Future of Data Security EP 32 — Polymer's Yasir Ali on Team Composition over Talent When Scaling Interdependent Platforms
Polymer's runtime security approach operates at the file and message level, intercepting content in real-time within workflows like Slack and Zendesk to redact, block, or grant granular access based on specific entities found inside documents. This contrasts with traditional perimeter-based security where access is binary: you're either in the club or out. Yasir Ali, Founder & CEO of PolymerHQ DLP, explains how financial services has operated under workflow-level distrust for over a decade, with every file interaction requiring labeling and ethical wall policies between trading and investment banking divisions, and why the rest of the enterprise world is finally moving toward this model.
Yasir also touches on a critical gap in current security architectures: control planes across network, identity, and content layers don't communicate with each other. His team works to triangulate telemetric data from tools like Zscaler with Polymer's ground-level content controls, creating unified policy layers without forcing organizations into single-vendor platforms. He also addresses a tension in AI-powered security: probabilistic detection models work well for entity recognition, but policy enforcement must remain deterministic. You can't have AI deciding some days to block sensitive data and other days letting it through.
Topics discussed:
Implementing runtime security at file and message level to enable partial document sharing based on entity-level access policies
Solving the binary sharing problem in unstructured datasets where traditional security forces all-or-nothing file access
Adopting financial services workflow-level distrust model that requires labeling and ethical wall policies for all file interactions
Addressing enterprise AI adoption barriers through proper identity modeling for non-human agents and machine-to-machine interactions within IAM systems
Triangulating telemetric data across network, identity, and content control planes to create unified policy layers without vendor lock-in
Balancing probabilistic AI detection models for entity recognition with deterministic policy enforcement to maintain response certainty
Building enterprise software teams by prioritizing cultural fit and collaboration ability over hiring 10x engineers