing transparency and credibility, essential in critical sectors like finance, legal, and healthcare.
Scalability and Continuous source updates
RAG is highly scalable: adding new knowledge does not require modifications to the generative model. Simply update the documents in the vector database, asynchronously or in real-time.
Updating the embeddings allows the company to evolve its knowledge base in line with business needs without interrupting operations.
Practical Applications of RAG: Integration with AI Agents
RAG is highly flexible, making it suitable for multiple business contexts:
- Customer support: enhances chatbots, virtual assistants, and AI Agents, handling complex requests and providing accurate answers based on manuals, company policies, and real-time data.
- Internal documentation: builds knowledge bases to support employees in HR, IT, or other operational procedures.
- Data analysis: speeds up insight extraction from unstructured archives, enabling faster, informed decision-making.
When RAG is integrated with an AI Agent, it can autonomously access proprietary, private, or niche data, using RAG to reason and provide responses based on an extremely deep and personalized context. This approach significantly enhances user interaction and experience, delivering more accurate, relevant, and contextualized answers.
Margot, the AI Agent from the E-time Suite
Margot is an AI Agent designed to optimize customer service and internal support, fully leveraging RAG technology to overcome the limitations of traditional AI systems.
Equipped with advanced tools such as intelligent classifiers, virtual assistants, and integration with the company knowledge base, Margot can provide precise and automated responses across multiple channels, improving support efficiency and quality.
A further strength of Margot is security: the platform ensures privacy compliance and full GDPR adherence, protecting sensitive information and guaranteeing that company data is never used to train language models.
Discover the E-time AI Agent Margot and the other available services
NIS2 Deadlines 2026: the complete timeline for businesses
After the preparatory phase, in 2026 organizations enter the full implementation of the European NIS 2 Directive, with effective obligations and operational responsibilities.
During January, the main development was the entry into force of the obligation to notify significant incidents, with defined timelines for early warning, detailed notification and final report.
Below are the main upcoming deadlines for 2026, which will guide organizations in the full implementation of the NIS 2 Directive.
Sectoral guidelines NIS 2 Directive
Between February and September 2026, ACN progressively publishes the guidelines dedicated to each sector.
These documents aim to provide practical and concrete indications, adaptable to different operational contexts, in order to support companies in implementing security measures in a proportionate way, avoiding excessive or insufficient approaches.
April-June 2026: Categorization model and communication of services
By the beginning of April 2026, ACN plans to develop and make available the categorization model of activities and services, together with the package of long-term obligations.
Subsequently, between May and June 2026, organizations will be required to communicate the list of the activities and services provided, specifying their type and level of relevance. This step will make it possible to obtain a clear and structured overview of business activities in relation to security obligations.
October 2026: Implementation of basic security measures
31 October 2026 constitutes a key deadline in the compliance path. By this date, all organizations must have implemented and made operational the fundamental security measures, which concern key areas such as:
- technical protection of information and operational systems (IT and OT);
- continuity of business activities;
- risk management and governance;
- incident management and response (incident response);
- security throughout the entire supply chain.
With the end of October, the support and guidance phase by ACN concludes, allowing it to start inspection activities and systematic checks, while at the same time launching the implementation of long-term security measures.
For this reason, it is essential that companies plan the necessary adjustments well in advance, reducing the risk of operational disruptions and possible penalties.
Rexguard: centralized management of non-conformities
Rexguard is an integrated platform developed to simplify and centralize the management of security incidents, vulnerabilities, non-conformities and audit activities within a single operational environment.
The solution enables organizations to manage these processes more efficiently, improving the speed of incident response and supporting compliance with standards and regulations, including NIS2.
Thanks to full activity traceability features, detailed audit trails and customizable reporting systems, companies can accurately monitor every phase of the incident management process, while strengthening the overall security and governance of IT systems.
Discover how to be compliant
with the NIS 2 Directive
with the NIS 2 Directive
Guide to the new features of Apache Airflow 3.0
Apache Airflow version 3.0 represents a significant evolutionary leap compared to previous releases.
This update is designed to meet the growing need to orchestrate complex workflows and establishes itself as a benchmark for the development of enterprise data-driven solutions. Key updates introduced include:
1.Service-Oriented Architecture in Airflow 3.0 and Task Execution API
One of the most significant changes concerns the internal structure of the system: Airflow 3.0 evolves towards a service-oriented architecture supported by the new Task Execution Interface. Thanks to a dedicated API Server, DAG parsing logic is separated from task execution, potentially improving flexibility and security.
This design allows tasks to be executed in multi-cloud and hybrid environments, providing SDKs for tasks in different languages, enabling the definition and execution of pipelines while reducing some infrastructure constraints.
2.Edge Executor in Airflow: distributed orchestration and task execution
To extend orchestration beyond central data centers, Airflow 3.0 introduces the Edge Executor (AIP-69), available through a provider package.
Based on the Task Execution Interface, this executor allows pipelines to run on remote or “edge” devices, enabling distributed management of workflows across geographical locations. Integration with the API Server ensures efficient handling of remote tasks within the main DAGs.
3.DAG Versioning: workflow management in Airflow 3.0
The new architecture lays the foundation for associating DAG runs with a more stable representation of the code and task structure at the time of execution, reducing the impact of changes applied during runtime.
Although it is not yet a fully native versioning system, these improvements help increase pipeline stability and lay the groundwork for more controlled workflow management over time.
