Artificial intelligence (AI) has become a driving force in business, reshaping how organizations everywhere operate. As AI’s influence grows, however, so does the need for strong governance. Companies must mitigate the ethical and social risks of AI, navigate complex and evolving regulations, and prevent operational and security failures. Without robust governance, they risk deploying AI that could erode public trust, cause reputational damage or financial penalties, and result in security vulnerabilities and cyberattacks. Today, business leaders play a pivotal role in driving the conversation around AI governance. In highly regulated industries such as financial services and healthcare, the stakes are even higher. To remain agile, organizations must balance innovation with compliance — and manage risks — while adapting to constantly changing AI regulations and standards. To address these challenges, companies need to take a structured governance approach that supports the development, deployment, and monitoring of AI models, and conforms with regulations, internal policies, and standard practices. The SageMaker and watsonx.governance partnership Amazon Web Services (AWS) and IBM have partnered to provide an AI governance integrated service that helps organizations scale and streamline AI, build responsible AI products, and meet business, regulatory, and compliance obligations. The integration of IBM’s watsonx.governance platform — which helps organizations manage, monitor, and govern AI models — with Amazon SageMaker, a machine learning (ML) service to build, train, and deploy ML models, enables users to automate risk management and regulatory compliance for their AI/ML models and use cases. This integrated offering provides several benefits. Organizations can catalog, govern, and monitor AI models throughout the AI life cycle, including mapping policies, metrics, and models using a centralized console to organize, document, and maintain an enterprise-wide view of their AI inventory. Users can also proactively identify and manage risk by automating workflows to ensure accountability and ownership of controls associated with the risks. In addition, this offering manages AI for safety and transparency alongside its regulatory library. This helps to translate external AI regulations into enforceable policies for automated enforcement. The IBM-AWS partnership delivers the power of a two-in-one unified offering, seamlessly integrating AI governance capabilities within your existing AI/ML operations and processes. Organizations will realize more streamlined workflows through the direct integration of the watsonx.governance console with SageMaker, for instance, enabling a customizable risk assessment and model approval workflow. Users can share vital information about models from Amazon SageMaker directly to create a unified workflow for governing AI operations. The partnership also addresses AI governance challenges while maintaining agility, and optimizes AI development and deployment costs, ensuring a faster time to production. If businesses want to adopt AI at scale, they must build an AI governance strategy that integrates into their existing systems and a partnership that addresses the same. IBM and AWS are ready to help. To learn more, visit the IBM watsonx.governance SaaS offering page on the AWS marketplace. source

By Christopher Cole ( March 13, 2025, 6:37 PM EDT) — The Federal Communications Commission will operate a new organization within the agency focused solely on national security, particularly cybersecurity threats emerging from the Chinese government…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

Just about every online service requires visitors to create an account, and that typically means more passwords than you can possibly remember. With repetitive passwords considered a poor security practice, using password managers becomes imperative as they help to generate and store complex, unique passwords for each of your accounts. Among the top password managers on the market are NordPass and Bitwarden. While NordPass is notable for its quality encryption and VPN integration, Bitwarden’s open-source and self-hosting options make it a worthy alternative. But how do you determine which to use? Let’s find out. NordPass: Best for ease of use and suite of security programs with the Nord Security family of software. Bitwarden: Best for open source password management and generous free version. NordPass Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Micro (0-49 Employees), Small (50-249 Employees), Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Micro, Small, Medium, Large, Enterprise Features Activity Log, Business Admin Panel for user management, Company-wide settings, and more Dashlane Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Micro (0-49 Employees), Small (50-249 Employees), Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Micro, Small, Medium, Large, Enterprise Features Automated Provisioning ManageEngine ADSelfService Plus Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Access Management, Compliance Management, Credential Management, and more NordPass