The landscape of data security is undergoing rapid transformation. While information security leaders continue to navigate how AI is impacting their businesses, this year’s iSMG Data Security Summit in Dallas focused on many of the basics, including challenges in protecting cloud platforms, data visibility, securing machine identities, and protecting sensitive data regardless of location.
Many of the panels had CISOs sharing practical advice on building and implementing resilient data security strategies, reducing attack surfaces, and getting buy-in from boards, business leaders, and employees on the importance of data security. The meteoric rise of generative AI and agentic AI has many organizations scrambling to provide employees and customers with the benefits of the technologies while ensuring that sensitive data is controlled and protected.
Ron Arden—EVP, CTO, and COO of Fasoo, Inc.—delivered a forward-looking presentation that explored how organizations must adapt to stay ahead. Rather than offering a routine update, he outlined a strategic vision for navigating today’s complex threat environment and preparing for what’s next.
The emergence of AI, cloud computing, and evolving threats requires a paradigm shift toward data-centric security and zero-trust models. In a world often characterized by incremental adjustments, Ron challenged attendees to fundamentally re-evaluate long-held assumptions about protecting sensitive information.
One of the most compelling aspects of the presentation was its ability to synthesize seemingly disparate trends into a cohesive and insightful narrative. Key themes included:
- Rapidly Changing IT Environments: Cloud adoption, distributed architectures, and the erosion of traditional security perimeters.
- Stringent Compliance Requirements: The growing need to meet complex and evolving data protection regulations.
- Advanced Cyber Threats: Increasingly sophisticated attacks, including insider threats and external breaches.
- Generative AI (GenAI): The challenges introduced by GenAI, such as hallucinations and the need for secure, private LLMs.
Since the global pandemic, most organizations realize that data is everywhere. Data is continuously moving between locations, and the traditional approaches of perimeter security don’t work anymore. This rapidly changing IT environment means a growing threat surface as users store and access sensitive data from an almost limitless number of locations. Adding the constant challenges of regulatory compliance and new problems posed by the increasing use of AI makes for a very complex data security landscape.
Ron brought a lot of this home with an example of how a global manufacturer protected intellectual property (IP) and personally identifiable information (PII) with a data-centric approach. Key goals were to:
- Prevent theft of sensitive data
- Restrict access to designs, process information, and recipes
- Comply with privacy regulations
- Protect sensitive customer data
The solution involved finding, classifying, and encrypting sensitive documents containing IP and PII. Limiting access to authorized users ensured that data couldn’t walk out the door. Continuous authentication before access to the data meets zero-trust principles and guarantees that access rights change dynamically to meet different business requirements. A complete audit trail of document access helps with compliance and forensics if there is a potential data breach.
This example highlighted how data-centric security is not just about adopting new tools—it’s about rethinking foundational strategies. It requires a willingness to unlearn outdated practices. While this shift can be uncomfortable, it also presents a powerful opportunity for innovation.
The presentation also emphasized the human element. While technology and strategy are critical, governance and proactive security practices are equally essential. The future of data security will be shaped by our ability to:
- Prioritize datasets: Focus on the most sensitive and valuable data.
- Balance risks: Make informed, context-aware decisions.
- Define Policies: Establish clear guidelines for data handling.
- Orchestrate controls: Implement consistent protections across systems.
- Assess risks: Continuously monitor and adapt to emerging threats.
When we could easily define our security boundary, using non-data-centric security models worked, but they are insufficient at dealing with evolving threats and blurred boundaries. InfoSec leaders need to embrace a paradigm shift toward data-centric security that addresses vulnerabilities in today’s blurred-boundary environments.
Ron talked about practical steps to achieve this shift by showcasing the Fasoo Data Security Platform and how it provides advanced data-centric security. As organizations mature in their data security strategy, these are key capabilities to embrace.
- Discovery and Classification to find and tag sensitive data
- Data Security Posture Management (DSPM) to gain visibility into where and who is accessing that data
- Data Encryption and Rights Management (EDRM) to protect, control, and limit access to authorized users
- Integrated Log Management to show an audit trail of actions on your sensitive data
A highlight of the security summit was a tabletop exercise where participants had to work through the problem of identifying, containing, and restoring service to a fictitious company that was attacked by hackers. Some of the basics of data security discussed earlier in the day came into play during the exercise, and it was interesting to see the difference in strategies of people from different industries and sizes of organizations.
Key takeaways from the event and Ron’s session are to embrace change and not forget the basics of data security. The emergence of AI is just another tool for businesses to increase productivity, but the challenge is that it can do things much faster than any technology we have seen in the past. Whether training LLMs or interacting with business data in our daily jobs, organizations need to:
- Embrace data-centric security
- Adopt zero-trust models
- Prioritize data governance
These principles will resonate with those who understand that staying ahead in this era of rapid transformation requires more than adaptation—it demands a reimagining of what’s possible.
