TBW ADVISORS LLC

Blog

Whisper Report: How can organizations implement zero-trust security without disrupting user experience?
Published to clients: July 23, 2025 ID: TBW2084

Published to Readers: July 24, 2025

Published to Email Whispers: TBD

Analyst(s): Dr. Doreen Galli

Photojournalist(s): Dr. Doreen Galli

ABSTRACT:

“Organizations can implement zero-trust security without disrupting user experience by prioritizing frictionless authentication, especially biometrics, and enforcing least-privilege access through dynamic policies. Understanding user context and behavior enables informed decisions that preserve continuity. Self-service access tools reduce delays, while streamlined verification processes minimize frustration. With thoughtful planning and clear communication, zero trust can enhance both security and usability, ensuring users access only what they need—when they need it—without unnecessary barriers. This report includes insights from executives and technologists at CyberSolve, Lumos, Imprivata, Simeio, Panani, Keyless, Oasis, Apono, Omada, and Cubeless, quoted throughout the discussion.”

Target Audience Titles:
- Chief Information Security Officer, Chief Technology Officer, Chief Digital Officer, Chief Information Officer
- Chief Product Officer, Chief Experience Officer
- IAM engineers, Security Architects, DevSecOps Engineers, UX Designers, IT Ops Managers, Application Security Architects
Key Takeaways
- Use biometric authentication to streamline access and reduce friction for users.
- Apply least-privilege policies with dynamic adjustments to maintain secure, appropriate access.
- Enable self-service access changes to minimize delays and improve user experience.
- Understand user context and behavior to make informed, non-disruptive security decisions.
How can organizations implement zero-trust security without disrupting user experience?

We took the most frequently asked and most urgent technology questions straight to the Technologists gathering at Identiverse 2025 held at Mandalay Bay in Las Vegas. This Whisper Report addresses the question regarding how can organizations implement zero-trust security without disrupting user experience?

What is the desired user experience?

At the end of the day, the goal is, as Imprivata’s Diron Chai put it, “authentication and visibility and control to making sure that you know the right people are accessing the data whether remotely or within the organization in terms of their role and their functionality and then be a being able to understand who’s in the system when and why that all ladders up to a zero-trust architecture that we’re able to bring forth in a full architecture.” Reaching this goal won’t be easy but as Simeio’s Octavio Lopez emphasized, “There’s a lot of communication that needs to happen and that’s something that we help a lot of our customers with.” A lot of communication and planning with the customers’ experience kept in mind. Here are five suggestions attendees at Identiverse offered also depicted in Figure 1.

1. Go Frictionless with Bio

One common suggestions to deploy biometric based identity and access management solution. As Panani’s Jim Harris suggested, “make the authentication of your customer as frictionless as possible a one-time identity verification process establishes that customer in the future they present a simple credential match their biometric information to the information stored in the credential that they own and control making it a very frictionless fast way to authenticate with your customer.” And this is something Alex Jones from Keyless can also agree with! “going to pitch biometrics this is the fastest way to prove who you are effectively implementing zero trust.”

2. Understand User Context

Guy Feinberg at Oasis suggests that understanding the user context is the winning approach. He started by simply asking “Are you familiar with the scream test?” For those of you not familiar, one not uncommon method in IT to understand how a resource, in this case an identity, is used by disconnecting or unplugging the resource and see who screams. Feinberg went on to further explain, “when you want to understand what’s this identity is used for so what you do you decommission it and just see who’s at the open space is screaming that something is broke. We do we help you construct all the context around the consumption of that identity so you can see the full picture before you’re taking actions so you’ll have informed actions deciding do we need this type of identity now uh should we change the permission should we decommissioning it completely all without disrupting the workforce and making sure that business continuity stays on and nothing is disrupted aspects of this.”

3. Understand User behaviour

Beyond the context of what the user is using, Imprivata’s Diron Chai recommends also understanding the how and the when. “ Being able to inject simple multifactor authentication into the environment at the local level also being able to track the behavior of credentials of people accessing like Windows endpoints as an example or mobile devices and be able to have the analytics to show utilization of the endpoint but also who what when was accessed within that session.”

4. Use Self-Service

To maintain the best user experience, Apono’s Ofir Stein recommends getting the human out of the loop. “you keep the user experience by allowing self-serve in your organization to provide access changes combine these two and you actually provide zero trust to all of the resources.”

5. Leverage Dynamic Policies

Omada’s Craig Ramsay highlighted the potential behind dynamic policies. “By using dynamic and continuous policies to make sure that their access is appropriate and it’s always at that level of least privilege and then it’s granted, when they join the organization, and as they move around the organization, and it stays appropriate.” It’s always nice when your privileges keep up with organizational changes – without human intervention or manual configuration.

In Conclusion

As Cubeless’ Treb Ryan concluded, “I find zero trust has greatly enhanced our user experiences and greatly made my job easier in the old days where there’s systems where you had to figure out which networks could connect or who would have access to what particular piece it was a nightmare.”

Finally Lumos’s Janani Nagarajan reminded all, “not just in the networking layer not just in the app layer but a critical layer for us is identities because that’s where the workforce the humans the employees the contractors the vendors your customers are actually interacting with the apps.” Identities is the key to minimizing friction for the users in zero trust. If your organization is implementing a zero trust architecture and want to ensure you are on the right track, remember to book an inquiry.

Related playlists & References
Corporate Headquarters

2884 Grand Helios Way

Henderson, NV 89052

©2019-2026 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, Whisper Club, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.
July 23, 2025
Whisper Report: What are the best practices for integrating cloud technologies in media workflows?
Published to clients: July 16, 2025 ID: TBW2077

Published to Readers: July 17, 2025

Whisper Club Release: December 15, 2025

Public and Video Edition: December 17, 2025

Analyst(s): Dr. Doreen Galli

Photojournalist(s): Dr. Doreen Galli

Abstract:

“Media companies now favor hybrid cloud workflows for flexibility, speed, and cost-efficiency. Open standards ensure interoperability, while strong security protects valuable IP. Experts stress aligning cloud use with business goals, maintaining control and visibility, and using cloud strategically—not universally—to optimize collaboration, performance, and infrastructure investment.”

Target Audience Titles:
- Chief Technology Officer, Chief Digital Officer,
- Chief Data Officer, Chief Marketing Officer, Chief Content Officer
- VP Engineering, VP Media Technology, Dir Cloud Strategy, Dir Media Ops, Head of post production, Direct of IT Infrastructure
- Cloud Solution Architects, Media System engineers, DevOps Engineer, Video Platform Engineer, Broadcast Engineer, Post Production Engineer, Media Workflow Specialist, Software Engineer, Storage and Archiving Engineer, SRE
Key Takeaways
- Hybrid workflows balance cloud flexibility with on-prem performance and cost control.
- Open standards ensure seamless integration across media tools and platforms.
- Strong security protects media IP with access control and audit trails.
- Cloud strategy should align with business goals, not just follow trends.
What are the best practices for integrating cloud technologies in media workflows?

We took the most frequently asked and most urgent technology questions straight to the Technology experts gathering at NAB Show 2025 held in Las Vegas at the Las Vegas Convention Center. This Whisper Report addresses the question regarding what are the best practices for integrating cloud technologies in media workflows?

