AvePoint has just published its latest report – The State of AI: Go Beyond the Hype to Navigate Trust, Security, and Value. We conducted the underlying survey (775 respondents across 18 countries) and prepared the results for the AvePoint team. To portray the breadth of the data we collected, the report clocks in at 61 pages – although there are many graphs and charts, sub-title pages, and expert perspectives throughout. Please, grab yourself a copy and have a read if AI in the enterprise is relevant to your work and future.

From the research data, we found a set of concerns around trust, security, and value that organizations will need to factor into their AI strategies. For example:

• Inaccurate AI output (68.7%) and data security concerns (68.5%) top the list of factors for why organizations are slowing the rollout of generative AI assistants.
• 75% of organizations experienced at least one AI-related data breach in the past year.
• 90.6% of organizations claim effective information management programs, but only 30.3% have implemented effective data classification systems. Gaps in data governance and information management create significant obstacles to safe AI implementation.
• 70.7% of organizational data is more than five years old, creating significant training data quality issues for AI systems.
• Nearly 20% of organizations expect generative AI to create more than half their data within 12 months.
• … and much, much more. This is a very data rich report.

For us, it was a tremendous opportunity to work with the AvePoint team to pull this research together. For you, we hope it provides tremendous insight and assistance as you navigate your AI journey.

Next action: get your copy of the report – The State of AI: Go Beyond the Hype to Navigate Trust, Security, and Value.

Presented on June 21, 2022

Organizations have proven more adept in protecting their own confidential and sensitive data than the personal and sensitive data of customers and employees. Privacy regulations have become a key tool for regulators and governments to force organizations to pay more attention to the data collected, processed, stored, and shared on individuals—much of it gained through new ubiquitous digital channels.

This webinar highlights the research findings and analytical insights of CyberRes Voltage and Osterman Research’s white paper, Privacy Compliance in the Unites States: Status and Progress in 2022 including:

• What is the current snapshot of privacy compliance?
• Why is privacy compliance important?
• What are the motivators today in the US?
• Are you ready for the next wave of compliance regulations?
• Understand the types of threats posed by employees.

Register and watch on BrightTalk

Presented on May 24, 2022

Organizations have proven to be more adept when protecting their confidential data than their customer’s personal and sensitive data. With information available on 15 billion individuals, from more than 100,000 data breaches, there is a bounty of data available to fuel identity theft, financial fraud and other malicious threats. 

Privacy regulations are a panacea on the horizon, but they haven’t been rolled out universally. For these privacy regimes to be effective regulators and governments need to force organizations to pay more attention to consumer data that is collected, processed, retained, stored and shared.

With the emergence of new privacy regulations — like California’s CPRA — it’s important to understand how organizations are responding.

Tune in as Gimmal’s Dean Gonsowski interviews Michael Sampson, senior research analyst from Osterman Research, who completed a recent white paper on organizational privacy compliance.

Register and watch on Gimmal

Published May 2022

Duality Technologies published a blog post we wrote on zero trust data collaboration:

Data is the foundation of the information revolution and the knowledge-based economy. The right data, in the right hands, at the right time, has become a highly valued commodity across industries. Data is at the root of uncovering new business opportunities and defining new and more innovative products., The tech giants of today  have built their businesses and value on data versus goods—e.g., Google, Facebook, Twitter, and Airbnb.

Read more on the Duality Technologies blog.

Digitalization has brought immense opportunities to make the ways we conduct business, complete day-to-day tasks, and spend our free time more efficient and simple. But it has also brought about previously unseen challenges to our privacy and network security.

Threat actors are actively exploiting technology to profit financially or collect data on organizations and users. In times when data is the new oil, it’s worrying that many companies still focus on the after-attack recovery rather than prevention.

Today we’ve talked with Michael Sampson, a Senior Analyst at Osterman Research, to provide you with insights about emerging threats, effective cybersecurity solutions, and tips on how to protect oneself against cyberattacks.

Tell us about your journey. How did Osterman Research originate?

Michael Osterman founded Osterman Research in 2001. He had been working for other market research companies before founding his own firm, but he saw an opportunity to invest his considerable research and analysis skills under his own name. The rest is history, as they say, and hundreds of research projects later, we continue to pursue insights to help technology vendors get better and organizations improve. There have been some research themes that have come and gone over the years. For example, we do almost nothing now on market sizing for messaging and collaboration tools, which were of higher interest in our early years. I started working with Michael Osterman in 2008, although it wasn’t until the beginning of 2021 that I stepped into a Senior Analyst role.

Can you tell us a little bit about what you do? What are the main challenges you help navigate?

