AvePoint has just published its latest report – The State of AI: Go Beyond the Hype to Navigate Trust, Security, and Value. We conducted the underlying survey (775 respondents across 18 countries) and prepared the results for the AvePoint team. To portray the breadth of the data we collected, the report clocks in at 61 pages – although there are many graphs and charts, sub-title pages, and expert perspectives throughout. Please, grab yourself a copy and have a read if AI in the enterprise is relevant to your work and future.

From the research data, we found a set of concerns around trust, security, and value that organizations will need to factor into their AI strategies. For example:

• Inaccurate AI output (68.7%) and data security concerns (68.5%) top the list of factors for why organizations are slowing the rollout of generative AI assistants.
• 75% of organizations experienced at least one AI-related data breach in the past year.
• 90.6% of organizations claim effective information management programs, but only 30.3% have implemented effective data classification systems. Gaps in data governance and information management create significant obstacles to safe AI implementation.
• 70.7% of organizational data is more than five years old, creating significant training data quality issues for AI systems.
• Nearly 20% of organizations expect generative AI to create more than half their data within 12 months.
• … and much, much more. This is a very data rich report.

For us, it was a tremendous opportunity to work with the AvePoint team to pull this research together. For you, we hope it provides tremendous insight and assistance as you navigate your AI journey.

Next action: get your copy of the report – The State of AI: Go Beyond the Hype to Navigate Trust, Security, and Value.

Will be presented on August 25, 2022

There’s no universal approach to information governance. Strategies are diverse and, because they dictate your information governance policies and procedures, getting it right matters. One popular option is a Microsoft-based setup. But how effective is that?

This webinar can help!

Michael Sampson of Osterman Research and Laurence O’Brien from Micro Focus lead a discussion around the pros and cons of using Microsoft 365 to manage your information governance. Among other topics, we’ll cover:

• Correctly classifying every information type in an organization’s data landscape
• Discerning the data requiring special protections from more expendable files
• Deciding how to store and otherwise manage data from the point of creation
• Ensuring only those authorized can access different groupings of data
• Using automated mechanisms to audit access and mitigate over-exposure
• Providing the ability to audit communication for compliance
• Filtering repositories to identify data potentially responsive to eDiscovery requests
• Excluding irrelevant data before creating a collection for external review

Register on BrightTalk

Presented on June 21, 2022

Organizations have proven more adept in protecting their own confidential and sensitive data than the personal and sensitive data of customers and employees. Privacy regulations have become a key tool for regulators and governments to force organizations to pay more attention to the data collected, processed, stored, and shared on individuals—much of it gained through new ubiquitous digital channels.

This webinar highlights the research findings and analytical insights of CyberRes Voltage and Osterman Research’s white paper, Privacy Compliance in the Unites States: Status and Progress in 2022 including:

• What is the current snapshot of privacy compliance?
• Why is privacy compliance important?
• What are the motivators today in the US?
• Are you ready for the next wave of compliance regulations?
• Understand the types of threats posed by employees.

Register and watch on BrightTalk

Presented on May 24, 2022

Organizations have proven to be more adept when protecting their confidential data than their customer’s personal and sensitive data. With information available on 15 billion individuals, from more than 100,000 data breaches, there is a bounty of data available to fuel identity theft, financial fraud and other malicious threats. 

Privacy regulations are a panacea on the horizon, but they haven’t been rolled out universally. For these privacy regimes to be effective regulators and governments need to force organizations to pay more attention to consumer data that is collected, processed, retained, stored and shared.

With the emergence of new privacy regulations — like California’s CPRA — it’s important to understand how organizations are responding.

Tune in as Gimmal’s Dean Gonsowski interviews Michael Sampson, senior research analyst from Osterman Research, who completed a recent white paper on organizational privacy compliance.

Register and watch on Gimmal

Digitalization has brought immense opportunities to make the ways we conduct business, complete day-to-day tasks, and spend our free time more efficient and simple. But it has also brought about previously unseen challenges to our privacy and network security.