Media and the Cloud

Its been fascinating to watch the Media’s use of the cloud the last handful of years. As Axle.ai’s Sam Bogoch observed, “during covid people would just put things in the cloud willy-nilly because there was no reason to put it anywhere else. They didn’t go to their offices. There was no on premise. There was no concentration of work.” Furthermore, as Dell Technologies’ Tom Burns pointed out, “The promise of cloud was that you didn’t have to own or maintain infrastructure and that’s been awesome.”

Or as Ross’s David Green observed, “they don’t have to have a large upfront capital investment.” Thus when there was no concentration of workers or work, the lack of capital investment and no need for infrastructure maintenance was quite attractive. But its important to keep in mind as Ross’s David Green further explained, “cloud is just a technology – not a solution.” Thus, in the post-COVID world, Media has been rebalancing how as an industry it works with cloud.

Standard Open Systems

Regardless of where you put your workload for what part of the media workflow, the technologies involved must work together. Latakoo’s Jade Kurian gave us a great example, “if I have one company that does transcription let’s say really really well but it’s no connected to my media workflow. Then if I start using that as an enterprise media company, then the problem is I’ve created something that slows down my team even though I’m trying to make it faster for them.” To prevent the slowdown from incompatible tools, Cinnafilm’s Dom Jackson suggested, “to make sure that all of these technologies are using somewhat standardized APIs and ontologies and so on to allow somewhat atomic solutions to be combined easily into larger workflows.” In other words as Magnify’s Ken Ruck summarized, “the best ways to be open and not be a closed system.” The goal, as summarized by Jade Kurian, “it is all about speed -speed from camera to that pane of glass that exists that somebody’s watching on the other end”

Secure Media

Regardless of where your solution executes or where the media resides, protecting that media is absolutely critical. As Eon Media’s Greg Morrow simply stated, “media companies are built on their intellectual property so protection of their IP is incredibly important.” As warned during our coverage of Conference Whispers: NAB Show 2025, just because a technology can share media, doesn’t mean it does so securely with an audit trail. Lucidlink’s Gergana Berman further cautioned, “a lot of providers out there might claim that they have a very secure solution, but you have to check for yourself.” If this is an area your team is concerned with, clients should book an inquiry before purchasing the technology. In 2025, it is also critical to check the terms and conditions of any AI technologies leveraged. As Gergana Berman further explained, “ make sure their terms and conditions are not saying they can use your media copyrighted media.” Or as the saying goes, don’t use free products for when something is free – you are the product. In this case the valuable IP is the product of the media company for which you are working.

Some solutions have built in capabilities to assist in protecting your intellectual property. Greg Morrow pointed out that Eon Media’s solution has, “three levels of watermarking that we produce So we have produce a visible watermark on the asset and an invisible watermark.” Leostream’s Karen Gondoly perhaps best summarized the totality of the need, “I need to have control of my data. I need to have control of who has access to it. I want to secure that data so I want to make sure that I’m authorizing users correctly. I want to make sure that I’m using zero trust principles when I’m providing access to people. I need visibility. I want to make sure I always know who has access to my data what they’re doing with it where they’re accessing it from.” In other words, I don’t just need to be able to control it, I need a full audit trail of the five w’s for my data. Who accessed, What was accessed, When accessed, Where accessed and Why accessed as depicted in Figure 1.

Hybrid Solutions

Today, most media companies have settled into hybrid architectures involving a combination of on premise and cloud technologies. Strada’s Michael Cioni best summarized, “no one can actually put everything in one cloud. There’s too many collaborators. There’s too many different clouds. There’s too many pros and cons to clouds and nobody has enough money to store everything there So I think the best practices for integrating cloud into your workflow is to actually look for alternative solutions that may not use the cloud in the traditional ways and figure out how to collaborate across clouds versus putting everything in one place.” So what should go where? One can observe, those with on-premise based solutions have different answers vs those with predominantly cloud based solutions. Ross’s David Green recommends, “to not start with I want to do cloud the key is to start with why do I want to use cloud and then figure out who can help you solve those.”

SNS’s Alex Hlvarty cautions, “we can’t control internet outages or data breaches or things like that are mitigated by making sure that you keep your own assets on site in your possession but then utilizing cloud for its very clear benefits as far as making things available to people all over the world through one single portal.” Axle.ai’s Sam Bogoch also likes to keep things he is actively working on close. “on premise the things that you’re immediately working on because it does not make sense to keep asking for them politely from the cloud when you’re getting work done much faster on premise and meanwhile things like archive and backup clearly belong in the cloud.” From a capitalization perspective, Dell Technologies Tom Burn’s recommends an extension of a common metaphor. “let’s think of the old rocks pebbles sand metaphor where rocks are the fully capitalized on prem infrastructure that you need to keep 99.9% utilized and the pebbles are the project-based uses of compute and storage that aren’t part of your base commit and don’t hit your ybudget and the sand is the pure burstable joy that is the public hyperscalers. We’re looking at hybrid workflows that combine all three screening up.”

Once again, clients should schedule an inquiry to review your hybrid media architecture against your organizational priorities.

Related playlists
Corporate Headquarters

2884 Grand Helios Way

Henderson, NV 89052

©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

Research available only to clients at this time.
July 16, 2025
Whisper Report: How can we ensure compliance with new and evolving Cyber Physical security regulations?
Published to clients: July 10, 2025 ID: 2075

Published to Whisper Club: December 19, 2025

Email Whispers Release: March 23, 2026

Public: March 24, 2026

Analyst(s): Dr. Doreen Galli

Photojournalist(s): Dr. Doreen Galli

Abstract:

Cyber-physical security, like healthcare tech, must carefully manage PII. Experts highlight privacy-preserving biometrics, user-controlled consent, and anonymous face matching. Regulatory compliance, such as GDPR, drives standardization and innovation. As laws vary by region, adaptable and consistent global system architectures are essential for scalable, secure, and compliant operations.

Target Audience Titles:
- Chief Technology Officer, Chief Security Officer, Chief Information and Security Officer, Chief Trust Officer, Chief Compliance Officer, Chief Risk Officer
- Head of Product, VP of Product, Chief Marking Officer, Data Protection Officer,
- Enterprise Architect, Director of Data Protection, Director of Data Governance, Chief Privacy Officer
Key Takeaways
- Privacy-first design: Cyber-physical systems must protect PII using encrypted biometrics, local storage, and user-controlled consent mechanisms.
- Anonymity matters: Face matching enables identity verification without revealing personal data, preserving user anonymity.
- Compliance drives innovation: Regulations like GDPR standardize data practices and encourage secure, privacy-focused system development.
- Global consistency is key: Scalable, compliant operations require adaptable, non-proprietary architectures across diverse regions and regulatory environments.
How can we ensure compliance with new and evolving Cyber Physical security regulations?

We took the most frequently asked and most urgent technology questions straight to the cyber physical security experts gathering at ISC West 2025. This Whisper Report addresses the question regarding how can we ensure compliance with new and evolving cyber physical security regulations? We will know explore the four signs you are on the correct path as depicted in Figure 1.