vs Bitwarden: Comparison table The table below holds a summary of how both password managers stack up against each other. NordPass Bitwarden Our rating 4.6 stars out of 5 4.6 stars out of of 5 Native authenticator app Yes Yes Open source No Yes Encryption Uses XChaCha20 encryption Uses 256-bit AES encryption Password autofill Yes Yes Command Line Interface No Yes Free plan available Yes, (for one device) Yes (can be used on multiple devices) Built-in VPN Yes No Starting price Paid plan starts at $1.69 per month for one year Price starts at $0.83 per month; $10 billed annually Free trial Yes. Offers 30-day NordPass Premium trial and 14-day NordPass Business trial Yes. Offers 7-day free trial for most plans Visit NordPass Visit Bitwarden NordPass and Bitwarden: Pricing NordPass pricing NordPass offers two subscription tiers: Personal and Business. All of NordPass’ premium plans have a 30-day money-back guarantee and the Free plan includes a 30-day Premium free trial you can avail of as well. Meanwhile, NordPass also offers a 14-day free trial of its Business subscription. Personal: Free plan Premium plan Family plan 1-year plan Free $1.69 per month $3.69 per month 2-year plan Free $1.29 per month $2.79 per month Feature differences Autosave and autofill; secure storage; one user per session All Free features plus access on multiple devices, password health, data breach scanner, and file attachments All Premium features for six user accounts Business: Teams plan Business plan Enterprise plan 1-year plan $1.99 per user, per month $3.99 per user, per month $5.99 per user, per month 2-year plan $1.79 per user, per month $3.59 per user, per month $5.39 per user, per month Users Up to 10 users only From 5 to up to 250 users Unlimited users Feature differences Company-wide settings and Google Workspace SSO All Teams features plus Security Dashboard, Shared Folders All Business features plus SSO with Entra ID / MS ADFS / Okta, User and Group Provisioning, Sharing Hub Bitwarden pricing Bitwarden also offers a variety of plans under their Personal and Business tiers. Bitwarden has a seven-day free trial for its Families plan and a seven-day trial for its Teams subscription on the business side. Below is an overview of pricing and feature differences for both. Personal: Free plan Premium Families Free $0.83 / $10 billed annually $3.33 per month Unlimited devices, passkey management, unlimited password storage All Free features plus integrated authenticator, emergency access, security reports, and file attachments Up to 6 users; All Premium features plus unlimited sharing and collections, organization storage Business: Teams plan Enterprise plan Custom plan $4 per month, per user $6 per month, per user Contact Sales for price quote Secure data sharing, event log monitoring, SCIM support, Directory integration All Teams features plus Custom Roles, Passwordless SSO, Free Families Plan for all users, Self-host option, Enterprise policies Depends on your customized requirements NordPass vs Bitwarden: Feature Comparison When it comes to features, both NordPass and Bitwarden offer solutions for security, password sharing, encryption, and more. I’ve included their standout features below: Authentication Both NordPass and Bitwarden offer two-factor authentication (2FA) solutions to add an extra layer of protection for your accounts. NordPass Authenticator uses biometric, possession and knowledge-based authentication methods. Its time-based one-time passwords (TOTPs) expire every 30 seconds and serve as the second login factor you input alongside your password. The Authenticator also comes with QR code scanning and manual key entry options for easy setup. Bitwarden’s Authenticator also utilizes TOTPs for secure logins and offers options for QR code setup and manual key entry. Everyone can store authenticator keys in Bitwarden, but generating the codes requires a premium account or membership in a paid subscription such as a Families, Teams, or Enterprise plan.. Bitwarden Authenticator. Image: Bitwarden Password import and export You can import your saved passwords from other password managers like 1Password and LastPass using NordPass on desktop devices or import passwords from browsers using the Android app. Note: To import files into NordPass, you need to organize the CSV file accordingly. NordPass password import. Image: NordPass Bitwarden also supports importing and exporting data via its Password Safe in CSV. Data must be imported to Bitwarden from the web vault or Command Line Interface (CLI). In my testing, I found that importing data into the Bitwarden vault does not check for duplicates, so this should be done carefully. Bitwarden password import dashboard. Image: Bitwarden Password sharing NordPass offers secure password sharing across most of its plans. You can send passwords securely via the NordPass app, or you can

