Nahla Davies looks at the blind spot between information security controls and genuine data integrity governance.

There’s a strange kind of confidence that comes with getting ISO 27001 certified. The audit’s done, the certificate’s on the wall, and suddenly everyone in the building sleeps a little better at night. It feels like you’ve handled the security question once and for all.

But here’s what nobody talks about at the celebration dinner: most of the data risks that actually burn companies in 2026 have very little to do with whether you passed an audit. They’re messier than that.

They live in the mundane, everyday chaos of how teams create, move, copy and forget about data. And that’s exactly where ISO 27001, for all its value, starts running out of answers.

The certification covers the framework, not the mess

ISO 27001 is genuinely useful. Let’s get that out of the way. It gives organisations a structured approach to information security management, and it forces leadership to actually think about risk in a systematic way. For companies that had nothing before, it’s a massive step forward.

But the standard was designed to assess whether you have the right policies, controls and processes in place. It’s checking that the architecture exists. What it can’t do is follow your data around on a Tuesday afternoon when someone in marketing copies a client list into a personal Google Sheet to ‘just quickly check something’.

That’s where the gap lives. The certification tells auditors you’ve built the walls. It doesn’t tell anyone what’s happening inside the rooms. And in most organisations, what’s happening inside the rooms is borderline chaotic.

Think about how data actually moves through people in a modern company. It starts in one system, gets exported into a spreadsheet, emailed to a colleague, uploaded to a shared drive, duplicated across three departments, and eventually forgotten in a folder nobody’s opened since last quarter. None of that necessarily violates your ISO 27001 controls. All of it creates risk.

The standard asks whether you have an asset inventory and data classification policy. Most certified companies do. But the reality of enforcing classification at scale, across thousands of files and dozens of tools, is a completely different problem. It’s like having a fire evacuation plan pinned to the wall while half the exits are blocked with furniture. Technically compliant, but practically dangerous.

Data governance is the part everyone skips

There’s a reason data governance keeps coming up in security conversations, even though it sounds painfully boring. It’s because governance is the layer that sits between policy and reality. It’s the part that answers questions like: who actually owns this dataset? When was it last reviewed? Does anyone know it’s still being stored in three places?

ISO 27001 touches on some of this. Annex A has controls around information classification, access management and asset ownership. But the standard treats these as boxes to check during an audit cycle. In practice, data governance requires constant, active attention. It’s operational, not periodic.

Most companies that get certified build their documentation, assign their roles, and move on. Six months later, the data landscape has shifted entirely. New tools get adopted, teams reorganise, people leave and their access lingers. The certificate stays valid. The risks multiply.

And this is particularly true with unstructured data, which makes up the vast majority of what most organisations hold. Emails, documents, chat logs, shared files. ISO 27001 doesn’t have a great answer for the sheer volume and unpredictability of unstructured data. It assumes you can classify and control it. Anyone who’s tried knows that’s optimistic at best.

What’s really needed alongside certification is a living, breathing data governance practice. One that maps where sensitive data actually resides (not just where it’s supposed to), monitors how it moves, and flags when something drifts outside acceptable boundaries. That’s not an audit exercise. It’s an ongoing operational function.

Compliance creates a floor, not a ceiling

There’s a broader point here that applies beyond ISO 27001. Compliance frameworks, by their nature, set a minimum bar. They define what ‘acceptable’ looks like at a given point in time, even with edge cases like using AI for software testing. But threats evolve, technology changes, and the way people work shifts constantly. A standard that’s reviewed every few years simply can’t keep pace with how quickly the data landscape moves.

This is especially relevant as AI tools become embedded in everyday workflows. Employees are feeding company data into large language models, using AI assistants to summarise internal documents, and generating content based on proprietary information. ISO 27001 wasn’t written with that reality in mind. The 2022 update made strides, sure, but the speed of AI adoption has outpaced what any standard can reasonably address.

