Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Commvault: Post-Quantum Cryptography: What Enterprises Must Do Now

Commvault
07/07/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


preparation and regulations and standards that are starting to come to light that people need to start going down this path right now. Hello, everyone. Welcome to Strive, where we explore what it means to be cyber ready, one conversation at a time. But cyber ready isn't a destination. It's a discipline. Hello, everyone. I'm Vidya Shankaran, the host for today's webinar with Michael Fasulo, a fellow PQC expert here at Commvault. Michael, welcome to Strive. Thanks. Thanks for having me today. Sure. So today, post-quantum cryptography is the core area of our discussion. And I want to open it up with two facts that is making every single CISO extremely uncomfortable. One is, of course, the harvest now, decrypt later, where adversaries aren't technically waiting for quantum computers to be ready today, but they are definitely exfiltrating out encrypted data right now, storing it and waiting for when commercially viable quantum computers would be available at their disposal. So you technically will not see a breach having an impact just yet, at least not for the foreseeable future. But at the same time, it's a ticking time bomb. And it's waiting to explode at a moment's notice, the moment that quantum safe computers are going to be commercially viable. And the second uncomfortable truth is, of course, that only 5% of enterprises have deployed quantum safe encryption. Now let's hang on to that particular stat for a minute. Let's pause on it. So when we spoke, Fasulo and I were on a similar session, I want to say eight, nine months ago, we covered the very same topic, post-quantum cryptography. It definitely felt very urgent at the moment, but definitely in today's realm of things, it is critical. So having Fasulo back, it's definitely that much more valuable because the questions that we have in store today targeted at PQC is more around what that means for enterprises that haven't really started on this journey to be quantum safe yet, especially with the accelerated timelines that we keep hearing about where it was probably 10 years, then shrinking down to seven, and now it is at three-year mark. What do you think it actually means for enterprises today? Yeah, totally crazy. So let me start with just validating some of the things that you said. Harvest Now, Decrypt Later, I think since the last time we talked, I would say almost moved from theory and maybe some isolated cases to it's happening and people are reporting on it, right? So the threat of Harvest Now, Decrypt Later is absolutely real. We're seeing reports of adversaries doing this now. The ticking time bomb analogy is probably quite accurate. One of the other things that I think is capturing a lot of the new cycle is recently Google had published that the initial theories about when ECC would get cracked is greatly accelerated from the initial time. So that's where I think that collapsing of the timeline, we're seeing that kind of also playing out. And what's interesting about that is, although that's directly related to like the qubits, and if you start to do some fuzzy math, it still feels like 10 years out, but it doesn't take into consideration any type of algorithmic improvements and things of that nature. So I think as all of those things kind of come together, it creates this perfect storm. Now, in the meantime, that's kind of on the quantum and the algorithm side. You still have regulations. You still got NIST kind of doing their thing. You got FIPS 140-2 being sunset. So you have all of these things kind of coming from all these different angles, causing that pressure. And when you think about the three-year timeline, we're going to start to see the certificate rotation thing come into play. You're going to see this requirement for FIPS 140-3 coming in. You're going to see NIST making greater recommendations on how you're going to have newer algorithms to be quantum resistant. So organizations are going to have to start putting the pedal to the metal and really figuring out how they're going to get this to be deployed across their entire estate. I always talk about the discovery aspect. They're going to have to get a move on on that because this is not an overnight flip-the-switch type of thing. A hundred percent, completely agree with you on that. And something that we talk about between us or with the groups at large, I definitely have seen this growing two distinct camps of customers or two different environments as well, to your point on how regulatory deadlines are definitely looming large. But at the same time, I see the two distinct camps split between the awake, so to speak, you know, the kind of customers who are really at the forefront of things, trying to adapt and adopt what's latest to make sure they are not caught unawares. And there's the paralyzed camp as well that feels a little too overwhelmed, not just by the deadlines that are fast approaching, but also because to your point on the discovery aspect of it, because if you don't do your homework around creating that much needed inventory of what truly benefits from the PQC kind of investments, they are at this point pretty much paralyzed. They are reading the headlines. They know that it's fast approaching, but they just don't know where to get started