The future of data control, why detection fails, and the weekly news - Thyaga Vasudevan - ESW #443

13 snips

Jan 26, 2026

Thyaga Vasudevan, executive product leader at Sky High Security focused on data security and DSPM. He discusses data-centric zero trust for hybrid and AI-driven environments. Conversations cover DSPM discovery and classification, integrating DSPM with SASE, protecting data motion without heavy inspection, and why AI and regulations make real-time data visibility essential.

Ask episode

AI Snips

Chapters

Books

Transcript

Episode notes

ANECDOTE

Pen Test Training Always Finds Hidden Data

Adrian ran penetration tester training that always led to finding sensitive files on file shares and badge reader PCs.
He used those recurring findings to stress the universal reality: regulated data often lives where teams don't expect it.

ADVICE

Five‑Step Data Control Playbook

Build a data-first playbook: visibility, data-aware zero trust, hybrid design, protect data at rest and in motion, and formal governance.
Plan AI governance now before widespread adoption accelerates regulatory and compliance risk.

INSIGHT

Dwell Time Often Equals Accidental Discovery

Detection programs often measure the wrong thing; long dwell time reflects accidental discovery, not effective detection.
A detected incident months later is statistical stumbling, not security success.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Segment 1: Interview with Thyaga Vasudevan

Hybrid by Design: Zero Trust, AI, and the Future of Data Control

AI is reshaping how work gets done, accelerating decision-making and introducing new ways for data to be created, accessed, and shared. As a result, organizations must evolve Zero Trust beyond an access-only model into an inline data governance approach that continuously protects sensitive information wherever it moves. Securing access alone is no longer enough in an AI-driven world.

In this episode, we'll unpack why real-time visibility and control over data usage are now essential for safe AI adoption, accurate outcomes, and regulatory compliance. From preventing data leakage to governing how data is used by AI systems, security teams need controls that operate in the moment - across cloud, browser, SaaS, and on-prem environments - without slowing the business.

We'll also explore how growing data sovereignty and regulatory pressures are driving renewed interest in hybrid architectures. By combining cloud agility with local control, organizations can keep sensitive data protected, governed, and compliant, regardless of where it resides or how AI is applied.

This segment is sponsored by Skyhigh Security. Visit https://securityweekly.com/skyhighsecurity to learn more about them!

Segment 2: Why detection fails

Caleb Sima put together a nice roundup of the issues around detection engineering struggles that I thought worth discussing. Amélie Koran also shared some interesting thoughts and experiences.

Segment 3: Weekly Enterprise News

Finally, in the enterprise security news,

Fundings and acquisitions are going strong
can cyber insurance be profitable?
some new free tools shared by the community
RSAC gets a new CEO
Large-scale enterprise AI initiatives aren't going well
LLM impacts on exploit development
AI vulnerabilities
global risk reports
floppies are still used daily, but not for long?

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-443