Sponsored by Micro Focus, Mimecast, Smarsh and Waterford Technologies

Executive Summary

Information governance can be defined as “policy-based control of information to meet all legal, regulatory, risk, and business demands”. It is an essential best practice for any organization, but particularly larger ones that must satisfy a complex set of regulatory, legal and other compliance demands. Archiving technologies – solutions designed to capture, index and store content – are an integral component of any information governance capability and must be considered as part of an overall information governance initiative.

Request a Copy

Sponsored by NetGovern

Executive Summary

As organizations explore new cloud services for productivity and collaboration, mature information governance capabilities do not become less important. Microsoft, NetGovern and various other third-party vendors offer capabilities for governing information, albeit with strengthens in different areas. Ensuring the right information governance capabilities are available to the various organizational groups with shared responsibility for this area is essential.

This report compares and contrasts the respective approaches to information governance by NetGovern and Microsoft 365. It is offered to enable professionals with responsibility for information governance evaluating the move to Microsoft 365 to gauge suitability to task of the information governance tools offered by both vendors.

This white paper is intended for IT professionals, cybersecurity teams, compliance and risk professionals, and legal teams – including CISOs, CIOs, general counsel and others who need to gain a better understanding of information governance, particularly in the context of how they will handle information governance in Microsoft 365 environments.

Request a Copy

Sponsored by Authentic8, BitTitan, Dropsuite, ENow Software, OVHcloud, Smarsh, VMware Carbon Black, Yubico and Zix.

Executive Summary

The COVID-19 pandemic has had profound and unprecedented impacts on a global scale. The most common response of governments to the pandemic has been to implement “social distancing”, “stay-at-home”, “shelter-in-place” or similar types of edicts, which have forced millions of businesses to shut down their normal operations. Those that can continue operating have been suddenly forced into a situation in which employees and contractors are now working from home or other remote locations for an indeterminate period, causing IT, security, compliance and other staffers to scramble to accommodate a very different workplace paradigm.

To understand the impact of governmental requirements to shut down normal business operations, Osterman Research conducted an in-depth survey of more than 400 IT decision-makers and influencers, primarily in the United States. This report presents the results of that research and offers best practice guidance around what decision-makers may want to consider as they navigate the current crisis and plan for future eventualities. It’s important to note that while the topic of this paper relates to the current pandemic, the advice offered herein will be useful to decision-makers and influencers who must plan for future crises, whether limited in scope to a particular region after an earthquake or hurricane, for example, or to another global event.

Request a Copy

Sponsored by Quest Software, Trend Micro and VMware Carbon Black.

Executive Summary

Endpoints used to be safely operated behind a network perimeter. However, the rapid growth of remote access to corporate resources, cloud-based applications and social media by desktops, laptops, smartphones and tablets means that the endpoint is now the new perimeter. Endpoints are being attacked in a variety of ways, including email-based phishing, ransomware, malware, and drive-by-downloads from web surfing.

Given that endpoints often store large quantities of corporate data, and also contain virtually everything that attackers need to gain entry into corporate networks, robust endpoint protection is a critical element in any corporate security infrastructure.

Request a Copy

Sponsored by Proofpoint, VMware Carbon Black and Yubico

Executive Summary

The financial services industry is under cyber attack. It is subjected to the highest rates of attack of any vertical market, the source of one-third of all data breaches, and it is vulnerable due to both negligence and carelessness of employees and other insiders. Compounding the problem is the sudden “work-from-home” phenomenon that began in March 2020 and that has forced many financial advisors and others into working from home with security solutions that are not always as robust as when they are in the office.

Cyber criminals are attracted to financial services’ firms storehouses of confidential data, along with the potential for quick payoffs through fraudulent money transfers after credential theft or unauthorized system access. And, cyber attacks are getting worse: the Financial Industry Regulatory Authority (FINRA) noted in 2019 that “cybersecurity attacks continue to increase in both number and level of sophistication.”

This white paper provides best practices guidance on defending against and recovering from various types of cyber-attacks and threats, in order to strengthen preparedness and improve resilience across the industry.