Data Privacy

One very interesting aspect of the cyber physical security space that reminds of healthcare tech is the handling of PII or personally identifiable information data. As Safr’s John Cassie shared, in the cyber physical space it, “has a lot to do with what we talked about as far as PII and how we manage data.” Or as LVT’s Steve Lindsey observed, “what we call private or data of sovereignty .. from a data security perspective the technology and the architectures of how these systems are built really have to be in place to address that the PII information really comes down to our use of AI.”

Fortunately, the regulations for privacy include related standards for vendors. As Intel’s RealSense’s Mike Nielsen noted, “I have been very excited about the Privacy preservation of biometric data is really possible now so I can get a template of a human being from their face that can be stored and encrypted it can be handed back to me so in my pocket.”

Managing user consent is a must to achieve privacy in the cyber physical space. Bioconnect’s Edsel Shreve argued, “in privacy where more and more controls going in the user’s hand to say yes I am allowing you to use my biometric. If I ever want to revoke that consent I need proof that you deleted my data and that it’s no longer being used.” He further explained, “we build in to both a upfront gather consent with an audit trail that says okay the user provided consent we didn’t just check a box and say yeah.” Furthermore, the solution must realize the full lifecycle of permission. Edsel Shreve further explained, “you can just do regular maintenance and go in and say who hasn’t authenticated in 6 months what are we going to do with that data right do we want to delete the template or just alert the person or alert an administrator.”

Anonymity

Anonymity has to do with the lack of the ability to identify the person. As LVT’s Steve Lindsey commented, “there’s a difference between facial recognition and face matching right.” Facial recognition includes identification while facial matching allows the face to remain anonymous. A great example was revealed by Intel’s RealSense’s Mike Nielsen.

“I’ve actually got a version of my this QR code is my face template. From this is 512 bytes it’s a it’s just a simple Vector map that looks at 80 points on my face but it’s mine. This isn’t siting in a database somewhere. This isn’t living on somebody’s server. This is physically in my pocket as a badge. I can then apply that (badge) by walking up to one of our devices – one of our cameras have the scan. It pulls in that QR code, evaluates what that template looks like. Then I look at the camera it pulls the template from my actual face and compares the two. The cool thing about the techniques that is it’s privacy preserving by definition it never leaves the device it can be dissolved immediately and you never have to send a picture or any personally identifiable info anywhere outside of me scanning my badge. Then the device makes sure I can unlock that door.”

Thus, this example achieves privacy and anonymity.

Regulatory Compliance

When it comes to cybersecurity and data governance – there are the things you want to do as an organization based on your public commitments such as your privacy statements. Then, there are requirements which are legal requirements sometimes coming from a location and sometimes defined based on your industry referred to as regulatory compliance. As LVT’s Steve Lindsey put it, “we think about the problem in the context of the of the compliance and Regulatory things that we have to have as we’re designing and building this stuff from the beginning.” Furthermore, since we are dealing with cyber physical security,

The best part about regulatory compliance according to Intel RealSense’s Mike Nielsen is, “they’re really well defined at least in the case of like GDPR so GDPR has very strange requirements on how to use PII but specifically how to use sensitive PII like biometric information one of the things that we’ve seen help move the industry forward ironically is having the regulation in place allows people to have a Level Playing Field.” That means that vendors will not be penalized for taking the more difficult road by protecting the customer as all must take equal precautions. Gary Chen of EverFocus noted, “to ensure that we have keep our regulations up to date, we need to keep advancing our technology and mostly from our end installers that will be the key .. also keep good connection with your customer.”

Requirements evolve by location as every product vendor will realize. “One of the things that’s occurring is that whether it’s in Europe or in each state coming up with new requirements for both security of data and compliance.” Edsel Shreve, Bioconnect. When faced with this challenge, it is always best to step back and see how to adjust the architecture to accommodate this capability as a configurable option vs to create a product branch. Today’s regulations in location A become tomorrow’s regulation in location Z. One can then configure at the system level as regulations evolve in different locations.

Finally, it is important to keep in mind the architecture must accommodate the cyber physical security space. who has “from an access control standpoint is not only managing who has access in and out of the mine but also incorporating some functionality around safety who’s completed what safety classes and if they haven’t completed the proper classes then we have the ability to manage access control based on what needs to happen.” Cyber physical security includes the physical safety of the employees themselves and all that goes into ensuring safety compliance regulations are met – in each location.

Consistent Architecture

The complexity of cyber physical security is magnified in organizations the wider the physical disparity across country and continental boundaries. As one might expect, different vendors have different footprints across the globe. For smooth global operations one generally recommends standardized solutions as opposed to propriety solutions. As Safr’s John Cassie explained, “would be nice if I could just capture that from the existing access control system and not have to do some extra procedure so that’s another element that allows us to have sort of this compliance across my entire security platform. As long as I am not using solutions that are pigeonholing me into proprietary solutions.” There may be slightly better solutions in this aspect or that aspect locally available but those frequently ruin the ability to have global clarity. It is critical to maintain a consistent architecture globally unless you want custom roadmap items for each and every change. If you are anywhere in the lifecycle of trying to realize such as solution, be sure to set up an inquiry plan so that an expert who has been there can provide actionable guidance.

Related playlists
Corporate Headquarters

2884 Grand Helios Way

Henderson, NV 89052

©2019-2026 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, Whisper Club, Whispers, The Answer is always in the Whispers, Vegas Convention Library, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.
July 10, 2025
Whisper Report: How can we integrate AI-driven customer service solutions with our existing IT infrastructure?
Published to clients: July 3, 2025 ID: 2079

Published to Readers: July 4, 2025

Email Whispers Released: August 11, 2025 8am

Public and Video Edition Released: August 11, 2025 11am

Analyst(s): Dr. Doreen Galli

Photojournalist(s): Dr. Doreen Galli

Abstract:

“Integrating AI customer service with existing IT systems starts by setting clear business goals. AI should enhance, not disrupt, current workflows and streamline real-time support. Every organization has unique systems, so tailored integration is essential. A major challenge is fragmented data—making robust pipelines and clean, synchronized data critical. Accurate timestamps and system compatibility across platforms are key to ensuring effective AI performance and a smooth digital transformation journey.”

Target Audience Titles:
- Chief Information Officer, Chief Technology Officer, VP/Director of IT Operations, Enterprise Architects
- Chief Customer Officer, VP/Director of Customer Services/Success, Contact Center Operation Managers
- Solution Architects, DevOps & IT Administrators, Customer Support Agents, Data Scientists and ML Engineers
Key Takeaways
- Start with clear business goals so AI enhances workflows without causing disruptions.
- Tailor integration to your unique tech environment to avoid inefficiencies.
- Reliable, clean, and synchronized data pipelines are essential for effective AI-driven customer service.
How can we integrate AI-driven customer service solutions with our existing IT infrastructure?

We took the most frequently asked and most urgent technology questions straight to the technologists gathering at Customer Connect Expo 2025 held at the Las Vegas Convention Center. This Whisper Report addresses the question regarding how can we integrate AI-driven customer service solutions with our existing IT infrastructure? As Ford’s Dr. Kalifa Oliver shared, “first we need to break down our needs and our goals and figure out which pieces of AI actually build efficiencies in our IT systems because right now there are too many systems that are fragmented.” With ALL AI projects, it is best to start with the business goal not the technology. We do not want to spend resources to integrate technology that goes unused. Furthermore, the context of the business goal helps guide engineers when they have design choices to make.

