Compliance

Arctera named a Leader in Gartner Magic Quadrant

Arctera (Veritas Technologies), a data management expert and formerly part of Veritas, has been positioned as a Leader in the inaugural Gartner Magic Quadrant for Digital Communications Governance and Archiving Solutions (DCGA). The report’s publication comes shortly after Arctera announced it will put renewed focus on its Data Compliance InfoScale and Backup Exec businesses, following its split from Veritas. The new Gartner report covers a landscape that Arctera believes is marked by growing multichannel and AI-powered communications, which are subjecting organisations to greater regulatory scrutiny and steep penalties for violations. To mitigate data compliance risks in this evolving landscape, organisations from the most heavily regulated industries around the world rely on information governance, eDiscovery and surveillance products from Arctera. This includes more than 70% of the world’s top financial firms. Lawrence Wong, now Chief Executive Officer at Arctera, says, “The issue of data compliance is a board-level conversation, driven by the enormous growth in data, digital and off-channel communications and the rise of generative AI. The complexity of compliance challenges is increasing and so are the stakes. Arctera understands this well. We view Arctera’s (Veritas Technologies’) position in the Gartner Magic Quadrant for DCGA as a testament to the strength of our portfolio and proven expertise in helping organisations simplify compliance. “Our data compliance business has consistently been an industry leader. With the opportunity to put the spotlight even more on compliance within Arctera, we intend to extend our position and bring even greater value to our customers.” Tom Lounsbury, Director of Business Development at Bluesource, notes, “When our customers are evaluating compliance solutions, they want the confidence that comes from working with a specialist like Bluesource, deploying a solution from an industry leader like Arctera. When it comes to compliance, organisations want to trust that technology is at the forefront of innovation, using the most advanced tools to ensure that they meet even the strictest of regulatory standards.” Arctera Data Compliance offerings are available across all operational models, including on-premises, self-managed and SaaS. Visit arctera.io on 13 January 2025 to download a complimentary copy of the full Gartner Magic Quadrant for Digital Communications Governance and Archiving Solutions.

Aruba obtains certification for identity proofing innovation

Aruba, an Italian provider of cloud and data centre services, has announced that Aruba PEC – part of the Aruba Group – has obtained certification for compliance with ETSI 119 461 standards, as well as other relevant technical standards for its remote automatic identity proofing solution. This certification proves Aruba’s compliance with European technical standards for identification services related to trust services established by the European Telecommunications Standards Institute (ETSI). Aruba's certified identity proofing innovation, which will be officially unveiled in the coming months, enables the certain identification of applicants for the activation of trust services in accordance with eIDAS regulations. Its potential, however, goes beyond trust services with numerous use cases that integrate applicant identification processes. With the use of artificial intelligence (AI), and advanced liveness detection and face-matching algorithms, this technology can be used for applicant recognition in a range of automated onboarding processes. For example, it can be applied to situations such as the opening of a bank account or issuance of mobile phone SIM cards to optimise customer identification processes. This will enable organisations to improve their user experience, reducing verification time and ensuring the highest level of security and reliability for customers. An additional benefit of Aruba's innovation is that it can support financial institutions in ensuring compliance with the requirements of the European Digital Operational Resilience Act (DORA) directive on digital operational resilience of financial institutions. DORA mandates the adoption of effective measures to protect digital operations from cyber threats. Aruba's fully automated, AI-based identity proofing solution meets these requirements by reducing digital onboarding risks and improving data protection for financial institutions. For Aruba, the digital identity sector is a strategic lever in a rapidly expanding market which it is investing in decisively. These investments include internal research projects taken on by the Aruba Software Factory and ongoing collaboration with important research organisations and academic institutions such as the Polytechnic of Turin and the LINKS Foundation, to develop advanced AI solutions. These projects all work towards the goal of improving digital identification processes by developing new algorithms and ensuring the highest standards of security, reliability and ease of use. Marco Mangiulli, CIO and Head of Software Development at Aruba, comments, “AI is opening up new opportunities for the world of trust services and digital identity. The certification of our solution to ETSI standards allows us to operate at the highest levels of security and regulatory compliance, offering flexible and innovative solutions that improve not only operational efficiency, but also digital resilience, in line with European regulations. “Digital onboarding and identity proofing processes are crucial for the activation of numerous services, including digital identity services in Italy, such as SPID, IT Wallet and EUDI Wallet. With the support of AI and the continuous evolution of Aruba's solutions, the company is at the forefront of digital transformation and operational security in the trust services industry and beyond.” For more from Aruba, click here.