Data sovereignty has emerged as a critical concern for businesses and governments, particularly in Europe and Asia. With increasing data privacy and security regulations, geopolitical factors, and customer demands for transparency, customers are seeking to maintain control over their data and ensure compliance with national or regional laws. However, defining and achieving data sovereignty goes beyond simply storing data within borders—it requires a comprehensive approach to security, privacy, and interoperability. Broadcom’s strategy with VMware Cloud Service Providers who are Sovereign attested offers a unique and resilient route for customers across the globe achieving compliance with robust and bespoke sovereign cloud requirements. By leveraging the services of such VMware Cloud Service Providers, customers can achieve peace of mind that all their data is secure, private, and portable across systems and jurisdictions. Let’s explore the three essential keys to defining data sovereignty and how VMware Cloud Service Providers with sovereign attestation can help meet these demands. Security: The Foundation of Sovereignty At the heart of data sovereignty is security—ensuring that data remains protected from unauthorized access, breaches, and malicious actors. As organizations expand globally, securing data at rest and in transit becomes even more complex. Local and industry-specific regulatory requirements, such as the European Union’s General Data Protection Regulation (GDPR), France’s SecNumCloud, France’s Health Data Housing (HDS), the United Kingdom’s National Data Strategy & NIS Directive, Germany’s Federal Data Protection Act (BDSG), the United Arab Emirate’s National Cybersecurity Strategy, and Turkey’s Personal Data Protection Law (KVKK), require not only strict security controls but also accountability from service providers on where and how data is processed. VMware Sovereign Cloud Providers design their systems with security at their core. These providers operate within strict compliance boundaries, enabling organizations to host sensitive data in-country while leveraging robust encryption, zero-trust architectures, and continuous monitoring and auditing capabilities. The combination of VMware’s advanced security solutions within VMware Cloud Foundation and available Add-On solutions with local expertise and third party solutions managed by the provider, ensures that organizations can maintain a sovereign cloud infrastructure without compromising on innovation or scalability. Key Advantage: By working with Sovereign VMware Cloud Service Providers, organizations can ensure that their data remains fully within jurisdictional boundaries and is protected by some of the most advanced security protocols in the industry. Privacy: Ensuring Compliance and Trust Data privacy regulations are growing more stringent globally. Organizations must ensure they comply with laws that govern how personal data is collected, stored, and processed, such as the GDPR, the California Consumer Privacy Act (CCPA), or industry-specific regulations, like HIPAA for Personal Health Information (PHI). Achieving compliance means not only storing data locally but also demonstrating full control over data access and usage. Sovereign VMware Cloud Service Providers servicing vertical-specific industries, such as health insurance and healthcare organizations that have to comply with  HIPPA regulations  must provide administrative, physical and technical safeguards, underpinned with a legally binding business associate agreement (BAA) outlining the VMware Cloud Service Provider responsibilities. They also utilise frameworks like HITRUST for HIPAA, GDPR and NIST streamline compliance with a structured approach to managing security and privacy. All told, providing this level of coverage is a big task, and keeping up with regular SOC2 and HIPAA audits, pen tests and compliance validation is a workload that the provider takes on for their customers, allowing customers to focus on their businesses, not their infrastructure or data. Sovereign VMware Cloud Service Providers offer dedicated VMware Cloud Foundation-based features and capabilities and other typical cloud capabilities to help healthcare organizations manage HIPAA-compliant workloads, including: Encryption: Encrypting PHI data both at rest and in transit to ensure data security and privacy. Identity and Access Management (IAM): Enforcing role-based access, multi-factor authentication (MFA), and user activity monitoring. Backup and Disaster Recovery: Providing automatic backups, replication, and disaster recovery solutions to maintain ePHI availability. Logging and Monitoring: Ensuring detailed audit logs and monitoring of access to ePHI for real-time threat detection. Secure Communication Channels: Providing HIPAA-compliant virtual private networks (VPNs) and secure APIs to connect healthcare systems securely. Sovereign VMware Cloud Service Providers offer comprehensive frameworks, often underpinned by NIST or other frameworks, such as ISO/IEC 27001 and 27701 certifications, to address privacy concerns. These providers ensure that data handling complies with appropriate privacy laws, and they give businesses the ability to demonstrate compliance through robust audit trails and data access controls. Additionally, they enable organizations to define and enforce granular privacy policies that can govern how data is processed, stored, and accessed, ensuring full transparency for both the organization and its customers. Key Advantage: Privacy is built into the sovereign cloud model. By partnering with Sovereign VMware Cloud Service Providers, organizations gain the ability to manage and protect customer data in a way that meets or exceeds privacy laws at the local, national, or regional levels, reinforcing customer trust and mitigating legal risk. Portability: Avoiding Vendor Lock-In and Enabling Growth True data sovereignty isn’t just about keeping data within borders or complying with laws and regulations—it’s also about ensuring that data is portable, and systems are interoperable.  