Customer Service Workflows

AI in Customer Service is all about optimizing and improving the customer service workflow to lead to maximum customer satisfaction. As Zaon’s Jason Kaufman shared, “using artificial intelligence tools within the organization to actually help drive and make more efficient the processes that go into place in order to support good customer service. For example, leveraging artificial intelligence to actually analyze chats real time community forums real time. Actually monitoring that (the communities) helping to gain insights about what your customers have questions about so that you can leverage the AI to actually generate the knowledge on the fly to actually provide that (information removing confusion) back to them real time as if it’s another person on that community thread.” The nonobvious challenge in achieving this solution is best described by Claritiv’s CEO Sean Gigremoss. “Everybody has workflows. Every company is unique. What tools do they use? What products do they use now? Do we need to build it?” In other words, every organization has a unique, highly mixed environment with varying degrees of maturity both in the technology itself and the organization’s ability to deploy technology.

Verse.ai’s Zac Brooksher recommends focusing on complimenting the current workflows and processing. “We can integrate AI driven customer service solutions using full funnel metrics understanding all of the conversations the timestamps the channels the appropriate team members what next steps are all integrating into existing systems and processes just to complement what the current workflows and data processing is today like.” Any technology not realizing it is complimenting an existing process will instead create process interrupts. The distinction really is a big difference.

The Challenge: Data is everywhere!

As Claritiv’s Sean Gigremoss shared, data is everywhere! “They make it so easy for us to integrate because in the end that’s important because all the data are in this different .. disparate systems. You need information from Salesforce you need information from zoom you need information from slack you need information from your database you need information from your customer’s database so to be able to do that you need to make sure that you’re using the tools or you’re partnering with companies that help you so that you can focus on what you do best.”

But the data isn’t just everywhere, it comes from everywhere. The first obvious location was shared by Enthu.ai’s Atul Grover, “we integrate with the telephony at the dialer.” And the rest such as the web and email communications, “we ingest that using an API driven environment.” Diabolocom specializes in capturing all that occurs between the customer and the organization on mobile devices. As Diabolocom’s Benjamin Shakespeare shared, “with our mobile solution that we are about to release

the market .. So all field reps anybody who is using a cell phone today with every interaction they have on their phone our AI will then score that call transcribe it and push it directly into the CRM So any lack of compliance that you are seeing today in your organization from people that are not sitting behind a computer that will be no longer.”

Where the magic happens!

Now that we understand we are complimenting the existing customer experience workflows for the benefit of the customer experience and that data is everywhere, what can we do? As Macy’s Siva Kannan Ganensan shared, “you need to make sure your data pipeline is very robust when we talk about all this AI integration data is the core so make sure the data is cleansed and always readily available ready to serve with that we’ll be able to integrate an into your existing architecture or in your organization.”

Figure 1. Compliment Workflows & Leverage Robus Data Fabric

It’s all about the data infrastructure! You need robust data pipelines as part of your data fabric to seamlessly integrate any new AI offering as depicted in Figure 1. AND you must ensure data quality. For example, data quality is paramount when dealing with timestamps of customer communications. What time zone is your organizational standard? Do your IT systems work in that time zone, and do you know what systems provide timestamps in other formats or time zones? Is that true for any and all corporate acquisitions feeding data into the system? Is the system designed to handle the variety of daylight savings time scenarios? Are all the clocks adjusted for daylight savings automatically or manually? Finally, are the timestamp clocks aligned? To the second or to the minute? It’s valuable to know if you can look at time as fact or approximation in your organization. If your organization is going through any type of digital transformation, it is critical to get the best advice available to ensure your success. Ensure your success by scheduling your inquiry with a TBW Advisors advisor before starting any critical phase of your digital transformation journey. Get the smartest advice available and leverage our firsthand experience to your advantage.

Related playlists
1. Whisper Report: How can we integrate AI-driven customer service solutions with our existing IT infrastructure
2. Conference Whispers: Customer Connect Expo 2025
Corporate Headquarters

2884 Grand Helios Way

Henderson, NV 89052

©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.
July 3, 2025
Whisper Report: What are the best practices for enhancing cybersecurity in FinTech?
Published to clients: June 26, 2025 ID: TBW2067

Published to Readers: June 27, 2025

Email Whispers: December 9, 2025

Public with Video Edition: December 10, 2025

Analyst(s): Dr. Doreen Galli

Photojournalist(s): Dr. Doreen Galli

Abstract:

To strengthen cybersecurity in FinTech, experts emphasize a layered approach that combines technology and human awareness. Rising threats like phishing, smishing, and fraud demand not just better tools but also vigilant, well-trained employees. Embedding security scans into software development, analyzing diverse data signals, and adopting a “defense in depth” strategy are all critical. Ultimately, staying curious, asking the right questions, and embracing evolving technologies—especially AI—can help organizations stay ahead of cyber risks.

Target Audience Titles:
- Chief Technology Officer, Chief Security Officer, Chief Information and Security Officer, Chief Trust Officer, Chief Compliance Officer, Chief Risk Officer
- Head of Product, VP of Product, Chief Marking Officer, Data Protection Officer, Director of Data Protection
- Security Architect, Security Engineers, Penetration Testers, Incident Response & Threat Intelligence Teams
Key Takeaways
- Adopt a Layered Defense: Use a “defense in depth” strategy—combine multiple security measures and analyze broad data signals to stay resilient against evolving threats.
- Train Your Team: Human error is a top vulnerability. Regular employee training helps prevent phishing, smishing, and social engineering attacks.
- Build Security into Development: Embed security checks directly into software pipelines to catch issues early and reduce risk at every stage of development.
What are the best practices for enhancing cybersecurity in FinTech?

We took the most frequently asked and most urgent technology questions straight to the finance technology experts gathering at Fintech Meetup 2025. This Whisper Report addresses the question regarding what the best practices are for enhancing cybersecurity in FinTech. As SecurityMetrics’s Matt Cowart shared, there is a, “big rise that we’ve seen is fishing and smishing.” Your employees are getting targeted via email and SMS messages. But that is not the only threat. The user or customer angle also brings in cybersecurity issues. Incentiva’s Heather Alvarez shares, “fraud is something that is very big right now and (is something) that we’re trying to combat.”

A Layered Approach

Cybersecurity frequently feels like a game of whack-a-mole. Vulnerabilities seem to pop up in every dimension you explore but there is still hope. As Socure’s Matt Thompson shared, “creating layers and looking at lots and lots of data signal is important for protecting your Enterprise.” This is also known as defense in depth.

What might these layers include? Gitlab’s Field CTO, Joshua Carroll recommends, “making sure your code is secure and doesn’t have vulnerabilities by building the security scanners into your pipelines and do those as you build the software you can save yourself an awful lot of time.” Likewise, SecurityMetric’s Matt Cowart points out that it all, “comes down to training. The weakest link is where hackers get in. Being able to strengthen your entire area – all of your employees making sure they know what to do what not to do is going to be on of the biggest things that keeps your network safe.” Effective training can minimize phishing and smishing as well as positively impact fraud detection during customer interactions.

Thus to enhance your cybersecurity, ensure a depth in defense security strategy and that the strategy includes both technical aspects of your enterprise as well as your humans in the loop. But most important stay curious and keep building. As Incentiva’s Heather Alvarez shared, “ask the right questions .. continuing to push and look for new features look for to AI to help us because there are a lot of Technologies out there.”