Underinvestment blamed for IT security compliance failures

Companies are failing to achieve continuous IT security compliance because they are allowing their procurement processes to become outdated, according to new research from Vertice, a SaaS and cloud spend optimisation platform. Vertice surveyed 300 global procurement leaders to rate their business purchasing processes across seven key areas, and to also rate their ability to maintain continuous IT compliance - and discovered a clear correlation between an organisation’s procurement maturity and the businesses’ security. Vertice's Procurement Impact Report reveals that businesses with an optimised and automated procurement function see a 20% improvement in achieving compliance compared to those with manual and decentralised processes. Alarmingly, only one in six (18%) companies have made the necessary improvements, which include adding automated internal and external compliance checks to procurement request intake forms, along with pre-approved suppliers and intelligently adding suitable compliance stakeholders to the approval process. Meanwhile the remaining 82% of businesses - whose procurement processes are instead manual, undefined and inconsistent - all struggle to maintain continuous IT and security compliance. The findings also indicate that procurement leaders are struggling to control shadow IT without intelligent procurement processes in place, with 30% reporting that employees frequently bypass IT and procurement checks to adopt new suppliers. This issue is particularly prevalent in the US, where over one-third (34%) of leaders worry that maverick spending will become increasingly challenging unless their procurement functions are modernised. Vertice’s report discovered that the US is significantly lagging behind the UK, with almost half (44%) of businesses in the lowest maturity levels, whereas two-thirds (67%) of UK businesses are in the more advanced stages of procurement maturity with more reliance on automation, AI and integrations. Despite the significant benefits that procurement maturity brings to companies, many leaders are facing a growing number of risks and challenges when establishing high-performing procurement functions. Worryingly, 37% of respondents say that procurement is not a strategic priority versus other initiatives, and 35% say their organisation is not willing to invest in the skills to tackle the issue. Eldar Tuvey, CEO and Founder of Vertice, says, “Procurement is an important catalyst to business compliance; the secret weapon that often goes unnoticed. Quick, intelligent, integrated processes can equip teams faster, and without compromising safety and compliance. But most procurement departments have been unable to mature their outdated, manual processes, throttling the businesses’ progress and putting compliance at risk.” Among other benefits, Vertice’s research found that businesses with the most advanced procurement processes are: • 34% faster to deploy innovative projects• 29% faster in bringing new products and services to market• 27% more efficient than their peers• 22% more effective in controlling budgets (Compared to those relying on manual, decentralised and reactive processes). To help procurement teams accelerate their maturity, deliver strategic impact quicker and support compliance better, Vertice today launched Intelligent Workflows, a procurement orchestration tool built to simplify and accelerate purchasing processes, and ease the manual burden on busy procurement teams. Intelligent Workflows introduces smart, pre-emptive decision-making into the procurement process - including automated pre-approvals and routing, and simplified but accurate compliance - and also granular control and visibility into every ongoing purchase, renewal and intake. Eldar continues, “Modern procurement teams’ roles are increasingly broad and complex. And in fast-growing or rapidly-changing businesses, procurement processes aren’t always keeping up - meaning procurement teams are finding themselves filling in the gaps manually. It’s a step back for procurement when the business is trying to make leaps forward. “Intelligent Workflows is the boost these teams need. Our new procurement orchestration tool brings automation and intelligence to the purchasing process, by eliminating manual approval routing and re-routing, anticipating bottlenecks, and reducing the daily workload for procurement teams - all while improving control and speed of outcomes. For more from Vertice, click here.

