We’re deep into Day 2 here at the Gartner Security & Risk Management Summit, and while the AI buzz hasn’t slowed down, today’s sessions brought a bit more balance. Less hype, more hard truth. We dug into some uncomfortable realities around DLP, machine identity sprawl, and the very real risks quantum computing poses to existing encryption models.
Here are five takeaways that stuck with me during Day 2’s sessions that will be on my mind permanently going forward.
Takeaway 1. DLP Isn’t Doing What You Think It Is.
If I had a dollar for every org that deployed a DLP tool thinking they were “covered,” I’d have, well you know how the line goes. But today’s sessions made it clear: most DLP solutions are reactive, disconnected from threat detection, and built on labels that are wrong, missing, or never fully deployed.
One stat that hit hard:
90% of permissions in customer environments are excessive. That’s from Microsoft, and it’s one of the root causes of overexposure, especially when AI tools like Copilot start surfacing sensitive data in seconds.
“Context is everything. When you pair that with action, you get incredible results.” — Cliff Embry, Varonis
Tampa General Hospital was the case in point: they reduced data overexposure by 99.8% in just 10 days, with zero support tickets, by focusing on context-aware automation, not just policy sprawl.
Takeaway 2. Machine Identities Are Taking Over.
Human users aren’t your biggest identity challenge anymore. CyberArk reported that for every one employee, enterprises now manage 82 machine identities, up from 45 last year. That’s not a trend. That’s a tidal wave.
And it’s not just about volume. With certificate expiration timelines shrinking (some under 47 days), the margin for error is disappearing.
“We’re reaching the point where expired certificates can bring down global operations. The old ‘set it and forget it’ model doesn’t work anymore.”
It’s time to treat machine identities like what they are: privileged, high-risk access points that require just as much oversight as your users, if not more.
Takeaway 3. Quantum Computing Is a Security Problem, Not a Science Project.
I’ll admit… To me, quantum threats used to feel theoretical. Well, not anymore.
Sessions today made it clear that quantum computing has the potential to break widely used encryption standards, and that the timeline is shrinking. VPNs, TLS, PKI, all vulnerable unless we start preparing now.
“What used to take years to decrypt could soon take hours. Quantum computing isn’t coming, it’s here.”
If you have questions about Quantum computing and want to understand how it can benefit your team, please reach out. Our team would love to talk with you and explore this together.
Takeaway 4. Your Tabletop Exercises Might Be Useless.
Incident response planning is only valuable if it works under pressure, and most IR plans fall apart in practice.
Gartner’s session on IR planning emphasized something I’ve seen too often: no executive sponsorship, no clarity, no coordination across teams.
“If your executive team isn’t part of the planning process, you should decline the opportunity to write the plan.” — Eric Ahlm, Gartner
The best tabletop exercises:
- Are facilitated by third parties who’ve handled real breaches
- Involve everyone, not just IT
- Focus on simplicity, speed, and shared language
Otherwise, you’re just running a simulation that no one will follow when it counts.
Takeaway 5. DLP and Access Control Can’t Live in Silos.
I’ve always thought of access control and DLP as adjacent, but today’s conversations reminded me they’re more like co-dependent.
Access control needs good classification to know what it’s protecting. DLP needs access controls to actually enforce anything. But in practice? Most orgs treat them like two separate efforts, and that’s exactly when sensitive data slips through.
“You can’t stop what you can’t see. And if you don’t label it right, you won’t stop it.”
There’s a lot to rethink here… And I’m bringing these conversations back to our team.
We’ve got one more day on-site, and I’m already seeing the gears turning around how we fine-tune our internal playbooks. The sessions today weren’t just technical, they were operationally relevant, immediately actionable, and extremely insightful. Which is exactly what we come here for.
Stay tuned for Day 3.
Dan Marschall | Director of IT Operations
Michael Gates | Lead Security Engineer