Cloud choice and data portability are big factors in cloud, and organizations must be able to back out of agreements to migrate to better placed clouds as they wish. Organizations that fail to plan for data portability may find themselves locked into specific vendors or technologies, unable to fully leverage their data as they scale or expand into new markets. Interoperability across hybrid cloud environments and 3rd party systems is crucial for maintaining flexibility and avoiding operational silos. Sovereign VMware Cloud Service Providers leverage open standards to support seamless integration across various platforms, ecosystems, and jurisdictions. This high level of interoperability allows organizations to scale globally while remaining compliant with local regulations and facilitating easy data movement between environments. VMware Cloud Foundation supports key open standards, such as Open Virtualization Format (OVF) for secure and efficient virtual machine distribution, OpenStack APIs for access to familiar tools while benefiting from VMware’s enterprise-grade features, and Kubernetes for managing containerized workloads. This enables organizations to run

source

Enterprises making progress Other IT leaders were less convinced of WalkMe’s numbers. Hundreds of unauthorized apps would not have been surprising a decade ago, but since then, CIOs have become more strategically engaged with business leaders in their organizations, says Bill Hineline, field CTO at Chronosphere, provider of a cloud observability platform. But the use of unauthorized apps remains a problem for many organizations, he adds. “Ghost IT, frustration with IT systems, and unauthorized apps are generally tightly interconnected in my experience,” he says. “You start with user frustration that stems from either support problems, reliability issues, or functionality gaps unaddressed by the technology organization.” When these issues exist, business teams often source their own IT solutions, Hineline says. “It rarely ends well for either the business team, the ghost IT team, or the central technology organization,” he adds. source

By Paul Singer ( March 12, 2025, 5:58 PM EDT) — This article is part of a regular column that features insights from former state attorney general office leaders, who share observations on that state’s latest enforcement news and trends, and compliance implications. … Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

[Graphic created by prompting an LLM to create a graph model in Neo4j.] As we approach the 2025 ServiceNow Knowledge and Atlassian Team conferences, IT management is entering a new era. The rapid adoption of AI-driven automation and the increasing use of graph-based models signal a fundamental shift in how organizations manage IT portfolios. IT management platforms (considered broadly) are evolving from forms and workflow-driven systems into systems based on intelligent, interconnected knowledge graphs that provide a real-time, holistic view of enterprise IT. In 2024, we saw this shift take hold as vendors such as ServiceNow and Atlassian matured and promoted their graph-based approaches. ServiceNow continues to expand its Configuration Management Database (CMDB) with graph-based models to represent IT assets and dependencies more dynamically. Atlassian, on the other hand, has taken a system-of-work graph approach to model how teams collaborate and deliver value. These advancements mark a paradigm shift in IT management: the emergence of AI-powered graph-based IT operating models. What is in the graph? All the usual things: servers, clusters, containers, applications, software, technology products, service offerings, cloud resources, endpoints, APIs … and projects, products, epics, tickets, stories, requirements, work orders, source code, packages, pipelines … and events, alerts, incidents, metrics, logs, traces, policies … everything. It may be centralized but at scale is more likely to be federated. Essentially, it is a massive digital twin of the IT organization.