Immuta and Data Reply join forces to steer data-driven excellence 

Immuta has announced a strategic partnership to help German organisations create modern data environments with the confidence of automated and secure data access controls.  Following the expansion, Immuta’s collaboration with Data Reply’s expertise and consultation will empower organisations to innovate and maximise the value of data with secure data protection at scale.   To accelerate data-driven decision-making, organisations require trusted advice on enhancing data security, ensuring compliance, optimising data management costs, and improving data architecture agility. Data Reply's data and AI expertise is now coupled with Immuta’s data security platform.  The partnership brings together two vital aspects for organisations seeking data-driven excellence:  Data governance: Immuta brings its expertise in providing unrivalled cloud data access control, allowing organisations to automate access control for any data, across any cloud service, and all compute infrastructure.  Data and AI system integrator: Data Reply stands as a dependable partner, empowering customers to unleash the full potential of their data assets through strategic data initiatives and advanced solutions.  The partnership will focus on the following key areas:  Data governance: Immuta’s platform will help German organisations to implement and enforce data governance policies. This will help to ensure that only authorised users have access to sensitive data, and that data is used in a compliant manner.  Compliance: It will help them to comply with data privacy regulations, such as the General Data Protection Regulation (GDPR). This will help to protect the privacy of individuals and organisations, and to avoid costly fines.  Agility: It will also help make their data architecture more agile. This will make it easier to change data access permissions, and to respond more quickly to changing business needs. 

Quantum announces ActiveScale Cold Storage bundles

Quantum has announced new pre-configured bundles to make it even easier to purchase and deploy Quantum ActiveScale Cold Storage, an S3-enabled object storage solution architected for both active and cold data sets, that reduce cold storage costs by up to 60%.  With the massive amount of data that customers need to retain for business and compliance purposes, they are using both public and private cloud resources to store and manage it, driven by their budget, the frequency with which they need to access the data, and their data protection requirements. With ActiveScale, customers can build their own cloud storage resource to control costs and ensure fast, easy access to their data for compliance, analysis, and to gather insights to drive business forward.  As a leading 'outperformer' in the latest GigaOm Object Storage: Enterprise Radar Report, ActiveScale combines advanced object store software with hyperscale tape technology to provide massively scalable, highly durable, and extremely low-cost storage for archiving cold data, enabling organisations to maintain control of their most valuable data assets and unlock value in cold data over years and decades without unpredictable and expensive access fees.  Whether customers are developing solutions for life and Earth sciences, media production, government programs, web services, IoT infrastructure, or video surveillance, ActiveScale is ideal for unstructured data management, data analytics and AI workloads, active archiving, and long-term retention and protection of massive datasets.   To simplify purchasing, ActiveScale Cold Storage is now available in pre-configured bundles, complete with all the components that customers need to easily deploy the solution. The bundles are available in four standard capacity sizes — small, medium, large and extra large — ranging from 10PB up to 100PB. 

Colt partners with Venari Security to protect against cyber risks

Colt Technology Services has announced a collaboration with Venari Security. The partnership will give organisations deeper visibility into their encrypted network traffic, improving security and helping them to stay on top of complex regulatory requirements. The collaboration will see Colt integrate VigilanceAI, Venari Security’s Encrypted Traffic Analysis (ETA) platform, into its existing service offering. The platform provides insight and visibility into how encryption is actively used across the enterprise, including cloud, regulated and third-party environments, allowing Colt customers to maintain strong encryption standards while supporting data privacy in transit. By providing this validation and visibility, Colt’s customers can reduce their risk exposure and potential attack surface. Mirko Voltolini, VP Innovation, Colt Technology, says, “At Colt, we look for innovative technologies to help solve our customers’ real business challenges. Venari Security’s solution enables businesses to measure, monitor, and ensure compliance with encrypted communications. Regulated industries and global organisations face significant challenges meeting country-specific and regulatory obligations. In recent years we have seen a significant change in regulatory and privacy laws requiring data to be encrypted in transit. Venari Security’s VigilanceAI platform enables Colt to help our customers solve in a truly innovative way the challenge associated with encrypted communications.” Hiten Mistry, Chief Revenue Officer, Venari Security, says, “We are delighted to partner with such a prominent innovative network and technology operator. With Colt’s footprint across capital markets and enterprise organisations, we are genuinely excited about this partnership. Our platform enables organisations to understand their encrypted communications, highlight risks and ensure that customers meet their privacy and regulatory obligations regarding encryption. Organisations face the potential of significant financial penalties and reputational damage by not adhering to privacy and regulatory compliance. Additionally, with the rise of quantum computing, organisations need to gain visibility of their encrypted communications to deliver a plan for a post-quantum era.” 74% of organisations have reported one or more cyber security incidents in the last 12 months, according to Forrester’s April 2023 'Top Cybersecurity Threats in 2023' report. The VigilanceAI platform consists of two solutions, V-Comply and V-Detect. Colt will be integrating both solutions into its offering, enabling it to provide a thorough TLS attack surface review as part of the routine security hygiene service it offers its customers. The collaboration is the latest to be announced as part of Colt’s ongoing digital transformation programme, focused on enhancing, simplifying and automating systems and processes which directly address customers’ business challenges, to boost Colt’s customer experience.

