From the Frontlines: What Fortune 100 CISOs Are Saying About the Future of Cybersecurity

By Thyaga Vasudevan - Executive Vice President, Product

April 3, 2025 4 Minute Read

Over the past few weeks, I’ve had the opportunity to meet with CISOs and CIOs from Fortune 100 companies and highly regulated industries across the globe — Healthcare, Financial Services, and Public Sector. These organizations sit at the heart of our global economy and public infrastructure so, if you want to understand where cybersecurity is headed, listening to these leaders is a great place to start.

There were three recurring themes in every conversation:

• Hybrid is here to stay
• DSPM (Data Security Posture Management) is gaining urgency
• AI is both the challenge and the opportunity

Let me break each one down—and share what I believe it signals about where the puck is headed.

1. The Reality of Hybrid is Non-Negotiable

Despite predictions of cloud-only environments, the real world is hybrid—and it will be for the foreseeable future. Every customer I spoke with has a complex footprint: some workloads in the cloud, some in private data centers, some still running on legacy infrastructure. They’re modernizing—but with discipline.

Why it matters:
Security teams aren’t just managing cloud risks anymore; they’re navigating a complex maze of data movement across environments. That complexity creates blind spots, inconsistencies in policy enforcement, and challenges in achieving unified visibility.

Where the puck is headed:
The winning approach won’t be “cloud-only” or “on-prem forever.” It will be intelligent security that is location-agnostic. Solutions that can seamlessly extend controls, context, and visibility across hybrid infrastructures—without adding operational overhead—are quickly becoming non-negotiable.

2. DSPM: Data Security Posture is the New Perimeter

We’re witnessing a shift in security focus—from protecting infrastructure to protecting data. And it’s not just about encryption or DLP anymore. CISOs are asking:

• Where is my sensitive data right now?
• Who has access to it?
• How is it being used, shared, or moved?
• What are the risks tied to misconfigurations, shadow data, or third-party SaaS apps?

Enter Data Security Posture Management (DSPM).

Why it matters:
As data sprawls across SaaS, IaaS, and PaaS, the traditional “set-it-and-forget-it” controls don’t cut it. DSPM gives security teams the visibility, context, and automation they need to understand and manage data risk proactively.

Where the puck is headed:
DSPM isn’t just another tool—it’s becoming a foundational layer in the security stack. One that integrates with cloud security, identity, and analytics to give organizations a real-time view of their data risk surface.

3. AI Security: The Speed of Risk is Changing

AI isn’t coming—it’s already embedded into the enterprise. Every team, from marketing to engineering, is experimenting with generative AI tools. And with that comes a new category of risk: agentic applications that can mimic human behavior, make decisions, and move data.

What CISOs told me:
They’re less concerned about model accuracy and more worried about data exposure, malicious prompts, and lack of guardrails. And they’re asking urgently:

• How do we prevent sensitive data from leaking into public AI models?
• How do we control and monitor AI-powered workflows that access business systems?

Why it matters:
AI is not just a new workload—it’s a new actor. One that moves fast, doesn’t sleep, and can be misused at scale.

Where the puck is headed:
Security for AI will evolve from point-in-time policies to continuous trust evaluation. This includes real-time visibility into what AI tools are accessing, behavioral analysis, and strict enforcement of who—and what—gets to see sensitive data.

From Zero Trust Network Access to Zero Trust Data Access

The concept of Zero Trust is well understood. But many organizations are beginning to evolve from Zero Trust Network Access (ZTNA) to Zero Trust Data Access (ZTDA).

What’s the difference?
ZTNA ensures the right person can access the right application.
ZTDA asks a deeper question: What should they be allowed to do with the data once inside?

This shift reflects a more mature view of risk—one that assumes that breaches are inevitable, and that controls must follow the data, not just the user.

Why it matters:
Data is the crown jewel. Every conversation I had reflected this growing reality: It’s not enough to secure the perimeter. We must secure the payload.

Final Takeaway

CISOs today are navigating a world that is hybrid, AI-driven, and data-centric. The conversations I had reinforced one truth: security must evolve from being infrastructure-aware to being data-intelligent.

If we want to stay ahead of threats, we need to stop focusing just on where users are coming from—and start focusing on where the data is going.

Let’s keep the conversation going.

Back to Blogs