with, especially from the discovery elements of things. So in that realm of things, where do you see the supply chain actually getting impacted because of all of this? Because there is the standalone entity of an organization that is either awake or paralyzed. But there's also the supply chain implication of an organization not doing anything about it. That means that your organization is going to incur that risk because your own timeline is going to also be whoever you're using for third party or SaaS or, you know, if you're in the hyperscalers, those timelines, you know, they have to be all aligned. And for me, when we talk to customers and prospects and even partners, like cryptography is not a single layer to audit, right? Like you just don't do a baseline discovery and you got all the bits and pieces, right? You got your cryptography, you got firmware, you got code signing, you got your SaaS APIs, like this is all over the place. So that's why I think the urgency for people that are taking the step back and going, yeah, we have to do something in it. I know we have a couple of years. It's almost like that's a breath of fresh air that you have a couple of years because it's going to take a couple of years to get there, especially if you have the inventory. So I know people like fixate on CMDBs and doing these types of discoveries, but it's way deeper than that. It's way wider than that, especially if you're in certain regulated industries or, you know, you got OT in the environment, like it's infinitely complicated. So, you know, that paralysis is very understandable, but you got to start somewhere, right? And for us, obviously providing data and data protection and network pipelines, you know, encrypting data is something that we've always done. And you know, it's a natural extension. So if you got to start somewhere, it's almost like you can start with us and kind of use that as your way to extrapolate it out across the rest of your enterprise. Right. And I wanted to quickly touch on something that you just brought up around, you know, our support for post-quantum cryptographic algorithms and kind of tracing it backwards into, hey, you may not necessarily have the complete view into your estate just today, but you got to start somewhere, which was also kind of interesting because I had a customer who actually said, it looks like the clock started without us. And that's pretty much the status that many organizations are in today. But from your point of view, what would be your best practice recommendation to organizations that want to start prioritizing or creating that inventory that calls out and maps it out to the criticality of that particular line of business to their overall business? What best practice recommendations would you share with the larger audience? Yeah. So a lot of times we always start with, well, being CompVault, it always focuses around the data part first. Inventory the environment and see if you do have extremely long-term sensitive data. Because if you have long-term sensitive data, then your harvest now decrypt later is a problem today versus 2023 or whenever commercially viable quantum is going to be available. So some good examples are biometrics, trade secrets, things of that nature, because those things have a very long shelf life to be sensitive. If you think about like clear, as an example, your face and ocular scans, those things are immutable, right? Like those don't change. So if that data is to leak, that's going to be a major, major problem. So I use those examples for organizations to think about their particular footprint. And if they're on the fence about, should I use something like PQC or not today, like as an immediate need, I kind of use that as the barometer to say, go find that data. If you do have that data, then surgically apply PQC to that particular set of data. Monitor the impact because again, certificates, packets are bigger, there's a whole bunch of other implications. It needs compute to calculate the packet sizes. There's a couple of other things that you need to consider, but obviously you're going to want to do that and treat ultra sensitive data that's got a long shelf life with the appropriate amount of encryption. And then, you know, for everything else, we still continue to have that conversation about using ciphers and things that are resistant to the threats that they have in their environment today or against attackers today. You know, things like S256 for data at risk, we know is going to be pretty quantum resistant of today's standards. So there's a lot of recommendations we can provide. There's a whole KMS angle, dating of certificates, lots of foundational things, MPA, MFA, stuff like that. So if we're starting to have that PQC conversation, we usually start with, let's explore the data and surgically apply it where necessary, and then make sure we're still doing all the other foundational things to protect the data and the estate from the usual stuff that we see. Got it. No, I think that's a fantastic rule of thumb. Anything that has longer term retention, to your point, anything that's going to be retained for seven years, 10 years, or especially in the healthcare business, where it's probably the lifetime of the patient under care, but kind of tying it back into where Commvault can be a value add, especially for customers or people who are not necessarily familiar with the completeness that we provide in