Peer-Driven Insights

Data Privacy & Protection

Community Posts

I'm building most on... share "why" in comments...

Public Cloud72%

Private Cloud27%

How are you maintaining data and system security as IT decision making becomes increasingly decentralized?

Read More Comments

As organizations deploy LLMs and other AI systems, how do you recommend security teams address risks such as data leakage, prompt injection and adversarial manipulation? What frameworks or practices should be prioritized to make AI security programs resilient from day one?

How is your organization mitigating risks from smart wearables or covert recording devices during sensitive conversations? Please share any relevant policies, technical solutions, or experiences managing this challenge.

Any tips or best practices you can share for developing a cryptographic bill of materials (CBOM)? What’s the best way to get started?

We're facing a challenge in R&D: our current DRM solution effectively protects sensitive TSIP (Trade Secret and Intellectual Property) data, but it prevents researchers from searching across encrypted files—hindering their work.

While we’ve considered relying solely on SharePoint permissions and Entra capabilities, the growing risk of insider threats makes this a last resort.

Has anyone solved a similar issue? Are there DRM or encryption solutions that allow secure, searchable access to protected content?

Which Endpoint detection and response (EDR) software do you currently use at your organization?

VMware Carbon Black22%

Palo Alto Networks Cortex XDR38%

Symantec Endpoint Security42%

Kaspersky28%

BlackBerry Cylance11%

We don't have an EDR tool currently.8%

Other (Please share below)11%

View Results

Agree or disagree: Important data like PII or PHI should never be connected to the internet.

Strongly agree10%

Agree66%

Neutral15%

Disagree6%

Strongly disagree1%

View Results

How are you addressing potential data vulnerabilities in end-of-life IT equipment requiring disposal/recycling? Do you work with a third-party service/partner organization?

Read More Comments

With Wiz adding ”DSPM” or rather data classification, do you see there being much need for DSPM on top of CSPM? I feel like the DLP and Detection and Response are way more important than CSPM checks, but is that just me?

Read More Comments

If anyone has successfully used Bring Your Own Key (BYOK) in the cloud: Which Hardware Security Module (HSM) or key management method did you use, and with which cloud service provider(s) (CSP)? Any advice to an organization considering this option?

When designing a scalable modern cybersecurity architecture, what are some key data protection/privacy considerations to account for — especially in a multi-cloud environment?

Read More Comments

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Read More Comments

I'm interested in understanding your approach to establishing a two-way trust between Active Directories in the following scenario: A larger company A acquires a mid-sized or smaller-sized company B, at what point do you feel comfortable establishing a two-way trust between both Active Directories? The priority is to ensure business continuity without impacting their clients on both ends, while recognizing that integration would be significantly easier with a trust established. What would be your key considerations that you typically review prior to even entering discussions about this capability. My focus is on the prerequisites for trusting a new entity that was previously managed by another IT team within your organization. For example, do you conduct by default a full penetration test, assess the network and external-facing systems, perform policy health checks, evaluate conditional access settings, breach history of Company B and/or their vendors etc. and demand changes to get as close to your standard before proceeding? If yes how close do you get before feeling a little more comfortable before accepting all the risks?

Read More Comments

Are there any solutions currently in the market for Customization and Total Automation for Penetration Testing Reports?

Read More Comments

How can organizations minimize risk of data loss due to employee turnover?

Read More Comments

Community Posts

I'm building most on... share "why" in comments...

How are you maintaining data and system security as IT decision making becomes increasingly decentralized?

As organizations deploy LLMs and other AI systems, how do you recommend security teams address risks such as data leakage, prompt injection and adversarial manipulation? What frameworks or practices should be prioritized to make AI security programs resilient from day one?

How is your organization mitigating risks from smart wearables or covert recording devices during sensitive conversations? Please share any relevant policies, technical solutions, or experiences managing this challenge.

Any tips or best practices you can share for developing a cryptographic bill of materials (CBOM)? What’s the best way to get started?

Which Endpoint detection and response (EDR) software do you currently use at your organization?

Agree or disagree: Important data like PII or PHI should never be connected to the internet.

How are you addressing potential data vulnerabilities in end-of-life IT equipment requiring disposal/recycling? Do you work with a third-party service/partner organization?

With Wiz adding ”DSPM” or rather data classification, do you see there being much need for DSPM on top of CSPM? I feel like the DLP and Detection and Response are way more important than CSPM checks, but is that just me?

If anyone has successfully used Bring Your Own Key (BYOK) in the cloud: Which Hardware Security Module (HSM) or key management method did you use, and with which cloud service provider(s) (CSP)? Any advice to an organization considering this option?

When designing a scalable modern cybersecurity architecture, what are some key data protection/privacy considerations to account for — especially in a multi-cloud environment?

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Are there any solutions currently in the market for Customization and Total Automation for Penetration Testing Reports?

How can organizations minimize risk of data loss due to employee turnover?

Community Posts

I'm building most on... share "why" in comments...

How are you maintaining data and system security as IT decision making becomes increasingly decentralized?

As organizations deploy LLMs and other AI systems, how do you recommend security teams address risks such as data leakage, prompt injection and adversarial manipulation? What frameworks or practices should be prioritized to make AI security programs resilient from day one?

How is your organization mitigating risks from smart wearables or covert recording devices during sensitive conversations? Please share any relevant policies, technical solutions, or experiences managing this challenge.

Any tips or best practices you can share for developing a cryptographic bill of materials (CBOM)? What’s the best way to get started?

Which Endpoint detection and response (EDR) software do you currently use at your organization?

Agree or disagree: Important data like PII or PHI should never be connected to the internet.

How are you addressing potential data vulnerabilities in end-of-life IT equipment requiring disposal/recycling? Do you work with a third-party service/partner organization?

With Wiz adding ”DSPM” or rather data classification, do you see there being much need for DSPM on top of CSPM? I feel like the DLP and Detection and Response are way more important than CSPM checks, but is that just me?

If anyone has successfully used Bring Your Own Key (BYOK) in the cloud: Which Hardware Security Module (HSM) or key management method did you use, and with which cloud service provider(s) (CSP)? Any advice to an organization considering this option?

When designing a scalable modern cybersecurity architecture, what are some key data protection/privacy considerations to account for — especially in a multi-cloud environment?

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Are there any solutions currently in the market for Customization and Total Automation for Penetration Testing Reports?

How can organizations minimize risk of data loss due to employee turnover?

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?