Peer-Driven Insights

Data Privacy & Protection

Community Posts

How are you maintaining data and system security as IT decision making becomes increasingly decentralized?

Read More Comments

I'm building most on... share "why" in comments...

Public Cloud72%

Private Cloud27%

How is your organization mitigating risks from smart wearables or covert recording devices during sensitive conversations? Please share any relevant policies, technical solutions, or experiences managing this challenge.

Any tips or best practices you can share for developing a cryptographic bill of materials (CBOM)? What’s the best way to get started?

We're facing a challenge in R&D: our current DRM solution effectively protects sensitive TSIP (Trade Secret and Intellectual Property) data, but it prevents researchers from searching across encrypted files—hindering their work.

While we’ve considered relying solely on SharePoint permissions and Entra capabilities, the growing risk of insider threats makes this a last resort.

Has anyone solved a similar issue? Are there DRM or encryption solutions that allow secure, searchable access to protected content?

How are you addressing potential data vulnerabilities in end-of-life IT equipment requiring disposal/recycling? Do you work with a third-party service/partner organization?

Read More Comments

Which Endpoint detection and response (EDR) software do you currently use at your organization?

VMware Carbon Black22%

Palo Alto Networks Cortex XDR38%

Symantec Endpoint Security42%

Kaspersky28%

BlackBerry Cylance11%

We don't have an EDR tool currently.8%

Other (Please share below)11%

View Results

With Wiz adding ”DSPM” or rather data classification, do you see there being much need for DSPM on top of CSPM? I feel like the DLP and Detection and Response are way more important than CSPM checks, but is that just me?

Read More Comments

If anyone has successfully used Bring Your Own Key (BYOK) in the cloud: Which Hardware Security Module (HSM) or key management method did you use, and with which cloud service provider(s) (CSP)? Any advice to an organization considering this option?

From your POV, what’s the current state of your resources/funding for data security governance efforts, overall?

Excellent (more than enough)11%

Good (we have enough to reach our goals)52%

Acceptable (could be better but we make do)34%

Poor/unacceptable (more funding needed ASAP)3%

Unsure / other

View Results

When designing a scalable modern cybersecurity architecture, what are some key data protection/privacy considerations to account for — especially in a multi-cloud environment?

Read More Comments

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Read More Comments

I'm interested in understanding your approach to establishing a two-way trust between Active Directories in the following scenario: A larger company A acquires a mid-sized or smaller-sized company B, at what point do you feel comfortable establishing a two-way trust between both Active Directories? The priority is to ensure business continuity without impacting their clients on both ends, while recognizing that integration would be significantly easier with a trust established. What would be your key considerations that you typically review prior to even entering discussions about this capability. My focus is on the prerequisites for trusting a new entity that was previously managed by another IT team within your organization. For example, do you conduct by default a full penetration test, assess the network and external-facing systems, perform policy health checks, evaluate conditional access settings, breach history of Company B and/or their vendors etc. and demand changes to get as close to your standard before proceeding? If yes how close do you get before feeling a little more comfortable before accepting all the risks?

Read More Comments

Are there any solutions currently in the market for Customization and Total Automation for Penetration Testing Reports?

Read More Comments

How can organizations minimize risk of data loss due to employee turnover?

Read More Comments

Do you have any tips for helping the business understand when data becomes more of a liability than an asset of real value? Is the current regulatory landscape making this harder or easier to determine, from your experience?

Read More Comments

Community Posts

How are you maintaining data and system security as IT decision making becomes increasingly decentralized?

I'm building most on... share "why" in comments...

How is your organization mitigating risks from smart wearables or covert recording devices during sensitive conversations? Please share any relevant policies, technical solutions, or experiences managing this challenge.

Any tips or best practices you can share for developing a cryptographic bill of materials (CBOM)? What’s the best way to get started?

How are you addressing potential data vulnerabilities in end-of-life IT equipment requiring disposal/recycling? Do you work with a third-party service/partner organization?

Which Endpoint detection and response (EDR) software do you currently use at your organization?

With Wiz adding ”DSPM” or rather data classification, do you see there being much need for DSPM on top of CSPM? I feel like the DLP and Detection and Response are way more important than CSPM checks, but is that just me?

If anyone has successfully used Bring Your Own Key (BYOK) in the cloud: Which Hardware Security Module (HSM) or key management method did you use, and with which cloud service provider(s) (CSP)? Any advice to an organization considering this option?

From your POV, what’s the current state of your resources/funding for data security governance efforts, overall?

When designing a scalable modern cybersecurity architecture, what are some key data protection/privacy considerations to account for — especially in a multi-cloud environment?

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Are there any solutions currently in the market for Customization and Total Automation for Penetration Testing Reports?

How can organizations minimize risk of data loss due to employee turnover?

Do you have any tips for helping the business understand when data becomes more of a liability than an asset of real value? Is the current regulatory landscape making this harder or easier to determine, from your experience?

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?