terms of our PQC support. Where do you think the MLKEM algorithm in particular complements what customers are trying to do in terms of crypto agility or overall completeness from a PQC support? What does it mean? And if you could break it down for me, please. Sure. And I'm glad you said crypto agility, because I think that's really where we differentiate ourselves, right? Unlike traditional algorithms where it's like, okay, you increase the cipher sizes, change the cipher. Crypto agility allows us to switch. And the reason why that's super important, and you mentioned MLKEM, when NIST was going through and validating and making recommendations for FIPS 203, 204, and 205, there was an algorithm called Psyche. And it's really easy to remember, because if anyone was growing up in the 90s, we were all like, Psyche, when you used to fake someone out. So it's really easy to remember. Psyche made it through three rounds, and then they were able to actually crack it with like a single core CPU. So you just never know. And if we trace that philosophy back to Psyche, what we're even seeing today with HQC, which is another algorithm that uses a different mathematic computation. So KEM uses lattice, whereas HQC uses error correcting codes. NIST understands that if these mathematical calculations somehow get cracked, there needs to be a failsafe. So that's why crypto agility is super important. When we were implementing PQC, we kind of saw the writing on the wall, even though HQC was one of those things that was still kind of not completely approved, and it's still not. I think it's probably going to end up being approved this year, or maybe early next year. They understood that when Psyche got cracked, they probably need a failsafe. And it needs different mathematical proofs. NIST is kind of doing the work to do that. And then if you've been watching the news, there's even another nine algorithms that they're kind of going through and putting them through its paces. So NIST is going to continually do that. So fast forward to what we implemented. We implemented MLKEM, we implemented MLDSA, and then we have a couple other algorithms that are not super optimized, but they're possibilities for us to switch to. And then we even have the ability to switch to HQC, just in case. So again, as these algorithms are being used to protect our pipelines and making sure that if data was exfiltrated, they are completely quantum resistant to today's standards. If those were to get cracked at some future point, for us, it's a flip of the switch. We can switch algorithms. And because of crypto agility and the way our encryption framework works, you would be able to re-encrypt the data with the new ciphers right out the gate, where we're looking at that as fully protecting our customers based not only for today, but also for tomorrow. And keep a close eye on what NIST is doing so that as these changes in the landscape happen, whether they be more secure, or maybe there's optimizations that are made, because again, you're going to need some compute, you're going to need some networking packet changes like MTUs. Those things are going to happen. We continue to keep a finger on the pulse just so that we can provide not only that optionality, but the best balance of security and performance for our customers to meet all their different needs. You did touch upon the adjusting of MTUs as such. So would it be fair to say that PQC does not necessarily require a massive infrastructure overhaul? If yes, what would be the key considerations if someone is evaluating options with Commvault for the PQC enablement on their traffic, especially from a data protection standpoint? Yeah, with KEM and DSA, we're pretty good, no network changes or whatnot. But as NIST has been looking at these other new ciphers, depending on how complex these things need to be, there's going to need to be changes to both the compute and the network layer to compensate for it. And if you think about like the biometric stuff we were talking about today, just the thought that a single cipher could be cracked is problematic. So we're even seeing organizations taking a three cipher approach, which means that if someone was to steal those chunks, they would have to solve three different mathematical puzzles to actually crack that data open. We're even starting to see like the nuclear option being talked about and explored just to protect stuff not only for the distant future, but the distant, distant future, which is crazy, but it's pretty cool. Now, what you talked about just now, especially on the three cipher approach, that is extremely fascinating because when the rubber hits the road, that's where it would be worthwhile to see how arduous the entire operation, operational process would be. Yeah, it's going to be crazy. But I think at some point, there's going to be some data that they can't simply take the risk. So those are going to be approaches that, you know, certain organizations probably say like government, you know, nuclear launch code type of thing will probably take approaches like that just because there's so much unknown. And if that's going to be the most secure way to do things today, they'll probably, you know, opt to do those things. But, you know, at least from a Commvault standpoint, I don't see that in front of us, at least for the foreseeable future, but it's out there. I'm fairly certain that's going to be a real world challenge