Notifications
Clear all
Topic starter
07/06/2026 8:13 pm
TL;DR: Data security is shifting toward a data-centric model as AI, data growth, and compliance pressure outpace legacy network controls, according to Cyera’s report on data security platforms. The core issue is that discovery, classification, protection, and destruction now define the control plane, not the perimeter.
NHIMG editorial — based on content published by Cyera: Data Security Platforms: The New Frontier in Cybersecurity & AI Report
Questions worth separating out
Q: How should security teams govern data access when AI systems are involved?
A: Treat data access as an identity and lifecycle problem, not only a storage problem.
Q: Why do legacy network controls fall short for data security in AI environments?
A: They are designed to monitor traffic and segments, not data meaning or lifecycle.
Q: What breaks when organisations cannot classify sensitive data consistently?
A: Access control becomes guesswork.
Practitioner guidance
- Inventory data discovery coverage Check whether sensitive data can be found across cloud, SaaS, collaboration, and endpoint locations before expanding AI or automation use cases.
- Tie classification to access policy Use sensitivity labels or equivalent policy tags to drive enforcement for human users, service accounts, and AI workflows.
- Review retention and destruction rules Confirm that duplicate datasets, exported files, and AI-generated artefacts are covered by explicit destruction controls.
What's in the full report
Cyera's full report covers the operational detail this post intentionally leaves for the source:
- A fuller breakdown of the data security platform capabilities the report uses to frame discovery, classification, protection, and destruction.
- The report's perspective on how legacy security technologies are changing as data-centric controls become more important.
- A closer look at the market landscape for data security tooling and how Cyera positions holistic data governance.
- Additional context on how the report connects AI growth, compliance pressure, and data-centric security strategy.
👉 Read Cyera's report on data security platforms and AI →
Data security platforms and AI: what IAM teams need to know?
Explore further
07/06/2026 10:02 pm
Data-centric security is now the governing model because the perimeter has lost explanatory power. Network-based controls still matter, but they no longer answer the question that identity teams need answered first: what sensitive data exists, and which identities can reach it? When data moves freely across SaaS, cloud, and AI workflows, the control point shifts to discovery and classification. Practitioners should treat data visibility as a prerequisite for any meaningful access governance program.
A few things that frame the scale:
- The average organisation believes more than 1 in 5 of their non-human identities are insufficiently secured, according to The 2024 ESG Report: Managing Non-Human Identities.
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, showing the problem is already operational, not theoretical.
A question worth separating out:
Q: Should organisations treat data discovery as part of IAM governance?
A: Yes, because data discovery is what makes entitlement decisions actionable. IAM tells you who or what can access a resource, but discovery tells you whether that resource contains sensitive information that needs stronger control. When discovery is missing, access reviews cannot distinguish low-risk from high-risk access.
👉 Read our full editorial: Data security platforms and AI are redefining the cyber perimeter