Secure I.T. Environments builds 1MW energy efficient data centre

Secure I.T. Environments has announced the handover of a 1MW, 200 cabinet, data centre design and build project for Proximity Data Centres. Designed, built and project managed by Secure I.T. Environments, the new facility was built into the ground floor of an existing building containing data centres, and is 441m2 in size. The perimeter of the data centre was based on a 60 minute fire-rated modular wall and roof construction, which included a separate UPS and switch room located in another area. The mechanical and electrical (M&E) specification was designed to comfortably handle a constant 1MW load, based on 200-cabinets at 5kW per cabinet. The modular design of the M&E infrastructure means that components can be added to support the needed load in incremental phases to match the IT load. Energy efficient N+1 air conditioning, was supplied and installed throughout the installation, as well as Novec fire suppression and VESDA detection, extraction systems, environmental controls and security systems, including CCTV, door access systems, intruder alarms and leak detection. The project included the management of planning permission applications for all plant equipment on site, and ensuring compliance with development, health and safety, and building control regulations at every stage for both construction and fire safety compliance. A full-time project team was allocated to the project, conducting regular inspections to ensure contract specifications and quality were maintained. John Hall, Managing Director, Colocation at Proximity Data Centres, says, “This was a significant expansion of the data centre services we offer at a key site, and we wanted to ensure the best possible outcomes. The data centre has been designed to achieve the best possible annualised PUE and Secure I.T. Environments has done an excellent job of delivering the project, handling every aspect of construction, installation and testing.” Chris Wellfair, Projects Director at Secure I.T. Environments, adds, “It is always great to work with clients that are truly committed to having the most energy efficient data centres. Having complete ownership of a data centre project means we can ensure the most efficient build programme, and for our clients means they have only one place to go to get things done and discuss progress. It is great to be handing over this data centre to Proximity on time, in budget, and to a world class specification.”

Instant migration made possible with WhiteSpider

Organisations will be able to build and move services from one cloud service to another within a single, one-touch solution, thanks to the latest product launch from WhiteSpider. WhiteSpider says that its WhiteSpider Hybrid Cloud solution is among the first in Europe to provide one-touch automated service instantiation and service migration, bringing crucial applications closer to where they’re needed, and deliver a better quality of experience and optimised operations to its users. Whilst data centres have constraints on physical location and the speed of scalability, along with significant upfront costs, public cloud can also carry high ongoing operational and migration costs. In response, the WhiteSpider Hybrid Cloud service has been designed to offer unparalleled scalability, enabling the expansion or contraction of services based on business demands whilst migrating data to the unlimited space available through cloud-based services. “WhiteSpider’s Hybrid Cloud offers unparalleled flexibility where cloud migration is concerned”, says WhiteSpider Managing Director, Phil Lees. “Whether it be a web, storage, or SD-WAN service, it can be built instantly in any cloud, then moved seamlessly between your private and public cloud to where its needed most. This is all managed and provisioned as code rather than manual processes, allowing the implementation of any type of service, at any scale, onto any cloud service required.” Built on Cisco and VMware technologies, the solution is compatible with all major public cloud providers, including AWS, with further integration to Azure and Google Cloud Platform in the coming months. Through WhiteSpider’s Hybrid Cloud, users can rapidly move workloads to where they are needed, whether for cost, compliance or security reasons, and gain visibility of data as it traverses the cloud services. The Hybrid Cloud solution is orchestrated through WhiteSpider’s custom tool, Merlin, which controls the instantiation, management, and monitoring of the infrastructure, giving customers full visibility and insight into the full cloud stack. Through Merlin, WhiteSpider can call upon a library of integrations to support any vendor the customer wishes to utilise.