Threat actors are actively exploiting technology to profit financially or collect data on organizations and users. In times when data is the new oil, it’s worrying that many companies still focus on the after-attack recovery rather than prevention.

Today we’ve talked with Michael Sampson, a Senior Analyst at Osterman Research, to provide you with insights about emerging threats, effective cybersecurity solutions, and tips on how to protect oneself against cyberattacks.

Tell us about your journey. How did Osterman Research originate?

Michael Osterman founded Osterman Research in 2001. He had been working for other market research companies before founding his own firm, but he saw an opportunity to invest his considerable research and analysis skills under his own name. The rest is history, as they say, and hundreds of research projects later, we continue to pursue insights to help technology vendors get better and organizations improve. There have been some research themes that have come and gone over the years. For example, we do almost nothing now on market sizing for messaging and collaboration tools, which were of higher interest in our early years. I started working with Michael Osterman in 2008, although it wasn’t until the beginning of 2021 that I stepped into a Senior Analyst role.

Can you tell us a little bit about what you do? What are the main challenges you help navigate?

We do primary market research, such as surveys, on three core topics – cybersecurity, data protection, and information governance – and share those findings in white papers and webinars. We frequently work with technology vendors who want to understand the state of a market segment and the trends in the market, both to shape internal product and service deliverables and also to educate their market on current issues. We also conduct market research on topics of more general interest that multiple technology vendors sponsor. For example, we have recently released multi-sponsor reports, including Privacy Compliance in the United States, Cybersecurity in Financial Services, and How to Deal with Business Email Compromise.

In your opinion, what industries should be especially attentive to the IT market trends and conduct research regularly?

Industries that are characterized by rapid change of various types are best served by regular research to stay current. That change might be in the form of novel cybersecurity attacks that impact some industries much more than others (e.g., healthcare), or it might be those industries that are subject to greater levels of regulation and need to understand how regulatory changes will impact their customer base and revenue models. In short, the more that industry is subject to changes in market, regulatory or other conditions, the more it should focus on good research to understand how those changes will impact its ability to generate revenue in the future.

Did you notice any new cyber threats emerge as a result of the recent global events?

In the early days, unsecured Zoom rooms were a big problem with newly virtual teams. The education sector also saw this with remote learning, where people who should never have access to children were able to compromise Zoom-based classrooms and display pornography or worse. The ongoing cyberthreat, though, is the use of unsanctioned cloud apps or collaboration/chat tools by employees and business units for conducting official business. Although not a cyber threat per se, organizations must also understand the implications of new tools and their requirements to archive business information generated by them. For example, if an organization is required to archive business communications from Zoom calls and fails to do so, it could run afoul of its regulatory obligations to retain data. Similarly, if that organization does archive these communications but experiences a ransomware attack and loses their archived data, they could face the same regulatory consequences.

Despite all the solutions available today, some companies and individuals still refuse to update their cybersecurity tools. Why do you think that is the case?

I’ll give an easy answer first: some will never change unless caught up in an incident that causes them direct and significant pain. No amount of warning, cautioning, risk mitigation, or best practice advocacy will ever be enough to get some companies/individuals to change. Our research has shown that a significant proportion of organizations are not sufficiently proactive. They tend to react quickly and with an adequate budget when hit by a major ransomware attack, for example, but tend to be far less proactive in preventing these types of incidents.

Another of my answers is more nuanced and multifaceted. Cybersecurity is a complex and ever-changing field that can be difficult for many companies to understand, given the wide range of security solutions available and the enormous number of vendors that offer competing solutions. For example, and quite conservatively, there are at least 2,500 different cybersecurity vendors operating today. It’s a nearly impossible task for the IT and security decision-makers to fully understand the offerings from all these vendors, compare them properly, understand how they will integrate into their current security infrastructure, and so forth. That results in suboptimal decision-making by many, and it can lead to a sort of decision paralysis where there is too much information to process, and so, decision-makers do nothing.