coming up real soon. But at the same time, especially with the growing geopolitical tensions all around us, which industries do you think are the furthest along? And what do you think, because, you know, given the practice that we've encouraged within Commvault as a culture, which is keep the constant feedback loop between customers and our engineering and products team going, what do you think we are learning from them to inform our roadmap and how we continue to innovate in this space? Which industries do you think are the furthest along? I would say financial services, government, and anything that's like federal adjacent, healthcare and critical infrastructure like oil and gas. And you know, if you squint at all of these, all of them have very long-term sensitive data and there's a lot to lose if that data is to leak. So I think each one of them does have unique approaches and conversations that at least I've had with them. And when you think about since we last talked, each one of them bring a lot of different validity and good talking points to why this is a today problem for them and how they're looking at the surrounding cryptographic posture of their environment is top of mind for them. So I'm sure there's going to be plenty of listeners that are like, look, this doesn't apply to me. But even when you discuss just generalized cryptography or maybe the lack thereof and the lack of preparation, I would say nine months from when we last talked, there's a lot more information and preparation and regulations and standards that are starting to come to light that people need to start going down this path right now. And as I go to reInvents and the Ignites and the Builds and the Gartner SRMs, I always go to the quantum sessions and every single one of them has a organization from one of the four verticals that I had just mentioned talking about their journey and why they had to do it and then talking about how they're securing our data, meaning like as customers of these organizations, especially when you talk about banks and stuff, how they're securing our data to make sure that we can sleep at night and our money and plans and government stuff is all secured. It's kind of refreshing to see that. And then as you extrapolate what they're doing to the common enterprise, we can easily see that it's directly in front of us and we're going to have to start peeling back that onion and start to deploy these things so that when the Q day does come, we'll be prepared whether we like it or not, it's going to come. So it's something to prepare for. But I think a lot of the answers are a lot more clear than they were nine months ago. Makes a lot of sense. Thank you so much for sharing that, Mike. Before I let you go, I have one final question for you. Where does Commvault stand competitively? I would love to hear your thoughts around this. I know we are at the forefront and we will continue to be. I hope that our competitors do catch up because for all their customers that are certainly in those industries, they're going to need this type of protection, especially if they're making secondary copies of our data. And one of the things that I think is worth mentioning is, you know, when we talk about harvest now, decrypt later, I think people think they're going to just, you know, break into an environment and, you know, hit a data repository and just steal a bunch of data. These sophisticated threat actors are not doing that, right? They work for service providers and they're stealing stuff off the wire. And what's interesting is when there was all those news articles about the fiber optic cables in the ocean getting cut, the first thing I thought was this is threat actors like directly stealing stuff. I think what you're going to start to see is very nontraditional approaches to exfiltration of the whole thing with these frontier AI models, with, you know, exploiting vulnerabilities and CVEs. Like, I think we're going to see this, this crazy wave of data being exploited and, and obviously exfiltrated. And that's much easier than, you know, tapping fiber optic cables in the ocean. You know, there's going to be all these multitude of ways that data is going to be exfiltrated. We want to make sure that our customers are prepared, not only for, you know, what I would say are like those star Wars use cases, but also the traditional ones that we're starting to see be re-imagined with AI. So, you know, I've always got your back. There's people like Vivia and myself and, you know, the, the engineering team and some of the other experts in the organizations that are making sure that for the customers that need this kind of protection, we're delivering it for them. And we do it with, you know, relatively low friction and we try to stay, you know, with our fingers on the pulse against NIST and FedRAMP and all the other things. So really delivering a resilient platform is, is our ultimate goal. You know, for those who don't know me, I love to win. So we're going to continue to be number one when it comes to PQC. Perfect. That was a lovely roundup of our discussion there, Mike. Thank you so much for being here. This is exactly the kind of conversation our listeners need to be having. And thank you to everyone tuning in to Strive. Until next time, stay cyber safe and cyber ready. Thanks for having me. If anyone wants to connect, feel free to reach out to me on LinkedIn or hit me up at Commvault.