Companies that treat certification as the finish line tend to develop blind spots in exactly these areas. They’re compliant on paper but exposed in practice. The data risks they face aren’t coming from sophisticated external attacks (though those matter too). They’re coming from inside the house, from the everyday, unglamorous ways people interact with information.

The smartest organisations use ISO 27001 as a foundation and then build upward. They invest in data discovery tools that map shadow data. They implement real-time monitoring for sensitive information. They train employees not just on policy, but on the practical habits that keep data from wandering into places it shouldn’t be. Certification becomes the starting point of the security conversation, not the conclusion.

Final thoughts

ISO 27001 deserves its reputation as a serious, credible framework. Getting certified takes real effort, and it signals that an organisation takes information security seriously.

But there’s a growing disconnect between what the certificate proves and what modern data environments actually demand. The biggest risks today come from data sprawl, from duplication and drift and the quiet entropy of information that nobody’s actively managing.

Addressing that takes more than a framework. It takes a culture of continuous governance, practical tooling, and an honest look at the gap between how data should behave and how it actually does. The certificate opens the door. What you build behind it is what actually matters.

By Nahla Davies

Nahla Davies is a software developer and tech writer. Before devoting her work full time to technical writing, she managed – among other intriguing things – to serve as a lead programmer at an Inc 5,000 experiential branding organisation, where clients include Samsung, Time Warner, Netflix and Sony.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Presented by TeamViewer

Enterprise technology failures are largely invisible. Research from TeamViewer, based on a global survey of 4,200 managers and employees, finds that the majority of digital dysfunction never reaches the IT help desk.

Employees work around slow applications, failed logins, and intermittent glitches rather than reporting them, leaving organizations without an accurate picture of how their technology is performing. The cumulative cost is significant: employees lose an average of 1.3 workdays per month to digital friction, with impacts ranging from delayed projects and lost revenue to increased employee turnover.

The research, which surveyed managers and employees across nine countries, confirms what many have long suspected: the productivity loss from digital friction is significant, and most of it never surfaces in an IT support queue, says Andrew Hewitt, VP of strategic technology at TeamViewer.

“Enterprise outages are visible because they trigger clear, system-level failures,” Hewitt says. “But much of the real disruption happens earlier, in the form of digital friction: slow apps, login issues, or intermittent glitches that don’t cross alert thresholds. These smaller issues often go unreported or are normalized by employees, even though they quietly drain productivity.”

What is digital friction and why does it go unreported?

The most common sources of friction — connectivity failures, software crashes, hardware problems, and authentication issues — aren’t edge-case scenarios, but everyday experiences employees have learned to absorb without escalating. Connectivity problems were the most widespread, with nearly half identifying them as the top productivity killer among common technology issues.

That tendency to absorb rather than report is central to the problem. Many workers don’t trust their IT team to resolve issues quickly or effectively, so when a login fails or an application stalls mid-task, the path of least resistance is to restart the device, switch tools, or use a personal phone.

“Employees are under more pressure than ever to prove output,” Hewitt says. “When reporting feels unlikely to result in a quick resolution, it creates a false sense of stability at the system level while the employee experience quietly deteriorates.”

How much productivity does digital friction cost organizations?

The business consequences extend beyond inconvenience. Many organizations report delays in critical operations, revenue loss, and lost customers as a result of IT dysfunction. Most respondents lose time each month, and few expect improvement, citing increasing complexity of workplace technology as a primary concern.

The human cost runs parallel. Workers link digital friction to frustration, decreased motivation, and burnout, and many believe it contributes to turnover, with onboarding replacements stretching to eight weeks or more.

“Employees are happiest when they feel productive and accomplished at the end of the day,” Hewitt says. “When people can’t make progress in their day-to-day work, frustration builds and burnout follows. Great technology might not be a main attractor of talent, but bad technology can certainly play a role in driving it away.”