Keeping up with data protection requirements can sometimes be complicated. What details are often overlooked by organizations?

Agreed, it is complicated, and we’ve written lots of reports on this topic. The shortcoming that I see most often is a lack of maturity in underlying data disciplines, such as:

• Not having an up-to-date data audit that shows what data you have and where it’s located.
• Ignoring commonly used systems that increasingly contain data that requires protection, such as cloud storage services, unsanctioned cloud apps, mobile apps, etc.
• Not having the tools to automatically discover and classify the data across all systems and data repositories.

Peter Drucker famously said that you can’t manage what you can’t measure, and if seeing precedes measurement, then the lack of insight and optics into data is a fundamental stumbling block to meeting new and emerging data protection regulations.

What are some of the best practices organizations should adopt to protect their workforce and customer data?

I would recommend following these tips to improve the company’s cybersecurity posture:

• Train your employees to be security-conscious and aware of security threats.
• Encrypt more of your data at rest, in transit, and in use.
• Stop using only a username and password as the way an employee gets access to systems, applications, and data. They are too easy to compromise through a whole collection of attack types.
• Adopt passwordless authentication, modern authentication approaches, strong multi-factor authentication, biometrics, and hardware-based security keys. They are all much better approaches that decrease the likelihood that the wrong person will be able to impersonate someone else to access their data.
• Limit access to sensitive data and systems to those employees and others who need it, and not provide access to resources when it’s not necessary. Reducing the attack surface in this way can help significantly to reduce exposure to cyberattacks.

And for casual Internet users, what security tools should they implement to stay safe online?

These, in my opinion, are the most necessary security tools for everyone:

• Password managers. Use a password manager to store your account details and passwords. Modern password managers mean you only have to remember one password; the password manager does the rest. They also make it super easy to use passwords of 20 characters or more, which are a billion times harder (literally) to crack than shorter passwords.
• Multi-Factor Authentication (MFA). Use MFA everywhere you can; stronger forms of MFA essentially eliminate the risks associated with phishing and credential attacks.

But beyond tools, there are security-minded principles too. These are the approaches I would recommend following:

• Be aware of unofficial app stores. You may save a few dollars by getting a cheap app, but it comes at the cost of having your data stolen or malware installed on your device to steal account details.
• Be aware of links and attachments sent to you from unknown parties. Organizations increasingly use advanced email security tools to check links and attachments before delivering them to employees; consumer email services are less likely to have these.
• If an offer seems too good to be true, it probably is. Don’t bite the hook! No rich widow that you don’t know or Nigerian prince or lawyer for the same is going to wire you $45 million.
• Be skeptical of almost everything you encounter online. Think about and check out links you receive in email, on Twitter, on Facebook, etc. Most are benign, but the small percentage of those that are malicious can be very damaging.

Tell us, what’s next for Osterman Research?

Our recent research has been very oriented around cybersecurity, complemented by several programs on data protection and data privacy. Over the past 18 months, we have done less on information governance. I’d like to get back into research on that, while not letting go of our focus on the other two. However, regardless of what might change in the topics we research, what’s next – the sense that we will always strive to deliver profound insight to the clients we serve and the organizations with which we work to make successful.

Our thanks to CyberNews for the opportunity to share our viewpoint on these topics.

Sponsored by Micro Focus, Mimecast, Smarsh and Waterford Technologies

Executive Summary

Information governance can be defined as “policy-based control of information to meet all legal, regulatory, risk, and business demands”. It is an essential best practice for any organization, but particularly larger ones that must satisfy a complex set of regulatory, legal and other compliance demands. Archiving technologies – solutions designed to capture, index and store content – are an integral component of any information governance capability and must be considered as part of an overall information governance initiative.

