FedRAMP Equivalent vs. Authorized: What’s at Stake
Every vendor demo has a version of this moment. The slide goes up, the logo looks official, and the presenter says the platform is “FedRAMP equivalent.” Somewhere in the room,...
Security and Compliance Blog
Learn security strategies, compare vendors, and implement best practices to prevent breaches and compliance violations from risky third party communications.
Posts by Danielle Barbour
Danielle Barbour, Director of Product Marketing, Kiteworks
Danielle Barbour is Senior Director of Product Marketing, Regulatory Compliance at Kiteworks. Prior to joining Kiteworks, Danielle had direct experience with regulatory compliance within the medical tech start-up space and previously worked in the insurance and software industries. Danielle excels in translating diverse and creative ideas into strong revenue-driving programs.
She holds an MBA from Saint Mary’s College of California and a Bachelor’s degree from San Francisco State University.
ISO 27001 Implementation Guide for Manufacturing Firms in Qatar
Qatar’s manufacturing sector faces unprecedented security challenges as digital transformation accelerates across industrial operations. From automotive assembly lines to petrochemical processing facilities, organisations must protect sensitive operational data, intellectual property,...
What Manufacturing Companies Need to Know About ISO 27001 Certification
Manufacturing companies across the globe face unprecedented cybersecurity challenges as digital transformation reshapes their operations. ISO 27001 certification provides manufacturers with an internationally recognized framework for implementing comprehensive information security...
Why NIS 2 Expands Security Requirements for French Healthcare Providers
The EU’s NIS 2 Directive represents a fundamental shift in how European organisations must approach cybersecurity governance and operational resilience. For French healthcare providers, this directive doesn’t merely update existing...
When Misdelivery Meets ChatGPT: Healthcare’s AI Governance Warning Shot
The 2026 DBIR Healthcare vertical captures 1,492 incidents and 1,438 confirmed breaches. System Intrusion, Miscellaneous Errors, and Social Engineering accounted for 81% of breaches. External actors drove 81% of cases;...
CISA Just Made Agentic AI Governance an IAM Problem
On May 1, 2026, CISA and the Five Eyes cybersecurity agencies published “Careful Adoption of Agentic AI Services” — stopping treating agentic AI as a clever software feature and starting...
AWS Rex Open-Sources the Runtime Layer of Agentic AI Security
On May 4, 2026, AWS published Introducing Trusted Remote Execution: Policy-Enforced Scripts for AI Agents and Humans, open-sourcing Rex under the Apache 2.0 license. The architecture is straightforward: scripts are...
Federal Privacy Preemption Just Got Real: What the SECURE Act Means
For seven years, U.S. data privacy has run on two parallel tracks. State legislatures enacted comprehensive privacy laws — California first in 2018, then 20 others — while Congress repeatedly...
GDPR at Ten: The AI Decade Will Test Whether the Rules Can Hold
5 Key Takeaways The first decade of GDPR was a data-at-rest decade. Inventories, RoPAs, breach notices, DPIAs. The next decade will be a data-in-motion decade — prompts, training corpora, model...
DORA Article 28 Requirements: Why UK Banks Need Documented Exit Strategies for ICT Third-Party Services
Financial institutions across the UK face mounting pressure to demonstrate comprehensive control over their ICT third-party relationships. DORA Article 28 establishes specific requirements for documented exit strategies that enable banks...
GDPR Article 32 Technical Measures: What UK Defence Contractors Must Implement
UK defence contractors face unprecedented scrutiny over their data protection practices as regulatory authorities intensify enforcement of GDPR Article 32’s technical and organisational measures. The defence sector’s handling of sensitive...
How UK Financial Services Firms Comply with DORA Requirements in 2026
The Digital Operational Resilience Act (DORA) is an EU regulation that establishes comprehensive operational resilience requirements for financial entities operating within EU markets. UK-based firms are subject to DORA where...
How to Implement Business Associate Agreements for Healthcare Data Sharing
Healthcare organizations face mounting pressure to secure patient data while enabling essential business partnerships. When covered entities share protected health information with vendors, contractors, or partners, they must establish business...
Confidence Is Not Recovery: Why 72% Is Where the Regulatory Clock Starts
Key Takeaways Confidence-Reality Gap. 90% of organizations believe they can recover from ransomware, yet only 28% fully restore their data. 72% Recovery Average. The typical organization recovers just 72% of...
GDPR Enforcement in 2026: When Vendor Oversight Failures Become the Fine Multiplier
Key Takeaways Rising GDPR Fines Signal Structural Enforcement. €1.2 billion in fines were issued in 2025 alone, pushing cumulative totals since 2018 to €5.88 billion with breach notifications averaging 443...