TL;DR

  • Harvest Now, Decrypt Later attacks are actively occurring today — adversaries are collecting encrypted data now and storing it for future quantum decryption, making this a present-day risk rather than a distant theoretical threat.
  • Cryptographic discovery is the critical first step toward quantum readiness, but it extends far beyond internal systems to include firmware, SaaS APIs, code signing, OT environments, and the entire third-party supply chain.
  • Organizations should prioritize PQC adoption for long-term sensitive data — biometrics, trade secrets, patient records — where the data's sensitivity will outlast current encryption standards by years or decades.
  • Crypto agility, the ability to switch cryptographic algorithms rapidly as NIST standards evolve, is essential because no single algorithm can be assumed permanent — as demonstrated by the SIKE algorithm being cracked after three rounds of NIST validation.
  • Financial services, government, healthcare, and critical infrastructure are the furthest along in PQC adoption, and their implementation journeys are increasingly being shared publicly at major industry conferences.

Why PQC Is an Immediate Enterprise Risk

This episode of Commvault's STRIVE series brings together host Vidya Shankaran and PQC expert Michael Fasulo for a focused conversation on why post-quantum cryptography has moved from a theoretical future concern to an active operational priority. The discussion opens with two uncomfortable realities facing security leaders: Harvest Now, Decrypt Later attacks are already occurring — adversaries are exfiltrating encrypted data today and stockpiling it for decryption once commercially viable quantum computers arrive — and only 5% of enterprises have deployed quantum-safe encryption. Fasulo notes that since a previous conversation roughly nine months prior, the threat has shifted from isolated theory to documented, reported incidents. Compounding the urgency, Google's recent research has significantly accelerated projected timelines for breaking elliptic curve cryptography, and regulatory pressure from NIST — including the sunset of FIPS 140-2 and the forthcoming FIPS 140-3 requirement — is adding further momentum. The window organizations assumed they had is narrowing faster than most planning cycles anticipated.

Discovery, Supply Chain, and Where to Start

Fasulo frames cryptographic discovery as the essential first step, and one that is far more complex than a standard CMDB audit. Cryptographic dependencies span firmware, code signing, SaaS APIs, and OT environments, making a complete inventory a multi-year undertaking for most organizations. He identifies two distinct customer camps: those actively preparing and those paralyzed by the scope of the problem. For the latter, his practical guidance is to begin with data — specifically, identify any long-term sensitive data such as biometrics, trade secrets, or patient health records that would remain sensitive for a decade or more. These datasets represent the highest-priority targets for surgical PQC application today. He also highlights supply chain risk: an organization's quantum readiness is only as strong as its third-party vendors, hyperscalers, and SaaS providers, meaning the discovery process must extend beyond internal infrastructure to the full ecosystem of cryptographic dependencies.

Commvault's PQC Approach and Crypto Agility

Fasulo explains Commvault's implementation of MLKEM and MLDSA algorithms, along with the architectural decision to build crypto agility into the platform — the ability to switch cryptographic algorithms rapidly as standards evolve. He uses the example of the SIKE algorithm, which passed three rounds of NIST evaluation before being cracked with a single-core CPU, to illustrate why no single algorithm can be treated as permanent. Commvault has also built in the ability to transition to HQC, which uses error-correcting codes rather than lattice mathematics, providing a mathematically distinct failsafe. On infrastructure impact, Fasulo notes that current MLKEM and DSA implementations require no network changes, though more complex future ciphers may require compute and MTU adjustments. He also references emerging three-cipher approaches being explored for the most sensitive data classifications — a layered strategy requiring an adversary to solve three independent mathematical problems to access protected data. Commvault's stated goal is to deliver this protection with low operational friction while maintaining alignment with NIST, FedRAMP, and evolving standards.