Why employees use personal devices and unauthorized tools instead of reporting IT problems

When workplace technology consistently fails to meet employee needs, workers find alternatives, with a substantial share of respondents admitting to using personal devices or unauthorized applications as workarounds. That’s the entry point for shadow IT, or the use of unapproved hardware, software, or cloud services outside IT’s visibility and control. While employees turn to these tools simply to stay productive, they introduce security vulnerabilities, data leakage risks, and compliance gaps that IT teams may not discover until a breach occurs.

“Quite simply, it demonstrates that the IT environment is not meeting the employees’ needs,” Hewitt said. “While this helps maintain short-term productivity, it introduces significant risks and pushes work outside of IT’s visibility and control.”

TeamViewer ONE addresses this by combining remote connectivity with real-time endpoint monitoring, giving IT teams the ability to detect and resolve device and application issues before employees reach for an alternative. When the underlying environment is stable and support is fast, the impulse to work around it diminishes.

How fragmented IT infrastructure creates blind spots across devices, apps, and networks

Addressing digital friction at scale requires more than faster help desk response times. Traditional metrics such as mean time to resolution and ticket volume capture only a fraction of actual issues. A more complete picture requires measuring lost time, interrupted workflows, and employee sentiment across devices, applications, and network environments.

“Leaders need to move beyond measuring performance through IT tickets alone,” Hewitt said. “Performance should be viewed through the lens of employee experience and real-time digital workplace data.”

Fragmented infrastructure makes this difficult. When devices, applications, and networks operate in separate silos, IT teams struggle to trace root causes or identify systemic issues before they spread, often responding to symptoms rather than underlying problems.

TeamViewer ONE is designed to close that gap, integrating digital employee experience analytics, remote support, and device management into a single platform. Instead of piecing together signals from disconnected tools, IT teams get a consolidated view of endpoint health, application performance, and network conditions across the entire organization.

How organizations can shift from reactive IT support to proactive system monitoring

Achieving proactive IT is not a single-step transformation. Hewitt describes it as a progression: starting with endpoint management and security, building toward real-time visibility into the digital employee experience, and ultimately using automation and AI to resolve issues before they reach employees.

TeamViewer AI is built to support each stage of that progression, using continuous monitoring to surface anomalies and correlate signals across the digital environment, identifying patterns of poor experience before they escalate. When issues are detected, it suggests remediations, generates scripts to fix problems autonomously, and handles routine tasks such as common troubleshooting without requiring IT intervention, shifting the workload from reactive firefighting toward proactive oversight.

And while AI’s effectiveness depends on the completeness of the data it works with, consolidating onto a platform like TeamViewer ONE removes that limitation by giving AI a complete, real-time data foundation to work from.

How system performance lays the foundation for productivity, retention, and competitive advantage

TeamViewer ONE isn’t a wholesale replacement of existing IT infrastructure, but a unifying layer that connects insight with action, which enables organizations to ramp up productivity, improve retention, and ultimately realize a significant competitive advantage. It begins with visibility into what is actually causing friction across their environment. From there, leaders can use that data to prioritize fixes, and then scale remediation through automation as confidence and capability grow.

“Reducing digital friction isn’t about overhauling everything at once,” Hewitt said. “Leaders should start small, gain visibility into what’s actually causing friction, fix the biggest pain points, then scale those improvements through automation and AI. Even incremental progress can make an impact on employee engagement and productivity.”

Dig deeper: Fix it before they feel it from TeamViewer.

Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. For more information, contact sales@venturebeat.com.

from the silent-treatment dept

Over a decade ago, Microsoft was getting set to release its new Xbox One console. In the lead-up to launch day, a bunch of rumors began swirling about some of the online requirements the console would come with. Details weren’t to be found, so the public was left to speculate what these requirements would entail. Would the console always need to be online when launching games? Would it need to check in online on a certain cadence for games to work, such as every day? Every 30 days?