If you are evaluating your cybersecurity environment, be sure to book an inquiry for timely advice.

Related playlists
^*When vendors’ names or quotes are shared as examples in this document, it is to provide a concrete example of what was on display at the conference or what we heard doing our research, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document.

Corporate Headquarters

2884 Grand Helios Way

Henderson, NV 89052

©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.
June 26, 2025
Whisper Report: What are the best practices for enhancing cybersecurity in healthcare?
Whisper Report: What are the best practices for enhancing cybersecurity in healthcare?

Published to clients: June 18, 2025 ID: TBW2063

Published to Readers: June 19, 2025

Email Whispers: July 22, 2025

Public & Video Edition: July 23, 2025

Analyst(s): Dr. Doreen Galli

Photojournalist(s): Dr. Doreen Galli

Abstract:

Cybersecurity in healthcare is responsible for protecting the data that represents the life’s story of patients and infrastructure to enable proper care. Managing and securing the plethora of edge devices and the interoperability of all the technologies is an increasing challenge. There are four steps to take to enhance your healthcare cybersecurity: select a framework, leverage depth in defense, automate where possible, and test your environment.

Target Audience Titles:
- Chief Information Security Officer, Chief Information Officer, Chief Security Officer, Chief Technology Officer, Chief Compliance Officer, Chief Data Officer, Chief Privacy Officer
- VP of Cybersecurity, Director of Information Security
- Security Architect, Information Security Architect, Network Security Engineer, Systems Security Engineer, SOC Analysts, IAM Specialists, Director of Privacy
Key Takeaways
- Device maintenance and interoperability continue to challenge healthcare environments cybersecurity.
- Four steps to enhance cybersecurity in healthcare environments. Select a framework, leverage depth in defense, automate where possible, and test your solution.
Tags

cybersecurity, privacy, healthcare, healthcare technology, health tech, HIMSS, HIPPA, medical devices, edge devices, IoT, depth in defense, automate, integration, cybersecurity frameworks, Evidently, Hal Wolf, Kai Romero, Brennen Reynolds, Absolute Security, Alexander Group, Trey Chamberlin, Aisera, Daniel Carvajal Marin

What are the best practices for enhancing cybersecurity in healthcare?

We took the most frequently asked and most urgent technology questions straight to the health systems technology experts gathering at the Healthcare Information and Management Systems Society (HIMSS) 2025 Global Health Conference and Exhibition or HIMSS 25 for short. This Whisper Report addresses the question regarding the best practices for enhancing cybersecurity in healthcare. Given that data breaches in 2024 affected 1 in 2 American’s health records, cybersecurity is top of mind in healthcare¹. But healthcare data is not your shopping data, it represents much more. As Evidently’s Kai Romero shared, “the narrative Arc of who they are how they’ve suffered, how they’ve overcome the illnesses that they’ve experienced, you can’t treat that lightly … this is their life.” But there is a reason for concern in healthcare. For those unfamiliar, Russia has been found the source of ransomware attacks on the healthcare industry². As HIMSS Hal Wolf shared, “security is a major issue our own the federal government the United States just announced that they were bringing down cyber security blockage or fundamentals against another foreign country recently that was yesterday.” There is no indication that the cyberattacks on healthcare will stop, just an announcement that the government is no longer stopping such attacks.

Where are the vulnerabilities?

Understanding that healthcare data represents the whole person and their life, where are the vulnerabilities coming from in the healthcare environment? Examining the source of the security vulnerabilities can offer insights to the efforts to defend and protect this valuable healthcare data. Turns out there are two large sources of vulnerabilities.

Device Maintenance

First, devices in the healthcare environment itself are an issue. As we discussed in Whisper Report: How can AI be effectively integrated into healthcare systems?, many devices on site are old. They may not have over the air (OTA) updates, may require human in the loop to update. As Absolute Security’s Brennen Reynolds stated, “any given organization that man that has our technology about 15% of the devices that are being manually managed have some missing critical security control which increases their risk to either an operational outage or a cyber event like Ransomware.” It may sound like simple advice you have heard a million times, but keeping your equipment up to date with the latest software and security patches is simply critical.

Interoperability

Healthcare creates complicated environments full of an array of diverse vendors. Somehow these vendors and their technology – or more specifically – the diverse array of data about the patient derived must interoperate. Not just interoperate, the data must come together to provide a picture of the patient for the practitioner. Unfortunately, as Alexander Group’s Tray Chamberlin pointed out, “a lot of interoperability issues and leaks.” Getting the technology to work together is so difficult in and of itself, the process created that ‘works’ may not be a secure solution. It is critical that during any interoperability project that protection of the data in the processes is the first a priority. Furthermore, the integration architecture and solution must be examined at a detailed level to understand and identify any potential leakages created in the process.

Solutions

Organizations concern about security in healthcare technology is not going to go away. Per HIMSS’s Hal Wolf, “this is going to be the coinage of which we really improve Healthcare is information (and) information comes from data the data will be unprotected so .. it is why it (cybersecurity) is one of our (HIMSS) four focus points.. at HIMSS (25) digital Health transformation, AI, cyber security, and Workforce Development.” Information is how we improve care, thus information is the goldmine of healthcare. Figure 4 depicts Four Steps to Enhance your Healthcare Cybersecurity.

Select Framework

Through the various conversations while conducting this research, it became very clear that each organization has their own framework to guide their cybersecurity program. When selecting amongst the frameworks, ensure these common characteristics are present.
- It should be 100% restricting while enabling productivity.
- Needs guardrails and controls
- It should be deliberate and intentional with how it handles your assets.
Leverage Defense in Depth

Regardless of where the technology is used within healthcare, certain security practices should be consistent. As Evidently’s Kai Romera shared, “some of the same things that we use in the clinical setting to protect patient data whether that’s logging out of a screen pretty quickly after it’s not active or you know taking away the protected patient information so that anyone who’s looking at the screen would not know who that patient was you want to know that they’re employing those things because this (is) patient data.” Understanding no single method covers all scenarios, it is good to use every method available when possible. For example, clinical data masking technology and standards can easily be applied to the terminals used at the front desk and billing as well.

But data masking is not just useful at the terminal level. As Aisera’s pointed out, regarding you agentic AI solutions, we can do everything from masking PII for mask any personal data “architecture that’s going to keep your data private data privacy is probably the most important thing especially when it comes to healthcare right .. but also how it is stored right even in our cloud approach” our customers get the unique architecture so when you’re training the LLM you’re not trained in our models.”

Deploy Automation

Many shy away from automation, but as we pointed out in Conference Whispers: Black Hat USA 2019, a ransom ware attack can take down an organization in 30 minutes. What human on call can get notified, get online and stop an attack that fast? Furthermore, as Absolute Security’s Brennan Reynolds shared, “topic of automation there’s just too many things to be done in a day to allow and require humans to be doing all of the maintenance and management task so if the it devices across their organizations whether you have a th000 devices 10,000 or a million devices you’re never going to have enough staff to manually execute tasks to keep those devices safe and secure.” Thus it is physically impossible to stop many attacks or even simply update all the devices on site without automation.