Industry Adoption and Competitive Positioning

Financial services, government and federal-adjacent organizations, healthcare, and critical infrastructure sectors such as oil and gas are identified as the furthest along in PQC adoption — all sharing the common characteristic of managing long-term sensitive data with significant consequences for exposure. Fasulo reports that at major industry events including AWS re:Invent, Microsoft Ignite, Google Cloud Next, and Gartner SRM, quantum security sessions now regularly feature organizations from these verticals sharing their implementation journeys. On competitive positioning, Fasulo states directly that Commvault is at the forefront of PQC support and expresses a desire for competitors to catch up — framing it as a market-wide necessity given that backup and secondary copy environments are prime targets for Harvest Now, Decrypt Later exfiltration. He also flags an evolving threat landscape in which AI-assisted exploitation of CVEs and nontraditional exfiltration methods will accelerate data theft, reinforcing the urgency of quantum-safe data protection across the enterprise.

Chapters

0:00 - Introduction and Context
2:18 - Urgency of PQC Today
6:06 - Supply Chain Cryptographic Risk
9:34 - Best Practices for Getting Started
11:05 - MLKEM, MLDSA, and Crypto Agility
14:12 - Infrastructure and Multi-Cipher Approaches
16:35 - Industry Leaders and Competitive Position
21:37 - Closing Remarks

Key Quotes

3:03 "The threat of Harvest Now, Decrypt Later is absolutely real. We're seeing reports of adversaries doing this now."
4:04 "You still have regulations. You still got NIST kind of doing their thing. You got FIPS 140-2 being sunset. So you have all of these things kind of coming from all these different angles, causing that pressure."
8:06 "It looks like the clock started without us. And that's pretty much the status that many organizations are in today."
12:08 "Psyche made it through three rounds, and then they were able to actually crack it with like a single core CPU. So you just never know."
13:54 "If those were to get cracked at some future point, for us, it's a flip of the switch. We can switch algorithms."
19:19 "When the Q day does come, we'll be prepared whether we like it or not, it's going to come. So it's something to prepare for. But I think a lot of the answers are a lot more clear than they were nine months ago."
21:33 "For those who don't know me, I love to win. So we're going to continue to be number one when it comes to PQC."

FAQ

What is Harvest Now, Decrypt Later and why does it matter today?

Harvest Now, Decrypt Later is an attack strategy in which adversaries exfiltrate encrypted data now and store it until quantum computers capable of breaking current encryption become available. Fasulo confirms this has moved from theory to documented incidents, meaning organizations holding long-term sensitive data — biometrics, trade secrets, patient records — face real exposure today even though the decryption capability does not yet exist.

Where should an organization start if it has not yet begun its PQC journey?

Fasulo recommends starting with a data-focused inventory to identify long-term sensitive data — anything that must remain confidential for seven, ten, or more years. Once identified, PQC should be surgically applied to that data first, while continuing foundational practices like strong cipher selection, MFA, and certificate management for the broader environment. The supply chain must also be audited, as third-party and SaaS dependencies carry their own cryptographic risk.

Does adopting PQC require a major infrastructure overhaul?

For current MLKEM and MLDSA implementations, Fasulo says no significant network changes are required. However, as NIST evaluates and potentially approves more complex algorithms, organizations may need to adjust compute capacity and network MTU settings. More advanced multi-cipher approaches being explored for the most sensitive data classifications will carry greater operational complexity, but standard enterprise PQC adoption can begin without a full infrastructure rebuild.


Categories:
  • » Webinar Library » Commvault
  • » Data Protection » Backup & Recovery
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Data Protection
  • Threat Intelligence
  • Compliance & Governance
  • Security Operations
  • Best Practices
  • Webinar
  • Technical Deep Dive
  • Post-Quantum Cryptography
  • Harvest Now Decrypt Later
  • Crypto Agility
  • NIST PQC Standards
  • Cryptographic Discovery
  • Q-Day Readiness
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Commvault: Post-Quantum Cryptography: What Enterprises Must Do Now

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Level Security Team for Unmatched Defense Success
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-level-security-team-for-unmatched-defense-success/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in AI Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Innovations in Data Privacy and Digital Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-innovations-in-data-privacy-and-digital-protection/
              • 07/22/2026
                01:00 PM
                07/22/2026
                Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 07/29/2026
                01:00 PM
                07/29/2026
                Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting a Championship-Level Security Team for Unmatched Defense Success

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in AI Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        22

                        Insights and Innovations in Data Privacy and Digital Protection

                        07/22/202606:30 AM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version