We do primary market research, such as surveys, on three core topics – cybersecurity, data protection, and information governance – and share those findings in white papers and webinars. We frequently work with technology vendors who want to understand the state of a market segment and the trends in the market, both to shape internal product and service deliverables and also to educate their market on current issues. We also conduct market research on topics of more general interest that multiple technology vendors sponsor. For example, we have recently released multi-sponsor reports, including Privacy Compliance in the United States, Cybersecurity in Financial Services, and How to Deal with Business Email Compromise.

In your opinion, what industries should be especially attentive to the IT market trends and conduct research regularly?

Industries that are characterized by rapid change of various types are best served by regular research to stay current. That change might be in the form of novel cybersecurity attacks that impact some industries much more than others (e.g., healthcare), or it might be those industries that are subject to greater levels of regulation and need to understand how regulatory changes will impact their customer base and revenue models. In short, the more that industry is subject to changes in market, regulatory or other conditions, the more it should focus on good research to understand how those changes will impact its ability to generate revenue in the future.

Did you notice any new cyber threats emerge as a result of the recent global events?

In the early days, unsecured Zoom rooms were a big problem with newly virtual teams. The education sector also saw this with remote learning, where people who should never have access to children were able to compromise Zoom-based classrooms and display pornography or worse. The ongoing cyberthreat, though, is the use of unsanctioned cloud apps or collaboration/chat tools by employees and business units for conducting official business. Although not a cyber threat per se, organizations must also understand the implications of new tools and their requirements to archive business information generated by them. For example, if an organization is required to archive business communications from Zoom calls and fails to do so, it could run afoul of its regulatory obligations to retain data. Similarly, if that organization does archive these communications but experiences a ransomware attack and loses their archived data, they could face the same regulatory consequences.

Despite all the solutions available today, some companies and individuals still refuse to update their cybersecurity tools. Why do you think that is the case?

I’ll give an easy answer first: some will never change unless caught up in an incident that causes them direct and significant pain. No amount of warning, cautioning, risk mitigation, or best practice advocacy will ever be enough to get some companies/individuals to change. Our research has shown that a significant proportion of organizations are not sufficiently proactive. They tend to react quickly and with an adequate budget when hit by a major ransomware attack, for example, but tend to be far less proactive in preventing these types of incidents.

Another of my answers is more nuanced and multifaceted. Cybersecurity is a complex and ever-changing field that can be difficult for many companies to understand, given the wide range of security solutions available and the enormous number of vendors that offer competing solutions. For example, and quite conservatively, there are at least 2,500 different cybersecurity vendors operating today. It’s a nearly impossible task for the IT and security decision-makers to fully understand the offerings from all these vendors, compare them properly, understand how they will integrate into their current security infrastructure, and so forth. That results in suboptimal decision-making by many, and it can lead to a sort of decision paralysis where there is too much information to process, and so, decision-makers do nothing.

Keeping up with data protection requirements can sometimes be complicated. What details are often overlooked by organizations?

Agreed, it is complicated, and we’ve written lots of reports on this topic. The shortcoming that I see most often is a lack of maturity in underlying data disciplines, such as:

• Not having an up-to-date data audit that shows what data you have and where it’s located.
• Ignoring commonly used systems that increasingly contain data that requires protection, such as cloud storage services, unsanctioned cloud apps, mobile apps, etc.
• Not having the tools to automatically discover and classify the data across all systems and data repositories.

Peter Drucker famously said that you can’t manage what you can’t measure, and if seeing precedes measurement, then the lack of insight and optics into data is a fundamental stumbling block to meeting new and emerging data protection regulations.

What are some of the best practices organizations should adopt to protect their workforce and customer data?

I would recommend following these tips to improve the company’s cybersecurity posture:

• Train your employees to be security-conscious and aware of security threats.
• Encrypt more of your data at rest, in transit, and in use.
• Stop using only a username and password as the way an employee gets access to systems, applications, and data. They are too easy to compromise through a whole collection of attack types.
• Adopt passwordless authentication, modern authentication approaches, strong multi-factor authentication, biometrics, and hardware-based security keys. They are all much better approaches that decrease the likelihood that the wrong person will be able to impersonate someone else to access their data.
• Limit access to sensitive data and systems to those employees and others who need it, and not provide access to resources when it’s not necessary. Reducing the attack surface in this way can help significantly to reduce exposure to cyberattacks.

And for casual Internet users, what security tools should they implement to stay safe online?