Test!

Regardless of the care taken, it important to review the architecture and test the system. As Alexander Group’s Tray Chamberlin explained, “make sure that it’s not just we want this system we want to stand it up and we want the functionality but also going through the paces and testing and making sure that is playing nice but also doesn’t open up a new vulnerability within your system going forward.” A system that simply works is not the goal. Rather, a system must work and be secure, resilient, and hardened against attacks including its integration points is the minimum standard.

We will close with remarks by HIMSS’s Hal Wolf, “ I think cyber security is going to continue to be at the Forefront of our thoughts whenever you’re dealing with data and information they are going to be bad actors… HIMSS is focused on cyber security we have cyber security forums (and) there are cyber security events taking place.”

^*When vendors’ names or quotes are shared as examples in this document, it is to provide a concrete example of what was on display at the conference or what we heard doing our research, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document.

Related playlists
1. Whisper Report: HIMSS: Question 1: How can AI be effectively integrated into healthcare systems??
2. Conference Whispers: HIMSS 25
Corporate Headquarters

2884 Grand Helios Way

Henderson, NV 89052

©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.
June 18, 2025
Conference Whisper: Identiverse 2025
Published to clients: June 10, 2025 ID: TBW2083

Published to readers: June 11, 2025

Published to Email Whispers: August 18, 2025

Publicly Published with video edition: August 18, 2025

Analyst(s): Dr. Doreen Galli

Photojournalist(s): D. Doreen Galli

Abstract:

Identiverse 2025 welcomed 3,300+ attendees to Mandalay Bay – nearly a 20% gain over 2024. Featuring 250+ sessions and 150 exhibits all on one floor, the event was smooth and accessible. Keynotes and sessions emphasized teamwork, resilience, and collaboration, while exploring AI in identity, decentralized credentials, and zero-trust implementation. Exhibitors showcased innovations from selfie-based authentication to intelligent access control and secrets vault cleanup. The shift from Aria to Mandalay Bay marked a new chapter for the expanding event, which returns to Mandalay Bay in 2026.

The Conference
- Identiverse 2025 was held at Mandalay Bay Convention Center, a move from Aria in 2024. It hosted 3300 attendees, 250 sessions and 150 exhibitors.
Cautions
- Friendly reminder: this research provides examples of what was shared with us at the event, not an evaluation, validation, or recommendation of the given technology.
TAGS

Identiverse 2025, digital identity, identity security, zero trust, AI in cybersecurity, decentralized identity, verifiable credentials, identity governance, privileged access management, IAM, IGA, cybersecurity conference, Mandalay Bay, authentication, biometrics, secrets management, SSO, MFA, ITDR, access control, enterprise security, digital trust, identity trends, identity innovation, conference highlights, tech expo, identity tech, identity solutions, cybersecurity trends, identity keynote, identity management

Conference Vibe

After over 53 videos, almost 200 minutes of content only 2 escalator rides, 30,000 steps and over 25 fact checks, our coverage of 2025 Identiverse ends. The event spanned 4 days, had over 250 speakers, 150 exhibits and with over 3300 attendees – 700 more registered over last year. Registration went very smooth with rarely any waiting time. Interestingly, we were informed many registered late. Executives realize that reducing risks and therefore related losses is a viable path to protecting profits in uncertain times. This year’s event took place at Mandalay Bay Convention Center, a change from Aria last year. Most enjoyed the conference taking place all on the same floor. It was great to see the conference grow and expand. Like all changes, there were the old timers yearning for the days when they all packed into too small rooms at Aria. Unfortunately, some of the sessions located physically further from Expo Hall reported some in person attendance challenges from those too tired to walk to the room. The event featured a full collection of meals. We were able to capture the Tuesday Seminar’s Lunch and the lunch on Wednesday in Expo Hall.

While at Identiverse, we conducted research for three additional forthcoming Whisper Reports for our clients. The playlists are unlisted but available and will eventually fill in with the video version of the report so you may wish to bookmark these playlists.
Readers and viewers wishing to experience the entire event are encouraged to view the Conference Whispers: Identiverse Playlist in its entirety. Once the video edition is available, the playlist will be sited as a pinned comment on the video edition. It is also easy to locate any previous Conference Whispers playlists through TBW Advisors Website under Subscribers research/Conference Whispers.

Keynotes and Sessions

Identiverse is absolutely one of those events where regardless of the amazing session you choose, you are aware you are also missing an incredible session – or two. Fear of missing out was rampant. Fortunately, we were able to capture 53 videos for our clients and subscribers. The first Keynote featured John Pritchard, CEO of Radiant Logic. Titled, “Identity isn’t a solo Game” it drove home the message that one cannot succeed in identity without collaboration with the professionals around you throughout the organization and with others in the industry.

Another frequently referred to keynote featured the UK’s Hanna Rutter who is realizing their government digital identity solution. In her talk she spoke about the challenges of such a decentralized digital identity solution and how she is overcoming roadblocks on her path to success. A much in demand topic regarding identity challenges in the realm of AI was presented by Richard Bird. A tech talk held in the expo hall was hosted by Microsoft. Their tech talk covered the hot topic of ITDR, Identity threat detection and response.

Exhibits

Identity is a topic found not only in the expo halls of Identiverse, but was also seen in the halls of HIMSS, Fintech Meetup, Money 20/20 and ISC West just to name a few. What is interesting is the different manners of vendors describe their technology. At ISC West, vendors in the expo hall spoke in terms of a solution. They would always emphasize the PII information is not on the badge, rather a hash of the biometric data which enables verification is provided instead. While this was not clarified on the videos at Identiverse, the vendors later disclosed the same technical approach that was taken on the technology captured at Identiverse. If you are seeking a tap-in to sign-in on a shared device for your organization, Imprivata was in the expo hall with their solution. If you would like to verify the customer requesting the high-risk transaction is the same customer who signed up for the account, Panani shared their technology. Keyless offers a solution to authenticate high risk actions with a selfie. If you are an engineer developing a solution and need the capability to onboard customers, no need to start at square one! PropelAuth provides an out of the box identity capability you can add on to your solution to onboard customers! Seeking to manage your remote teams and seeking a cost effective out of the box solution to provide SSO and MFA? Cubeless shared their free and easy SSO and MFA solution made for you.

Is managing privileges gotten to be too much for you and your organization? Apono Unified Access Management is an intelligent solution that aims to provide just enough just in time privilege for human and non-human-identities (NHI). Oasis goes one step further in managing AI Agents’ Identity, provisioning, deprovisioning and cleaning up stale accounts. Are your coders overwhelmed trying to identity what secrets vault to use so they land up hardcoding the secret? Is your organization suffering from identity vault sprawl? GitGuardian was on hand with their solution that can assist you in identifying and remediating secrets vault sprawl.

Expo hall also featured quite a few IGA (identity governance and administration) and PAM (privileged access management) platforms. Omada captured their 25-years’ IGA experience into a free best practice framework. This framework includes use cases and related configuration recommendations for their platform, Omada Identity Cloud. Lumos shared their agentic AI autonomous IGA solution. This solution can even recommend what privileges a new employee should get based on their role and department. If you have a small but complex environment, Clarity Security has an IGA solution targeted at your organization.