Microsoft did very little to calm the waters in all this speculation. Very little came out from the Xbox team prior to launch, and what did come out was often confusing. What became very obvious, however, was that the lack of clear and direct messaging from Microsoft made a bad situation much worse. The backlash to the requirement rumors was severe and Xbox largely ended up scrapping them.

Fast forward to the present and the internet has exploded the past few days with claims that an update pushed to PlayStation consoles has introduced a 30 day online check in requirement for newly purchased games.

Some PlayStation users have noticed a new online DRM policy for digital games purchased on the PlayStation Store: newly purchased digital games now display a “Valid Period” tag showing a start date, an end date, and a countdown timer. If the console does not connect to the internet within 30 days, the game’s license reportedly expires, and the title becomes unplayable until an online connection is restored.

The story broke over the weekend through Lance McDonald, the well-known modder who managed to patch Bloodborne to run at 60 frames per second. He posted on X: “Hugely terrible DRM has now been rolled out to all PS4 and PS5 digital games. Every digital game you buy now requires an online check-in every 30 days. If you buy a digital game and don’t connect your console to the internet for 30 days, your license will be removed.

Advertisement

We thought about reporting this story as soon as McDonald surfaced it. However, several users also swore they saw nothing of the sort in their libraries, so we waited. Thus far, Sony has not made any official public statement, but a few hours ago, a PlayStation Support assistant confirmed to a user that the 30-day timer is not a bug at all.

That support assistant being referenced is a bot, however, not a human being behind a keyboard. You can see the response it gave in the screenshot below.

That is, at the time of this writing, the most that Sony has said about whatever the hell is going on here. As a result, all kinds of people, big and small within the gaming community, are losing their shit over this new “online DRM requirement” for existing consoles that previously didn’t have it. Oh, and it’s a requirement that Sony mocked Microsoft for trying to require way back in 2013 before the backlash.

The silence is, as they say, deafening. Is this fully intentional? Not all the reporting suggests that at all. Other reports indicate that this is just a bug in the update and this was not intended to be rolled out at all.

Shortly after the issue surfaced, video game preservation site Does it play? weighed in on the matter. It reported hearing from an anonymous insider that the timer was actually just a bug. “From what we gathered, Sony accidentally broke something while fixing an exploit. They’ve known about the confusing UI for a while, but didn’t see it as urgent,” their X post read.

However, many noted that an accidental deployment still implies Sony was testing the concept, since the interface had already been built. Throughout the confusion, Sony has yet to provide an official comment regarding the issue.

Advertisement

That last sentence is the most important one. Hey, Sony: what the actual hell is going on here?

The fact that all of this rumor, speculation, and angst has gone on for at least a couple of days now without a single word being uttered directly from Sony is remarkably stupid. The waters need to be calmed and that’s only going to happen by the company speaking up. Was it a bug? Cool, say so and let’s move on. Is the online requirement DRM now a thing? Much less cool, but at least we’ll know where the company stands (though, then we can start talking about Sony changing its policies on consoles after they are sold).

What can’t happen is this vacuum of information because Sony wants to give the public the silent treatment. That’s just bad business.

Filed Under: 30 day timer, drm, playstation, playstation online assistant

Companies: sony

• Incidents rose 18% and theft value rose 36% in 2025
• FBI warns of “cyber-enabled strategic cargo thefts”
• Basic security hygiene already goes some way to preventing attacks

The FBI has warned cybercriminals are increasingly targeting cargo shipments with hacking and impersonation tactics – and making a hefty profit doing so.

With incidents rising 18% in 2025 and the average value per theft up around 36% (to $273,990) due to criminals targeting high-value goods, losses in the US and Canada alone hit around $725 million over the year, a significant 60% year-over-year increase.

from the weak-men-afraid-of-words dept

Brendan Carr’s FCC claims to be moving forward their their plan to “review ABC’s broadcast licenses” because Jimmy Kimmel made a joke about the president’s wife. And it’s every bit as dumb and legally baseless as you might expect.