Request a Copy

Sponsored by NetGovern

Executive Summary

As organizations explore new cloud services for productivity and collaboration, mature information governance capabilities do not become less important. Microsoft, NetGovern and various other third-party vendors offer capabilities for governing information, albeit with strengthens in different areas. Ensuring the right information governance capabilities are available to the various organizational groups with shared responsibility for this area is essential.

This report compares and contrasts the respective approaches to information governance by NetGovern and Microsoft 365. It is offered to enable professionals with responsibility for information governance evaluating the move to Microsoft 365 to gauge suitability to task of the information governance tools offered by both vendors.

This white paper is intended for IT professionals, cybersecurity teams, compliance and risk professionals, and legal teams – including CISOs, CIOs, general counsel and others who need to gain a better understanding of information governance, particularly in the context of how they will handle information governance in Microsoft 365 environments.

Request a Copy

Sponsored by Ipswitch, NetGovern and Netwrix

Executive Summary

Most organizations struggle with how to manage the enormous volumes of information they have today, but the problem is going to become much more difficult in the future as both the number of new data types and the volume of data increase. To get a handle on these problems, decision-makers should implement an information governance program that will:

• Help to properly manage their data
• Enable their organizations to satisfy their legal, regulatory and best practice obligations
• Enable improved employee productivity
• Reduce the overall corporate risk associated with improper information management.

Request a Copy

“File governance” is a big term, but everyone knows that a comprehensive file governance strategy helps world-class organizations protect their files from data breaches and other security threats. The business value in such a strategy is easy to see in the age of file leaks, governmental privacy regulation, and legal compliance, but IT professionals and privacy officers alike often struggle to find the right ways to implement a comprehensive strategy for File Governance in such a complex environment. 

So, how do successful groups create policies, processes and technologies that ensure that files are properly managed according to corporate, regulatory and legal requirements? Join Michael Osterman, President and Lead Analyst at Osterman Research, as he shares the keys to implementing a winning File Governance strategy in a rapidly evolving technology landscape.

You’ll learn:

• What are the most important drivers for good file governance (and what isn’t)
• The important mindset change that leads to better governance
• Why automation is so powerful, and where it makes sense
• When and where to implement strategic deletion initiatives
• … and more!

Register to watch the recording

• Strategies for Archiving in Hybrid Environments – December 2017, sponsored by Micro Focus
• Managing the Challenge of GDPR: Osterman Research Survey Results – November 2017, sponsored by RSA
• Osterman Research: Filling in the Gaps in Office 365 – July 2017, sponsored by Agari
• Fake or Real CEO Email? – June 2017, sponsored by Trend Micro and MSExchange
• The Why, the What and the How of the SDDC – May 2017, sponsored by McAfee and VMware
• Strategies for Countering Ransomware, BEC and Spearphishing by Strengthening Your Weakest Link – April 2017, sponsored by KnowBe4

Webinars in 2016

• Updated Trends and Statistics on the Cloud – November 2016, sponsored by dinCloud
• Demystifying Cloud Encryption: Industry Survey Results – October 2016, sponsored by CipherCloud
• Important Considerations When Migrating Archives to the Cloud – July 2016, sponsored by TransVault
• Surprises in Your Data Inventory: Seven Stories from Real Companies – May 2016, sponsored by Acaveo

Webinars in 2015

• Proactive Information Governance for Cyber Security, eDiscovery and Compliance – September 2015, sponsored by HP
• Better Tools Mean Happier and More Productive Workers – June 2015, sponsored by PleaseTech
• The True ROI of Information Governance – February 2015, sponsored by GWAVA

Webinars in 2014

• CloudCON 2014 – Messaging Track – December 2014, sponsored by Voltage Security
• Countering Web Site and Mobile Threats in Real Time – September 2014, sponsored by RiskIQ
• The Growing Need for Mobile Device Archiving – February 2014, sponsored by GWAVA
• Why Social Media Management and Archiving is a Best Practice – February 2014, sponsored by GWAVA