Keeper Security shared their zero-knowledge identity solution for endpoints. Their solution is referred to as zero knowledge as the customer’s data is encrypted on the endpoint with the customers key; meaning, Keeper Security has no access to customer data whatsoever. Bridgesoft shared their complete identity platform that also can adapt and include any components that may already exist in your environment. Specializing at the start of the process, CyberSolve helps organizations commence new identity programs. Looking for IAM services across the portfolio? Simeio was on site there to offer guidance. Clients are reminded to schedule an inquiry to review the current state of your identity program. If you are seeking to expand it or modernize it, we will produce an inquiry plan to guide you along the journey even if you are working with an outsource provider or consultant.

Next Year’s Conference

Identiverse will once again be held at Mandalay Bay Convention Center June 15-18, 2026.

^*When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.

Corporate Headquarters

2884 Grand Helios Way

Henderson, NV 89052

©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.
June 10, 2025
Whisper Report: How can AI and machine learning transform media and entertainment?
Published to clients: May 29, 2025 ID: 2076

Published to Readers: May 30, 2025

Published to Email Whispers: July 7, 2025

Video edition: July 7, 2025

Analyst(s): Dr. Doreen Galli

Abstract

AI is transforming media and entertainment, reshaping workflows and automating the tedious. This shift isn’t new—it’s an evolution already well underway. While concerns about disruption persist, AI is proving to be a powerful tool that enhances efficiency, making content more accessible and refining quality. From metadata enrichment to streamlined production, AI empowers professionals by eliminating the mundane and allowing more focus on creativity. Rather than replacing jobs, it shifts how work gets done, seamlessly integrating with existing processes to unlock new possibilities in storytelling, production, and distribution. The industry is adapting, and AI is at the heart of that transformation.

Target Audience Titles:

Chief Technology Officer, Chief Supply Chain Officer, Chief Digital Officer

Chief Data Officer, Chief Marketing Officer, Chief Content Officer

Head of AI and Machine Learning, Data Scientists

Product Managers, Content Managers, Sound Engineers, Distribution Engineers

Production Technologists, Streaming Platform Developers

Chief Technology Officer, Chief Supply Chain Officer, Chief Digital Officer

Key Takeaways
- AI is transforming workflows, automating the tedious, and reshaping media and entertainment.
- Efficiency gains let creators focus on storytelling while AI enhances accessibility and searchability.
- AI isn’t replacing jobs—it’s evolving how work gets done, integrating seamlessly into production processes.
How can AI and machine learning transform media and entertainment?

We took the most frequently asked and most urgent technology questions straight to the Technology experts gathering at NAB Show 2025. This Whisper Report addresses the question regarding how can AI and machine learning transform media and entertainment?

Setting the Stage

As DeepDub’s Oz Krakowski stated, “We see is a lot of the work that was done before is now done in different.” These changes have already hit the headlines for as Dell Technologies’ Tom Burns pointed out, “Everybody’s all concerned with Gen AI but of course the writers and actors strikes were all about that.” Thus this AI transformation is not new but rather is currently underway. Latakoo’s Jade Kurian offered this perspective. “The question now is how do we do this thoughtfully? How do we do it in a way that we don’t compromise ethics – where we don’t compromise people’s jobs? How do we make it flow back and forth where we take advantage of AI and machine learning to make our lives easier, make our lives better, and make entertainment and media better.” Cinnafilm’s Dom Jackson suggests we take another step back to gain a larger perspective, “There’s a lot of fear around AI and those technologies and in that sense, I see those as part of a continuum of ongoing automation processes that have been going on since the industrial revolution. Everyone’s always scared when something new comes along and then very quickly it becomes normal and it empowers us to work in new and different and usually more efficient ways.” See Figure 1 for the Cornucopia of AI use cases suggested. Let’s explore some of those new, and different, more efficient ways.

AI Use Cases in Media

One thing is for certain, there is no shortage of opportunity for AI to positively impact the media and entertainment sector. The favorite use case among all users, as Strada’s Michael Cioni put it, “AI is best for our industry as a utility form to do the mundane tasks .. we need AI that automates mundane tasks like color correcting sound noise reduction, video audio noise reduction, face tagging, locations, objects, emotions – those are all the things that no one wants to sit and log footage. AI can log it for us.” Or per Ross’s David Green, “AI is going to make us more efficient and more effective and let us focus on what we love doing which is creating amazing content.” No matter which perspective you prefer – the elimination of the mundane or the freeing up to do the fun parts – AI is here to stay in media workflows. As Dell’s Tom Burns observed, “Machine learning has already transformed media and entertainment in so many invisible ways from security to fixing single pixel defects to all kinds of low-level network functions and automated provisioning.”

When it comes to all that stored media, there are plenty of suggestions of how AI can assist as well. Per SNS’s Alex Hlavaty, “It actually can be an incredibly helpful buddy to sort through the stuff we don’t want to do parse through petabytes worth of information. Help us find assets more quickly and just interact with our data in a much more meaningful way while reducing man hours doing things that are laborious.” . Eon Media’s Greg Morrow observed, “our customers have large libraries of video files that only have a file name or have just a a small title. We really enriched those assets with information to make those assets more usable by identifying people places things emotional sentiment um ethnicity as part of those assets.” Dell Technologies’ Tom Burns denoted, “One of the GEN AI things that is proving to be useful is for companies that have large archives or studios that have that have the rights holders to a lot of content, using AI to extend the metadata and inform them of what they actually have in their archive allows them to make that more searchable and therefore more monetizable on.” Increasing metadata for the purpose of search and the related business cases that come from having truly searchable content is a common theme. As Axle.ai’s Sam Bogoch simply stated, if, “they can’t find it they can’t reuse it.”

In some of the use cases such as sound editing, it has completely transformed the task at hand. As DeepDub’s Oz Krakowski observed, “just like you cannot imagine a graphics designer not using Photoshop it’s unheard of right however 20 years ago this was extremely questionable nowadays thinking of doing voice design and editing dialogues without using AI.” Ross’s David Green offers additional suggestions, “things like camera tracking so instead of having to every single second manually figure out where things are and do manual keying you know markers and those sort of things we can use AI to automatically be able to do those things .. instead of having to flip through a manual.” Dell’s Tom Burns observed, “when you render your VFX AI upsampling has gotten so good now that you can render at 2K and up to 4K and it looks better than if you rendered at 4K in the first place.” Wow! Upsampling rendering better than if it was 4k in the first place – now that is an improvement – by definition. Localization is another area that has been drastically impacted by AI. Today, with AI tools such as Yella Umbrella are, “making content accessible to users that wouldn’t have access to it normally either because there’s no one to localize that content or just because the content that they want to access is not available in the accessibility form that they prefer.” If the form you prefer isn’t about language but more about duration, Magnify’s Ken Ruck shares today one can, “edit automatically (and) create clips automatically.” Clients may recall our coverage of Conference Whispers: NAB Show 2023 when automated shorts were first highlighted.

One of the most treasured advancements is that of workflow automation. As Eon Media’s Greg Morrow stated, “workflow automation to improve the efficiency of a media organization in order for the people in the organization to create higher value content and less of the drudgery work.” In other words, AI can transform Media and Entertainment by enabling all to do more with less. But if you are worried about your job, Cinnafilm’s Dom Jackson assured, “strangely ultimately people always end up having jobs they’re different jobs but people always end up with plenty of work.”

