By Thyaga Vasudevan – Government Vice President, Product
April 3, 2025 4 Minute Learn
Over the previous few weeks, I’ve had the chance to fulfill with CISOs and CIOs from Fortune 100 corporations and extremely regulated industries throughout the globe — Healthcare, Monetary Providers, and Public Sector. These organizations sit on the coronary heart of our international financial system and public infrastructure so, if you wish to perceive the place cybersecurity is headed, listening to those leaders is a superb place to start out.
There have been three recurring themes in each dialog:
- Hybrid is right here to remain
- DSPM (Information Safety Posture Administration) is gaining urgency
- AI is each the problem and the chance
Let me break each down—and share what I consider it indicators about the place the puck is headed.
1. The Actuality of Hybrid is Non-Negotiable
Regardless of predictions of cloud-only environments, the actual world is hybrid—and it is going to be for the foreseeable future. Each buyer I spoke with has a fancy footprint: some workloads within the cloud, some in personal knowledge facilities, some nonetheless working on legacy infrastructure. They’re modernizing—however with self-discipline.
Why it issues:
Safety groups aren’t simply managing cloud dangers anymore; they’re navigating a fancy maze of information motion throughout environments. That complexity creates blind spots, inconsistencies in coverage enforcement, and challenges in reaching unified visibility.
The place the puck is headed:
The successful strategy received’t be “cloud-only” or “on-prem without end.” Will probably be clever safety that’s location-agnostic. Options that may seamlessly lengthen controls, context, and visibility throughout hybrid infrastructures—with out including operational overhead—are rapidly changing into non-negotiable.
2. DSPM: Information Safety Posture is the New Perimeter
We’re witnessing a shift in safety focus—from defending infrastructure to defending knowledge. And it’s not nearly encryption or DLP anymore. CISOs are asking:
- The place is my delicate knowledge proper now?
- Who has entry to it?
- How is it getting used, shared, or moved?
- What are the dangers tied to misconfigurations, shadow knowledge, or third-party SaaS apps?
Enter Information Safety Posture Administration (DSPM).
Why it issues:
As knowledge sprawls throughout SaaS, IaaS, and PaaS, the normal “set-it-and-forget-it” controls don’t reduce it. DSPM offers safety groups the visibility, context, and automation they should perceive and handle knowledge threat proactively.
The place the puck is headed:
DSPM isn’t simply one other device—it’s changing into a foundational layer within the safety stack. One which integrates with cloud safety, identification, and analytics to present organizations a real-time view of their knowledge threat floor.
3. AI Safety: The Pace of Danger is Altering
AI isn’t coming—it’s already embedded into the enterprise. Each staff, from advertising to engineering, is experimenting with generative AI instruments. And with that comes a brand new class of threat: agentic functions that may mimic human conduct, make choices, and transfer knowledge.
What CISOs informed me:
They’re much less involved about mannequin accuracy and extra anxious about knowledge publicity, malicious prompts, and lack of guardrails. They usually’re asking urgently:
- How will we stop delicate knowledge from leaking into public AI fashions?
- How will we management and monitor AI-powered workflows that entry enterprise techniques?
Why it issues:
AI isn’t just a brand new workload—it’s a brand new actor. One which strikes quick, doesn’t sleep, and will be misused at scale.
The place the puck is headed:
Safety for AI will evolve from point-in-time insurance policies to steady belief analysis. This contains real-time visibility into what AI instruments are accessing, behavioral evaluation, and strict enforcement of who—and what—will get to see delicate knowledge.
From Zero Belief Community Entry to Zero Belief Information Entry
The idea of Zero Belief is properly understood. However many organizations are starting to evolve from Zero Belief Community Entry (ZTNA) to Zero Belief Information Entry (ZTDA).
What’s the distinction?
ZTNA ensures the precise particular person can entry the precise software.
ZTDA asks a deeper query: What ought to they be allowed to do with the information as soon as inside?
This shift displays a extra mature view of threat—one which assumes that breaches are inevitable, and that controls should comply with the information, not simply the consumer.
Why it issues:
Information is the crown jewel. Each dialog I had mirrored this rising actuality: It’s not sufficient to safe the perimeter. We should safe the payload.
Remaining Takeaway
CISOs at this time are navigating a world that’s hybrid, AI-driven, and data-centric. The conversations I had bolstered one reality: safety should evolve from being infrastructure-aware to being data-intelligent.
If we wish to keep forward of threats, we have to cease focusing simply on the place customers are coming from—and begin specializing in the place the information goes.
Let’s hold the dialog going.
In regards to the Creator
Thyaga Vasudevan
Government Vice President, Product
Thyaga Vasudevan is a high-energy software program skilled at the moment serving because the Government Vice President, Product at Skyhigh Safety, the place he leads Product Administration, Design, Product Advertising and GTM Methods. With a wealth of expertise, he has efficiently contributed to constructing merchandise in each SAAS-based Enterprise Software program (Oracle, Hightail – previously YouSendIt, WebEx, Vitalect) and Shopper Web (Yahoo! Messenger – Voice and Video). He’s devoted to the method of figuring out underlying end-user issues and use circumstances and takes pleasure in main the specification and growth of high-tech services to deal with these challenges, together with serving to organizations navigate the fragile stability between dangers and alternatives. Thyaga loves to coach and mentor and has had the privilege to talk at esteemed occasions resembling RSA, Trellix Xpand, MPOWER, AWS Re:invent, Microsoft Ignite, BoxWorks, and Blackhat. He thrives on the intersection of know-how and problem-solving, aiming to drive innovation that not solely addresses present challenges but in addition anticipates future wants.