Carr has sent a letter to ABC/Disney saying he’s accelerating the review of their existing broadcast licenses. It’s very clearly because the Trump administration wants to annoy, harass, and pressure ABC into firing Kimmel. But since that’s a direct assault on the First Amendment, they’re trying to do an end around and pretend that the review is because ABC is “violating DEI requirements.”

Carr’s underlying legal argument is genuinely and profoundly stupid. He’s claiming that ABC’s ordinary, modest, and inconsistent corporate diversity practices are racist against white men, and therefore violate the already fairly thin anti-discrimination components of the Communications Act.

It’s absolute fucking gibberish. But you’ll notice that most outlets, including this piece from CNBC, try to make the effort sound like sensible policy being conducted by reasonable adults:

“The letter orders the company to file for early renewal for ABC-owned television stations and notes the action is related to an investigation into Disney’s DEI efforts, which began last year.

Disney confirmed on Tuesday that it received the FCC’s order initiating an accelerated review of its licenses. The FCC said in the letter that Disney now has 30 days — or until May 28 — to file for the renewals.”

As we noted previously, ABC only actually owns about eight licenses to begin with. Most ABC broadcast licenses (230 or so) are actually owned by right-wing friendly local broadcasters already loyal to the president. We’ve noted how these stations routinely air right wing agitprop, and have been rewarded by Trump and Carr with a series of merger approvals that violate existing media consolidation limits.

The actual process of yanking a broadcast license is also a complicated, difficult, and extremely time consuming affair. Were Carr to actually do this (beyond sending Disney a stern letter to put on a show for the press), you’re talking about potentially years of legal wrangling. A fight Carr would very likely lose, because, again, his entire underpinning argument is baseless and stupid.

Carr doesn’t actually want a legal showdown with deep-pocketed Disney over this turd of a case. They’re just hoping to make life so costly and annoying for ABC/Disney that the company not only fires Kimmel, but thinks twice about supporting any journalist, satirist, or comedian who dares challenge the administration. It’s also a message to other networks that host voices critical of the unpopular president.

This is, if the pathetic U.S. press coverage of this FCC inquiry is any indication, already having an effect. A good chunk of the news reports on this inquiry (see: this Semafor piece) can’t be bothered to be honest about the pathetic, baseless nature of this censorship effort. Many outlets seem dedicated to helping Trump and Carr pretend this is any sort of above-board review. They’re enablers.

Anna Gomez, the FCC’s lone Democratic official (because Republicans refuse to fill the other seat), correctly notes that this whole dumb First Amendment violating gambit will fail:

“This is the most egregious action this FCC has taken in violation of the First
Amendment to date. As part of its ongoing campaign of censorship and control, the
White House called publicly for the silencing of a vocal critic, and this FCC has now
answered that call. This is an unprecedented and politically motivated attempt to
interfere with how broadcasters operate, and this unlawful overreach will fail.”

You know it’s bad when even Ted Cruz is blasting your baseless censorship campaign as stupid:

“It is not government’s job to censor speech, and I do not believe the FCC should operate as the speech police.”

You might recall that the last time Disney capitulated to these dim fascists (temporarily suspending Kimmel because he made some jokes about the deceased right wing social media propagandist Charlie Kirk), it resulted in the company losing millions of streaming video customers and amusement park attendees. Hopefully Disney execs learned their lesson from that experience.

The problem for Trump is that as his health, influence, popularity, and political power wane, he and Carr’s threats will carry less and less weight, even among feckless corporations. They’re just weak men afraid of words, ideas, and comedy, desperately trying to pretend that they have power to permanently stifle jokes. It’s foundationally pathetic and embarrassing, something press coverage should make very clear.