Related playlists
1. Whisper Report: How can AI and machine learning transform media and entertainment?
2. Conference Whispers: NAB Show 2025
Corporate Headquarters

2884 Grand Helios Way

Henderson, NV 89052

©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.
May 29, 2025
Whisper Report: How can we enhance our cybersecurity measures to protect against emerging Cyber Physical threats?
Published to clients: May 20, 2025 ID: 2073

Published to Readers: May 21, 2025

Email Whispers: June 13, 2025

Video Edition: June 13, 2025

Analyst(s): Dr. Doreen Galli

Photojournalist(s): Dr. Doreen Galli

Abstract:

As cyber and physical security continue to merge, proactive, multi-layered strategies are essential to safeguard critical assets in interconnected environments. Secure data practices, including encryption for data in transit and at rest, during compute, and ensure compliance with high security standards. Architectural resilience is crucial, integrating cybersecurity from the outset rather than retrofitting outdated systems. Correlating physical and cyber events provides valuable context. Finaly, digitizing workflows streamlines response efficiency, minimizing the window of vulnerability during attacks.

Target Audience Titles:
- Chief Technology Officer, Chief Security Officer
- Chief Information and Security Officer, VP of Cybersecurity
- Director Cyber Physical Security, Security Analyst
- Cybersecurity Engineer, Incident Response Analyst
Key Takeaways
- Data must be encrypted at rest, in transit, and during execution.
- Cyber Physical security requires a securely designed architecture from the start.
- Cyber and physical threats must be correlated.
- Only a digitized workflow can respond with the required speed to cyber physical threats.
Secure data

As with all security, cyber physical security must also be concerned with, “ data security and encryption … that’s data in the device, data in transit, data in rest at the servers, and so all of those things we have the highest level standards and we also meet more advanced requirements, “ Bioconnect’s Edsel Shreve. The solution should be flexible enough to enable any data protection requirements that come into play. Edsel Shreve went on to further explain, “for example you need to do certificate rotation for things like TLS encryption So we can do those things not every customer wants them but those are the things that we’ve actually got in our system for the folks that have those higher level requirements so it really is the combination of how do we make sure that they’re cyber secure sitting on the network and then how do we make sure that they’re physically and the data is secure on the on the readers and devices themselves.” In addition, TBW Advisors LLC recommends confidential computing architectures for protection and privacy during computations. For additional information see Industry Whispers: Public is Private – Confidential Computing in the Cloud.

Secure Architecture

Taking a 1968 mustang and updating it to 2025 safety standards would be quite the challenge and likely land up with an ugly beast that is neither safe nor resembling of a mustang. Cyber physical security is no different than safety. It must be thought of and integrated from the very beginning. As LVT’s Steve Lindsey explained, “it starts with architecture if we can rethink our architectures and we can start building for cyber security in mind.” The challenge of physical cyber security is that, “for the longest time in the physical security space we’ve been using on premise systems and as we’ve lifted and shifted those into the cloud .. what complicates that is as we’re deploying these systems it’ not just cloud to end User, it’s Cloud to IoT (Internet of Things) device which is going through usually public cellular or satellite infrastructure itself and there’s other things that need to be done to address that” Steve Lindsey.

Correlate Physical Cyber Events

The real power of cyber physical security is the two areas working together to correlate events. Through correlation, context and a greater understanding is realized. An example shared by Advancis’ Paul Shanks demonstrates this best. “Someone loses their badge and falls out of their pocket and they’re logged into the network from home and their badge is used at the building. Those two events by themselves are benign but we take that together and create a an alert for the operator to look into whether is it a Cyber attack or is it a physical attack.”

Digitize Workflow

As early as 2019 TBW Advisors LLC has been advising clients to automate security responses when possible for the simple fact you must. Ransomware attacks were already taking place within a 35-minute window. In 2025 the cyber physical attack vector also calls for automation or a digitized workflow at the very least. As Advancis’ Paul Shanks communicated, “we can take that and make that workflow digitized so that all they have to do is read click and go. Simple as that.”

Related playlists
Corporate Headquarters

2884 Grand Helios Way

Henderson, NV 89052

©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.
May 20, 2025
Industry Whispers: AMA with Victoria Essner

Join us for an inspiring Global Accessibility Day Interview,

Celebrate Global Accessibility Awareness Day with an empowering Ask Me Anything (AMA) session featuring international best-selling author and accessibility advocate Victoria Essner.

With over 30 years of professional experience in assistive technology—and more than 50 years of lived experience navigating the world with vision loss—Victoria’s journey has been one of innovation, advocacy, and empowerment.

From navigating the early challenges of digital accessibility to becoming a trusted expert, she has helped countless individuals find independence through technology.

In this heartfelt, one-hour session, she’ll share personal experiences, lessons learned, and how her passion for accessibility has shaped her work. Discover the milestones that led her to write From Tech Frustration to Freedom and why she remains committed to making tech inclusive for all!

Come be inspired—and bring your questions! Whether you’re new to accessibility or a long-time advocate, you’ll walk away with practical insights, renewed hope, and a reminder that inclusive tech is possible for all!

Research Code TBW2082

Cannot make it live? Register and submit your question. The answer will be in the video on TBW Advisors’ YouTube Channel.

NO AI note takers allowed. Event copyrighted by TBW Advisors LLC All Rights Reserved.

Victoria Essner is a legally blind assistive technology coach, caregiver advocate, speaker, and international best-selling author. With over 50 years of lived experience and 30+ years of professional expertise, she empowers blind and visually impaired individuals — and the caregivers who support them — through personalized training and compassionate support. Victoria has consulted with Fortune 500 companies, nonprofits, and government agencies on accessibility and inclusion. She hosts the Blessed Thru Blindness podcast and founded AT Made Easier, a membership designed to simplify tech and restore confidence. Her signature message: Breaking Barriers. Building Independence. One Breakthrough at a Time.

Heather Osborn was most recently Engineering Manager at Zapier, leading the Developer Enablement team focused on incident management, observability, and service catalog. With over 25 years in tech, she’s worked across systems engineering and operations, including a long tenure at Ticketmaster where she helped scale their infrastructure from a handful of gaming desktops to a global, hybrid cloud system handling massive traffic spikes.

More recently, she’s specialized in cloud-native infrastructure, with an emphasis on AWS, Kubernetes, and enabling developer autonomy through secure, maintainable systems. She’s spoken at Southern California Linux Expo three times, most recently on Turning Incidents into Insights, Not Insults.

Heather is a longtime advocate for diversity in tech—founding and mentoring in women’s groups, and often being the only woman on her team. She believes accessibility is essential to building inclusive, empowering technology for everyone.

Outside of tech, she’s a distance runner, live music fan, immersive camping nerd, proud mom, and devoted cat herder.

Dr. Doreen Galli is the Chief of Research at TBW Advisors LLC. She’s led significant and measurable changes as an executive at IBM, DPWN, Dell, ATT, and most recently Microsoft. Dr Galli was Chief Technology and Chief Privacy Officer in Azure’s MCIGET. Gartner recognized Dr. Galli as an expert in data ingestion, quality, governance, integration, management, and all forms and analytics including sensor data.

May 15, 2025