New study examines application connectivity security in the cloud

The Cloud Security Alliance (CSA) has released its report, ‘Deconstructing Application Connectivity Challenges in a Complex Cloud Environment’. The survey, conducted in partnership with AlgoSec, sought to better understand the industry’s knowledge, attitudes and opinions regarding application connectivity security in the cloud. “Increasingly, organisations are taking advantage of SaaS applications to the point where application security has become an integral part of many organisations' security strategies. Despite their growing prevalence, organisations are still faced with a host of pain points when it comes to application connectivity security and risk management,” says Hillary Baron, Senior Technical Director for Research, Cloud Security Alliance. Among the key findings Managing risk for application connectivity is a complicated task. Lacking a single source of truth, organisations are trying to use multiple methods to get similar information: 53% of respondents reported using a cloud provider’s assessment service, 50% use a third-party cloud-only tool, another 45% use a generic risk or vulnerability assessment tool, and 32% use a third-party hybrid network security tool. Managing application connectivity risks in the deployment process is changing. Traditional security teams are responsible for identifying and mitigating risk, and this still holds true for 42% of organisations. However, there is a shift happening - 32% of organisations utilise infrastructure as code with embedded security checks, suggesting organisations are beginning to use more automation, leaving less room for human error. Human error leads to significant application downtime. Nearly 75% of organisations have experienced an application outage in the past 12 months, and for over half (52%) of the outages, operational human error and mismanagement was the cause - unsurprising, given the skills gap that has plagued the information security industry. “As cloud native business applications become the standard for business transformation and innovation, the need to incorporate security into the DevOps process is paramount,” says Jade Kahn, Chief Marketing Officer, AlgoSec. “However, cumbersome security processes and lack of visibility are slowing applications’ time-to-market and compromising security in this new paradigm. This research underscores the importance of identifying risk early in the DevOps process and aligning all stakeholders around risk and compliance gaps from the start.”

Ground Labs introduces Enterprise Recon 2.8

Ground Labs has announced the general availability of Enterprise Recon 2.8, the latest version of its award-winning flagship solution. This release enhances support for additional high scale, high volume environments on more Microsoft platforms, including Teams and OneNote, and Salesforce Government Cloud. The latest features extend the number of platforms Enterprise Recon supports for sensitive data scanning of any file type stored on endpoints, servers and cloud environments. As global regulations proliferate and become increasingly stringent, Ground Labs enables enterprises to meet these requirements and avoid heavy financial penalties for noncompliance. Powered by GLASS Technology, Enterprise Recon allows customers to define their own custom data types while maintaining their systems’ performance. “Every day, we hear about another breach, and studies show that companies are often not even aware of a breach until months after it happened,” says Brett Gribble, Head of Product at Ground Labs. “To provide a complete security and data management solution to our customers, we know data discovery must be built into the security strategy. Enterprise Recon supports the industry’s widest number and range of data types to give enterprises maximum visibility and control of their most valuable data assets.” Other key features and benefits of Enterprise Recon 2.8 include the following: ● New global data types: the ability to scan and remediate locations that store unsecured Singapore telephone numbers and next-generation US passport numbers, supporting compliance with the PDPA, CCPA and other related data privacy regulations. ● Data classification: support for the newest Microsoft Information Protection SDK version allows developers to classify and label sensitive content identified in local storage and Windows share locations. ● Reducing false positives: other enhancements to existing capabilities supporting compressed files, Oracle databases and features to further reduce false positives in larger environments have also been added. Enterprise Recon enables organisations to quickly discover, manage and remediate critical categories of data to meet privacy and compliance obligations. Enterprise Recon helps organisations comply with a wide range of international data protection regulations including GDPR, PCI DSS, CCPA, CPRA, HIPAA, PDPA, PIPEDA and CDPA.