Filed Under: 1st amendment, brendan carr, broadcast, broadcast licenses, censorship, comedy, dei, fcc, free speech, jimmy kimmel, licenses

Companies: abc, disney

Norwegian-American robotics firm 1X Technologies has offered a glimpse into what scaled humanoid robot production looks like, and it’s surprisingly circular. In a newly released demo, its Neo robot is shown assisting humans on the factory floor, helping build more Neo units as the company moves toward full-scale manufacturing.

Robots helping build more robots

At the center of the demo is 1X’s Neo humanoid robot, a bipedal machine designed primarily for domestic environments that is now stepping into early manufacturing workflows. The footage shows Neo performing repetitive, assistive tasks alongside human workers, effectively becoming part of the assembly process.

The setup shows how 1X is approaching production at its Neo Factory, where robots are involved in close collaboration with humans. The company has also emphasized a vertically integrated model that involves designing and manufacturing core components in-house, including motors, batteries, sensors, and structural parts.

This end-to-end control allows 1X to iterate quickly on both hardware and manufacturing processes, while scaling output as demand grows. The factory has already begun full-scale production, with plans to deliver thousands of units following strong early interest and pre-orders.

Scaling a still-evolving product

Despite the polished demo, Neo remains a work in progress. The robot is designed to operate autonomously, but it’s not quite there yet. So 1X is relying on guided assistance from human operators to supervise and help the robot complete unfamiliar tasks, which also enables it to learn over time.

This learning loop is central to how Neo improves, combining real-world deployment with continuous training. Early versions are expected to expand their capabilities gradually as they gain more experience in both factory and home environments.

With production now underway, 1X is effectively turning Neo into both the product and part of the process. If this model is successful, future iterations may not just assist humans in daily life but also play a direct role in building the next generation of 1X robots.

Apple’s iPhone sales and Services revenue were the stars of the show in the tech giant’s most recent quarter, but the Mac quietly outperformed — helped by growing demand for AI workloads.

Wall Street investors had expected to see Mac revenue in the low $8 billion range, but Apple reported $8.4 billion in the second quarter ended March 28 — a notable beat for a non-core segment of the tech giant’s business. In addition, investors ahead of earnings believed that Mac sales would be essentially flat year-over-year. Instead, Mac sales were up 6% on an annual basis, the company told investors. The company’s total revenue was $111.2 billion, a 17% increase from the same period last year.

Apple chalked up some of the Mac growth to recent product launches, including the well-received MacBook Neo. However, those fun, colorful computers were only on sale for a few weeks after the March 4 preorders began. Realistically, most units shipped mid- to late March, and some demand may have been pushed into April as certain models sold out.

Apple CEO Tim Cook told analysts on the company’s Q2 earnings call on Thursday that customer demand for the Neo was “off the charts” and higher than Apple had expected. He also noted that Apple set a record in the quarter for customers new to the Mac, partly due to the Neo.

Cook attributed the Mac sales growth to the use of the platform for running local AI models, like OpenClaw — something that took Apple somewhat by surprise as Mac mini and Mac Studio devices sold out in recent weeks.

“Both of these are amazing platforms for AI and agentic tools, and the customer recognition of that is happening faster than what we had predicted, and so we saw higher than expected demand,” Cook said of these Mac sales. He also noted that the Mac mini was the top-selling desktop in China — a market that’s been in an OpenClaw frenzy as of late.

Still, Mac revenue was flat on a quarter-over-quarter basis, suggesting this new demand has yet to scale. Cook said it may take Apple “several months” to reach supply-demand balance on the Mac mini and Studio models.

“We’re not at the point where we’re saying this [constraint] is going to end anytime soon. And it’s not because of a problem, per se, other than we just under-called the demand,” Cook explained.

Enterprise demand for the Mac was also at play. Apple pointed to a couple of larger companies, including Perplexity, that had turned to Mac as their preferred platform for building enterprise-grade AI assistants.

He also said Apple was “supply constrained on the MacBook Neo,” and has even seen school systems, like Kansas City Public Schools, dropping Chromebooks for the Neo.