4.Revamped User Interface in Airflow 3.0
The Airflow 3.0 user interface (UI) has been completely redesigned using React and relies on new REST APIs built with FastAPI, providing a faster and more intuitive user experience.
The new interface improves the seamless integration of asset-based and task-based workflows, removes navigation constraints, and offers advanced tools such as Grid View and Graph View, making the platform more responsive and accessible.
5. Migrating to Airflow: Compatibility and Tools
To facilitate the upgrade, despite the architectural changes, Airflow 3.0 maintains backward compatibility for existing DAGs thanks to the Python Task SDK.
The transition can be carried out gradually: teams can start working on assets or test execution in Docker environments before moving to production
Gamification and Cybersecurity: the key to effective corporate training
What is Gamification and why does it work in corporate training
Gamification is a methodology that applies typical game mechanisms—such as points, levels, rewards, leaderboards, and challenges—to non-gaming contexts, particularly corporate training. The goal is to leverage the motivational power of games to make mandatory and repetitive activities more enjoyable, engaging, and productive.
This approach significantly increases employee engagement and enthusiasm, enhancing content understanding and improving the retention of information in long-term memory.
Gamification in Cybersecurity: How to make security more engaging
In the field of cybersecurity, human error is one of the main risks, often leading to breaches and data leaks. Employees are frequently unprepared to face increasingly sophisticated attacks such as phishing and ransomware.
Gamification addresses this challenge by turning cybersecurity training from passive to proactive, making it more engaging and effective. This approach helps foster a true security culture, raising employee awareness in a simple and interactive way.
Through tools like weekly challenges, leaderboards, and rewards, gamification encourages safe behaviors such as using strong passwords or reporting phishing attempts.
Benefits of Gamification in Cybersecurity Training
Integrating gamification into training programs, including those focused on IAM, enhances knowledge retention, boosts engagement, and reduces stress through interactive and secure learning. Gamified paths provide immediate feedback, foster collaboration and productivity, and allow for effective monitoring of progress and areas for improvement.
When applied to cybersecurity training, gamification turns an activity often seen as complex into an engaging and effective experience.
Key Benefits:
- Engagement and Motivation
Game dynamics make training more interesting, stimulating, and rewarding, increasing active participation. - More effective and lasting Learning
Through play, concepts are better absorbed and more easily transferred into long-term memory. - Security Culture and Behavioral Change
Gamification encourages best practices—such as creating strong passwords or reporting phishing attempts—promoting security-oriented behaviors. - Measurability and Adaptability
Gamified systems enable tracking results, identifying those who need support, and customizing learning paths. - Productivity and Workplace Climate
Beyond improving learning, gamification fosters collaboration, communication, and a safer, more proactive work environment.
Skillbay: LMS with Integrated Cybersecurity Module
Skillbay is an innovative LMS platform that revolutionizes corporate training through a modular, flexible environment designed to turn learning into an interactive experience with gamification and personalized learning paths.
Among its key features, Skillbay includes a preconfigured module dedicated to cybersecurity, developed to meet standards and regulations such as NIS2 and ISO 27001.
This module enables companies to immediately launch targeted programs to raise cybersecurity awareness and promote best practices, with the flexibility to adapt content to specific organizational needs.
NIS2 Obligations in the Healthcare Sector: practical tools for compliance
How NIS 2 strengthens the resilience of hospital IT systems
The NIS2 Directive establishes a strategic framework aimed at ensuring operational continuity and digital resilience of healthcare facilities, with the goal of creating a safer European ecosystem capable of withstanding cyberattacks and protecting critical infrastructure.
To achieve these objectives, NIS2 promotes a proactive approach to risk management, which includes continuous vulnerability assessments and the implementation of structured security plans, thereby ensuring uninterrupted operation of essential healthcare services.
Key practices to strengthen security include continuous system monitoring, penetration testing, network segmentation, the adoption of the Zero Trust model, and tools for secure digital onboarding and identity verification.
Which healthcare facilities fall under the scope of NIS 2?
The NIS2 Directive sets out uniform criteria to identify public and private operators considered “essential” or “important” within critical or high-criticality sectors, including healthcare, establishing obligations for all parties involved.
The regulation particularly applies to:
- traditional healthcare systems and Digital Health;
- hospitals, clinics, laboratories and healthcare service providers.
- The scope also covers the entire healthcare supply chain, including manufacturers, suppliers, and laboratories, as well as related sectors, ensuring comprehensive and consistent protection of critical infrastructure.
Obligations of hospitals and clinics under NIS2
The NIS2 Directive establishes stricter requirements for cybersecurity and risk management in healthcare facilities. Among the main obligations is the strengthening of ICT measures through advanced tools, such as multi-factor authentication (MFA) and advanced encryption.
Facilities must also develop risk management plans, continuously assess threats, and monitor systems to detect anomalies, promptly activating incident response procedures. It is essential to notify any breaches to the competent authorities and ensure continuous staff training, with clearly defined responsibilities at all levels of the organization.
Rexguard: comprehensive management of security incidents
Rexguard is an integrated platform designed to simplify the management of security incidents, vulnerabilities, non-compliance issues, and audits by bringing all these processes together in a single centralized environment. The platform leverages automated workflows that enable immediate action on events, covering the entire incident lifecycle from detection to final resolution.
In addition to speeding up incident response, Rexguard helps organizations maintain compliance with standards and regulations such as NIS2, ISO 27001, and DORA. Thanks to full activity traceability, detailed audit trails, and customizable reports, companies can accurately monitor every stage of incident management, strengthening overall IT security and governance.