These, in my opinion, are the most necessary security tools for everyone:

• Password managers. Use a password manager to store your account details and passwords. Modern password managers mean you only have to remember one password; the password manager does the rest. They also make it super easy to use passwords of 20 characters or more, which are a billion times harder (literally) to crack than shorter passwords.
• Multi-Factor Authentication (MFA). Use MFA everywhere you can; stronger forms of MFA essentially eliminate the risks associated with phishing and credential attacks.

But beyond tools, there are security-minded principles too. These are the approaches I would recommend following:

• Be aware of unofficial app stores. You may save a few dollars by getting a cheap app, but it comes at the cost of having your data stolen or malware installed on your device to steal account details.
• Be aware of links and attachments sent to you from unknown parties. Organizations increasingly use advanced email security tools to check links and attachments before delivering them to employees; consumer email services are less likely to have these.
• If an offer seems too good to be true, it probably is. Don’t bite the hook! No rich widow that you don’t know or Nigerian prince or lawyer for the same is going to wire you $45 million.
• Be skeptical of almost everything you encounter online. Think about and check out links you receive in email, on Twitter, on Facebook, etc. Most are benign, but the small percentage of those that are malicious can be very damaging.

Tell us, what’s next for Osterman Research?

Our recent research has been very oriented around cybersecurity, complemented by several programs on data protection and data privacy. Over the past 18 months, we have done less on information governance. I’d like to get back into research on that, while not letting go of our focus on the other two. However, regardless of what might change in the topics we research, what’s next – the sense that we will always strive to deliver profound insight to the clients we serve and the organizations with which we work to make successful.

Our thanks to CyberNews for the opportunity to share our viewpoint on these topics.

In this webinar, Michael Sampson, senior analyst at Osterman Research, covers the survey results about how private chats, edited and deleted messages, screen sharing, use of SharePoint files, and other capabilities of Microsoft Teams challenge compliance archiving, capture, security, and data loss protection mandates of heavily regulated organizations.

The 45-minute conversation is between Michael Sampson (Osterman Research), Devin Redmond (Theta Lake), and Marc Gilman (Theta Lake).

Register to watch at BrightTalk

Sponsored by Micro Focus – Voltage and VMware Carbon Black

Executive Summary

No decision-maker wants to be profiled in major media as being asleep at the wheel while a massive data breach, ransomware attack, or malicious insider incident unfolds at their organization. Careers rise and fall on a decision-maker’s ability to deftly guide an organization through the stormy seas of cyber threats, vulnerabilities, and security incidents, as does the reputation of the organization itself. Protecting data to ensure appropriate usage and avoid unauthorized or inappropriate usage is a major task for decision-makers with responsibility for protecting the integrity of corporate data assets.

Request a Copy

Sponsored by Active Navigation, Egress Software Technologies Ltd., MessageSolution, Micro Focus and PerimeterX.

Executive Summary

The California Consumer Privacy Act (CCPA) represents a major advancement in privacy rights for California residents – and a major set of obligations for companies that have customers in the state, regardless of where in the world they are located physically. The CCPA imposes a number of obligations on companies that process or control information on California residents, much like the General Data Protection Regulation (GDPR) did for companies with customers and prospects in the European Union.

The CCPA is part of a growing trend toward increasing privacy regulations being enacted worldwide, including Australia’s new data breach notification law, India’s Personal Data Protection Bill of 2018, and Brazil’s new General Data Privacy Law 2018, among others. Add these to the already existing laws that address data privacy, such as the Health Insurance Portability and Accountability Act (HIPAA) and the Children’s Online Privacy Protection Act (COPPA), as well as a growing number of proposed laws that are similar in scope to the CCPA.

Request a Copy

Do you really need to backup Office 365?

Office 365 offers basic protection to deal with some of the things that could damage your data, but there are things it doesn’t protect you from, and there are side effects to some of the optional protection features. 

Hear from industry expert, Michael Osterman of Osterman Research on how to step up your data protection game. Join us for this webinar and learn how to:

1. Protect against ransomware, accidental deletion, or corruption
2. Better align and respond faster to compliance and legal inquiries
3. More efficiently manage departing employee and long term archiving of data

Register to watch the recording

Organizations are moving to the cloud but according to a recent Osterman Research study, only 14% of companies have completed that transformation. The study clearly identifies data storage as an area where IT can easily accelerate their cloud transformation journey. Potentially more so than any other component, intelligently moving data to the cloud has the opportunity to significantly lower on-premises storage costs without the threat of impacting day to day operations. 

Join Storage Switzerland, HubStor and Osterman Research for our live webinar where we’ll discuss the results of the Osterman Research study, what it means for IT, and how IT can take advantage of that research to leverage the cloud to alleviate data management and data protection concerns. 

Register to watch the recording