Peer-Driven Insights

Data Privacy & Protection

About this topic

Data privacy and protection encompasses the policies, processes and technologies designed to safeguard personal and sensitive information from unauthorized access, use or disclosure. Secure data privacy and protection policies ensure compliance with regulatory requirements, mitigate risks and uphold trust.

Community Posts

As organizations deploy LLMs and other AI systems, how do you recommend security teams address risks such as data leakage, prompt injection and adversarial manipulation? What frameworks or practices should be prioritized to make AI security programs resilient from day one?

Who has been the best recent-acquirer in cybersecurity? Details and feedback in comments...

Cisco (Duo)16%

Palo Alto (Aporeto, Twistlock, CloudGenix)28%

VMware (Carbon Black)26%

Broadcom (Symantec)9%

Zoom (Keybase)9%

NTT (WhiteHat)4%

F5 Networks (Shape Security)3%

Sumo Logic (JASK)1%

OTHER - share in comments1%

View Results

How is your organization mitigating risks from smart wearables or covert recording devices during sensitive conversations? Please share any relevant policies, technical solutions, or experiences managing this challenge.

Any tips or best practices you can share for developing a cryptographic bill of materials (CBOM)? What’s the best way to get started?

We're facing a challenge in R&D: our current DRM solution effectively protects sensitive TSIP (Trade Secret and Intellectual Property) data, but it prevents researchers from searching across encrypted files—hindering their work.

While we’ve considered relying solely on SharePoint permissions and Entra capabilities, the growing risk of insider threats makes this a last resort.

Has anyone solved a similar issue? Are there DRM or encryption solutions that allow secure, searchable access to protected content?

How are you addressing potential data vulnerabilities in end-of-life IT equipment requiring disposal/recycling? Do you work with a third-party service/partner organization?

Read More Comments

With Wiz adding ”DSPM” or rather data classification, do you see there being much need for DSPM on top of CSPM? I feel like the DLP and Detection and Response are way more important than CSPM checks, but is that just me?

Read More Comments

If anyone has successfully used Bring Your Own Key (BYOK) in the cloud: Which Hardware Security Module (HSM) or key management method did you use, and with which cloud service provider(s) (CSP)? Any advice to an organization considering this option?

When designing a scalable modern cybersecurity architecture, what are some key data protection/privacy considerations to account for — especially in a multi-cloud environment?

Read More Comments

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Read More Comments

I'm interested in understanding your approach to establishing a two-way trust between Active Directories in the following scenario: A larger company A acquires a mid-sized or smaller-sized company B, at what point do you feel comfortable establishing a two-way trust between both Active Directories? The priority is to ensure business continuity without impacting their clients on both ends, while recognizing that integration would be significantly easier with a trust established. What would be your key considerations that you typically review prior to even entering discussions about this capability. My focus is on the prerequisites for trusting a new entity that was previously managed by another IT team within your organization. For example, do you conduct by default a full penetration test, assess the network and external-facing systems, perform policy health checks, evaluate conditional access settings, breach history of Company B and/or their vendors etc. and demand changes to get as close to your standard before proceeding? If yes how close do you get before feeling a little more comfortable before accepting all the risks?

Read More Comments

Which privacy KPIs does your company measure?

Brand trust28%

Transparency62%

Regulatory compliance55%

DSAR volumes14%

None, we don't have privacy related KPIs10%

View Results

Are there any solutions currently in the market for Customization and Total Automation for Penetration Testing Reports?

Read More Comments

What's the top friction point to move to the cloud in your enterprise?

Cost structure24%

Lack of in-house skills to migrate / deploy / manage workloads on cloud50%

Security / governance compliance concerns19%

Lack of performance or features that you have on-prem but not the cloud6%

View Results

How can organizations minimize risk of data loss due to employee turnover?

Read More Comments

Do you have any tips for helping the business understand when data becomes more of a liability than an asset of real value? Is the current regulatory landscape making this harder or easier to determine, from your experience?

Read More Comments

About this topic

Community Posts

As organizations deploy LLMs and other AI systems, how do you recommend security teams address risks such as data leakage, prompt injection and adversarial manipulation? What frameworks or practices should be prioritized to make AI security programs resilient from day one?

Who has been the best recent-acquirer in cybersecurity? Details and feedback in comments...

How is your organization mitigating risks from smart wearables or covert recording devices during sensitive conversations? Please share any relevant policies, technical solutions, or experiences managing this challenge.

Any tips or best practices you can share for developing a cryptographic bill of materials (CBOM)? What’s the best way to get started?

How are you addressing potential data vulnerabilities in end-of-life IT equipment requiring disposal/recycling? Do you work with a third-party service/partner organization?

With Wiz adding ”DSPM” or rather data classification, do you see there being much need for DSPM on top of CSPM? I feel like the DLP and Detection and Response are way more important than CSPM checks, but is that just me?

If anyone has successfully used Bring Your Own Key (BYOK) in the cloud: Which Hardware Security Module (HSM) or key management method did you use, and with which cloud service provider(s) (CSP)? Any advice to an organization considering this option?

When designing a scalable modern cybersecurity architecture, what are some key data protection/privacy considerations to account for — especially in a multi-cloud environment?

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Which privacy KPIs does your company measure?

Are there any solutions currently in the market for Customization and Total Automation for Penetration Testing Reports?

What's the top friction point to move to the cloud in your enterprise?

How can organizations minimize risk of data loss due to employee turnover?

Do you have any tips for helping the business understand when data becomes more of a liability than an asset of real value? Is the current regulatory landscape making this harder or easier to determine, from your experience?

Community Posts

As organizations deploy LLMs and other AI systems, how do you recommend security teams address risks such as data leakage, prompt injection and adversarial manipulation? What frameworks or practices should be prioritized to make AI security programs resilient from day one?

Who has been the best recent-acquirer in cybersecurity? Details and feedback in comments...

How is your organization mitigating risks from smart wearables or covert recording devices during sensitive conversations? Please share any relevant policies, technical solutions, or experiences managing this challenge.

Any tips or best practices you can share for developing a cryptographic bill of materials (CBOM)? What’s the best way to get started?

How are you addressing potential data vulnerabilities in end-of-life IT equipment requiring disposal/recycling? Do you work with a third-party service/partner organization?

With Wiz adding ”DSPM” or rather data classification, do you see there being much need for DSPM on top of CSPM? I feel like the DLP and Detection and Response are way more important than CSPM checks, but is that just me?

If anyone has successfully used Bring Your Own Key (BYOK) in the cloud: Which Hardware Security Module (HSM) or key management method did you use, and with which cloud service provider(s) (CSP)? Any advice to an organization considering this option?

When designing a scalable modern cybersecurity architecture, what are some key data protection/privacy considerations to account for — especially in a multi-cloud environment?

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Which privacy KPIs does your company measure?

Are there any solutions currently in the market for Customization and Total Automation for Penetration Testing Reports?

What's the top friction point to move to the cloud in your enterprise?

How can organizations minimize risk of data loss due to employee turnover?

Do you have any tips for helping the business understand when data becomes more of a liability than an asset of real value? Is the current regulatory landscape making this harder or easier to determine, from your experience?

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?