Bob Ertl

AI-Powered Phishing Has Overwhelmed Legacy Email Security: What the Osterman Research Report Means for Organizations Managing Sensitive Data

by Bob Ertl February 25, 2026February 25, 2026 | Cybersecurity Risk Management

Your email security gateway is not protecting you. It is giving you a false sense of security while AI-powered attacks walk through the front door. That is the central finding...

7 Proven Steps to Securely Share CUI Between Agencies and Contractors

by Bob Ertl February 9, 2026 | CMMC Compliance

CUI often moves across organizational boundaries, systems, and jurisdictions. Each handoff—an email with a drawing, a file transfer to a supplier, an upload to a government portal—creates risk if labels,...

CMMC 2.0 Compliance for Defense Software Contractors: What You Need to Know

by Bob Ertl February 1, 2026February 2, 2026 | CMMC Compliance

If you’re a defense software contractor, CMMC 2.0 compliance isn’t optional. It’s your ticket to bidding on DoD contracts. The Department of Defense has made it clear: they’re done with...

How to Fix Common CMMC Gaps Blocking Your Data Workflow Security

by Bob Ertl January 20, 2026 | CMMC Compliance

A clear, auditable path to CMMC hinges on fixing a handful of recurring weaknesses in how organizations move, store, and share Controlled Unclassified Information (CUI). In this guide we’ll show...

DSPM vs. DLP vs. IRM: Do You Need Just One or All Three for Complete Data Protection?

by Bob Ertl December 18, 2025January 19, 2026 | Cybersecurity Risk Management

Modern enterprises juggle sensitive data sprawled across endpoints, SaaS apps, cloud services, and legacy systems. This fragmentation—paired with rising regulatory pressure—creates breach and compliance risk that a single tool rarely...

DSPM vs. CSPM vs. SSPM: Which is Best for Protecting Your Business?

by Bob Ertl December 18, 2025January 20, 2026 | Cybersecurity Risk Management

Modern security teams juggle infrastructure, application, and data-layer risks across hybrid and multi-cloud estates. The best way to manage DSPM across cloud platforms isn’t an either/or choice among DSPM, CSPM,...

5 Critical Integrations Every DSPM Solution Needs

by Bob Ertl December 17, 2025January 20, 2026 | Cybersecurity Risk Management

DSPM discovers where sensitive data lives, classifies it, and continuously evaluates risk and exposure across clouds, apps, and repositories. To translate discovery into measurable risk reduction, DSPM must integrate with...

Microsoft GCC High: Disadvantages Driving Defense Contractors Toward Smarter Advantages

by Bob Ertl December 17, 2025December 23, 2025 | Cybersecurity Risk Management

If you're a defense contractor staring down CMMC 2.0 deadlines, you've probably had the "GCC High conversation" at least a dozen times by now. Your IT team brings it up....

My DSPM Solution Has Identified and Classified Sensitive Data. Now What?

by Bob Ertl December 12, 2025December 23, 2025 | Cybersecurity Risk Management

You’ve done the hard part: your DSPM deployment has surfaced where sensitive data lives and how it’s classified. Now the imperative is to turn labels into action—tightening access, applying controls,...

7 Proven Steps to Uncover Shadow Data with DSPM Tools

by Bob Ertl December 10, 2025December 23, 2025 | Cybersecurity Risk Management

Shadow data—sensitive information saved outside sanctioned systems such as personal cloud drives, ad hoc backups, or email attachments—evades standard controls and is a leading cause of silent data exposure. The...

How to Secure Classified Data Once DSPM Flags It

by Bob Ertl December 9, 2025December 23, 2025 | Cybersecurity Risk Management

When a DSPM platform flags classified data, the next move is to lock it down—fast and permanently. That means enforcing least-privileged access, encrypting at rest and in transit, continuously monitoring...

Essential Strategies for Protecting DSPM‑Classified Confidential Data in 2026

by Bob Ertl December 8, 2025December 23, 2025 | Cybersecurity Risk Management

Protecting confidential data that your DSPM solution flags requires more than discovery—it demands continuous classification, least‑privilege access, automated remediation, and audit‑ready governance. In 2026, the fastest way to reduce risk...

Why DSPM Falls Short and How Risk Leaders Can Mitigate Security Gaps

by Bob Ertl December 8, 2025December 23, 2025 | Cybersecurity Risk Management

Data Security Posture Management (DSPM) refers to the processes and tools that provide organizations visibility into their data assets, monitor risks, and help maintain regulatory compliance across multi-cloud, hybrid, and...

Version Control: The Secret Ingredient to Secure File Sharing

by Bob Ertl December 3, 2025December 23, 2025 | Secure File Sharing

In an era where collaboration drives business success, organizations face a core challenge: enabling seamless file sharing without compromising security. Encryption, identity and access management, and policy enforcement provide the...

Is Your Encryption Strategy Protecting Your Sensitive Data?

by Bob Ertl November 25, 2025December 23, 2025 | Cybersecurity Risk Management

Most organizations have encryption deployed somewhere. Few have an encryption strategy that comprehensively protects sensitive data across all channels, storage locations, and third-party exchanges. The difference between “encryption deployed” and...

Security and Compliance Blog

Learn security strategies, compare vendors, and implement best practices to prevent breaches and compliance violations from risky third party communications.

Posts by Bob Ertl