The Lateral Movement

Sign in Subscribe

compliance-automation

A photograph of a long, poorly-lit row of racks from floor to ceiling holding hard drives

Harvest Now, Decrypt Later: The Encryption Threat That's Already Here

Quantum computers can't break your encryption yet. That's not stopping anyone from collecting it anyway. Here's what HNDL actually means for your organization, who's behind it, and what a rational response looks like in 2026.

Building Your First ISMS: What ISO 27001 Actually Requires (vs. What Consultants Tell You It Does)

Building Your First ISMS: What ISO 27001 Actually Requires (vs. What Consultants Tell You It Does)

ISO 27001 projects routinely cost two or three times what they should. Not because the standard is that demanding, but because nobody's telling you what it actually requires.

Your AI Vendor Risk Assessment Is Missing Half the Story

Your AI Vendor Risk Assessment Is Missing Half the Story

Your standard vendor risk questionnaire will pass Anthropic without breaking a sweat. That doesn't mean you've actually assessed the risk. Here's what to ask instead.

A top-down image a mobile phone showing the Claude launch scree next to two drinks with square ice cubes in them.

Is Claude Safe for Enterprise Use? A GRC Practitioner's Breakdown

Most organizations using Claude are on the wrong plan for the work they're doing with it. Here's what the data policies actually say, what your employees are probably doing right now, and what a real vendor risk assessment looks like.