* Why is this possible now? AI and generative AI (genAI) are overcoming the discovery and quality issues that have bedeviled IT management data for years, and the graph database is a superior platform for data integration. IT leaders have wanted this kind of a view since the days of the mainframe. We now have the technical infrastructure to create it and keep it current. The fundamental question that will shape IT management in the coming years is: Who owns the graph? As organizations realize the power of interconnected IT knowledge, controlling and governing these knowledge graphs will be central to enterprise IT strategy. We are on the cusp of a struggle over the ownership, governance, and monetization of IT knowledge graphs. Graphs Are Reshaping IT Management Graph databases have long been used in adjacent domains such as fraud detection, social networks, and recommendation engines. Now, vendors are leveraging graphs to create more intelligent, dynamic representations of IT landscapes. The reasons for this shift are clear: AI requires structured knowledge. GenAI and large language models (LLMs) require structured and contextualized data. Graphs provide a foundational knowledge model that enhances AI-driven automation, reasoning, and prediction. If unstructured data and the LLMs and vector databases that make sense of it are like flesh, graphs are the skeleton, the bones that give it structure. You need both. Complexity requires relationships, not lists. IT service management (ITSM) tools originally were based on relational database technologies that struggled with the dependency-centric nature of IT management data. (Ever tried to write a recursive SQL query?) Graphs and their associated query languages are much more efficient approaches to modeling and using such information. IT domains are converging. ITSM, DevOps, FinOps, SecOps, and AIOps are all converging, requiring a unified model of IT management. A graph-based control plane can interconnect these domains into a coherent system. The Battle Over “Who Owns The Graph?” The strategic importance of IT knowledge graphs raises a critical governance question: Who controls the enterprise’s representation of IT knowledge? There are multiple interested stakeholders: Enterprise architecture (EA), strategic portfolio, and CMDB owners. Understanding dependencies has always been a core objective of CMDBs, from their earliest days: If I change X, what is affected? EA teams need similar data for strategic purposes: Product A is approaching obsolescence; what is dependent on it? The technology is finally supporting these dreams, and portfolio managers need to see how it all comes together in terms of the work, the artifacts, and the costs. ITSM vendors. ServiceNow and Atlassian are embedding graph capabilities into their platforms, positioning themselves as the central source of truth for IT knowledge. AIOps vendors. Dynatrace and its competitors build dependency graphs from the operational data they manage, including OpenTelemetry traces and other dependencies. Already, customers are integrating such dependency data bidirectionally with CMDBs. Cloud providers. AWS, Azure, and Google Cloud maintain extensive metadata about infrastructure, services, and security configurations. They have a vested interest in controlling enterprise IT graphs; certainly, they are the origin of much of the base data for the graph. Security and risk management teams. As security increasingly depends on understanding complex attack surfaces, security and risk teams will demand control over IT graphs and may choose to build their own. FinOps, value stream management, and other IT functional areas. These teams will need direct access to IT knowledge graphs to ensure that their models remain grounded and relevant and that they again may choose to build their own. This governance question will define enterprise IT operating models in the coming years. Organizations that fail to take a proactive stance on graph ownership risk ceding control to external vendors, winding up with the technical debt of redundant, sprawling graphs, and/or losing strategic visibility over their IT landscapes. AI + Graph: A New IT Operating Model The fusion of AI and graph databases is not just a technical shift; it is reshaping IT operating models. The next generation of IT management will center around real-time, interconnected knowledge graphs that allow AI-driven automation to replace traditional manual workflows. Key implications include: Automated IT decision-making. AI agents can detect issues and optimize performance. Proactive risk and incident management. Graph-based relationships enable AI to predict security issues or operational failures and recommend remediations before issues escalate. Enhanced developer productivity. Engineering teams will navigate IT landscapes more easily, improving DevOps velocity and reducing cognitive load. Dynamic IT governance. Policies can be linked directly into the IT graph information, leveraging a single source of truth and increasing assurance. The Road Ahead: Preparing For A Graph-Based IT Future The transition to AI + graph-driven IT management is inevitable, but organizations must take deliberate steps to prepare:

By Stephen Obermeier, Joel Nolette and Leah Deskins ( March 12, 2025, 11:33 AM EDT) — On June 28, 2024, in Loper Bright Enterprises v. Raimondo, the U.S. Supreme Court overruled the 40-year-old Chevron doctrine, which was based on the premise that ambiguities in statutes administered by federal agencies were “implicit delegations” of interpretive discretion…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source