Request a Copy

Sponsored by MailStore

Executive Summary

Despite the increasing use of solutions like Microsoft Teams and Slack, email continues to be the primary method that most users employ for sending and receiving documents and for collaboration with others. Email contains a wealth of critical information and this information must be protected through robust email backup and archiving capabilities so that businesses and users have ready access to this data at all times.

Even though a growing number of businesses are moving to Microsoft 365, they will continue to need employ best practices for email backup and archiving to protect, preserve and keep available their corporate data – backup and archiving don’t just happen automatically in Microsoft 365. Moreover, email backup and archiving capabilities must accommodate scenarios that Microsoft 365 does not handle as well as some third-party solutions, such as hybrid environments and those that include non-Microsoft data.

This white paper discusses why small and mid-sized businesses (SMBs) should deploy an email archiving solution, and why they should consider the use of a third-party solution instead of the native email archiving solutions within Microsoft 365.

Request a Copy

Sponsored by Egress, KnowBe4, Nyotron, VMware Carbon Black, Yubico and Zix

Executive Summary

Healthcare is one of the most highly targeted industries by cyber criminals, with attacks including ransomware, data theft, and business email compromise (BEC), among others. New ransomware attacks against healthcare organizations across the world are disclosed almost daily, such as Great Plains Health in the United States (November 2019), Rouen University Hospital in France (also in November), and two health alliances in Australia (September 2019). Hospitals account for one-third of data breaches in the United States, and the industry has faced increasing threats during 2019. BEC attacks, initiated through successful phishing and other attacks, lead to data theft, snooping, and unauthorized access to patient data. Attacks result in numerous negative outcomes, including service delivery disruption, high recovery costs, and even business termination, among others.

Request a Copy

Sponsored by Cobalt Labs, Inc.

Executive Summary

This is the third of a three-part series of white papers focused on the essential best practice of penetration testing (pentesting), the goal of which is to identify and prove vulnerabilities within a system or application’s scope within a defined amount of time. As noted by Security Innovation Europe, pentesting “is the process of testing your applications for vulnerabilities, and answering a simple question: ‘What could a hacker do to harm my application, or organization, out in the real world?’”

Pentesting can involve a wide range of techniques and practices, including static and dynamic analysis, and includes things like SQL injection, cross-site scripting and backdoors in an effort to understand and exploit an application’s vulnerabilities. Pentesters will attempt to do things like intercept traffic, exfiltrate sensitive data or escalate user or admin privileges within applications to determine just how vulnerable an application might be to hackers and other cybercriminals.

Request a Copy

Sponsored by Cobalt Labs, Inc.

Executive Summary

This is the second of a three-part series of white papers focused on the essential best practice of penetration testing (pentesting), the goal of which is to identify and prove vulnerabilities within a system or application’s scope within a defined amount of time. As noted by Security Innovation Europe, pentesting “is the process of testing your applications for vulnerabilities, and answering a simple question: ‘What could a hacker do to harm my application, or organization, out in the real world?’”

Pentesting can involve a wide range of techniques and practices, including static and dynamic analysis, and includes things like SQL injection, cross-site scripting and backdoors in an effort to understand and exploit an application’s vulnerabilities. Pentesters will attempt to do things like intercept traffic, exfiltrate sensitive data or escalate user or admin privileges within applications to determine just how vulnerable an application might be to hackers and other cyber criminals.

Request a Copy

Sponsored by Cobalt Labs, Inc.

Executive Summary

This is the first of a three-part series of white papers focused on the essential best practice of penetration testing (pentesting), the goal of which is to identify and prove vulnerabilities within a system or application’s scope within a defined amount of time. As noted by Security Innovation Europe, pentesting “is the process of testing your applications for vulnerabilities, and answering a simple question: ‘What could a hacker do to harm my application, or organization, out in the real world?’”

Pentesting can involve a wide range of techniques and practices, including static and dynamic analysis, and includes things like SQL injection, cross-site scripting and backdoors in an effort to understand and exploit an application’s vulnerabilities. Pentesters will attempt to do things like intercept traffic, exfiltrate sensitive data or escalate user or admin privileges within applications to determine just how vulnerable an application might be to hackers and other cybercriminals.

Request a Copy