Cyera’s reported $600 million raise at a $12 billion valuation is a massive milestone for the company, and the cybersecurity industry at large. It reinforces the value of Data Security Posture Management (DSPM) as an important and fast-growing category, one focused on helping organizations identify sensitive data, understand exposure, and reduce risk. But as the data security market matures, another equally important conversation is happening alongside it.
How do we protect data at the object level, in motion, wherever business requires it to go?
Of course, organizations need to know where sensitive data lives, how it is classified, who can access it, and where risk exists across cloud, SaaS, and enterprise environments. Visibility is foundational.
But visibility alone is not enough.
The reality is that sensitive data does not stay neatly inside an organization’s perimeter. It moves constantly, between agencies and contractors, banks and customers, providers and patients, law firms and clients, enterprises and AI platforms. Business depends on data moving, so security has to move with it.
Simply put, data can’t stay locked down its entire lifecycle. It needs to be productive.
This is no longer a future-state conversation. We are seeing it play out in real time in the defense ecosystem. The NSA’s Zero Trust Implementation Guideline is intended to help the Department of Defense, the Defense Industrial Base, National Security Systems, and affiliated organizations implement Zero Trust concepts. And within that guidance, NSA specifically recommends that participating components standardize on Data Rights Management schemas such as Intelligence Community–Trusted Data Format, or IC-TDF, and Zero Trust Data Format, or ZTDF, to support interoperability and ensure shared files can be decrypted by authorized parties.
That is a clear market signal security leaders should be watching.
The next era of data security is not just about discovering sensitive data. It is about governing it persistently as it moves. That means granular access control, policy enforcement, encryption, auditability, and revocation that remain bound to the data itself, even as it moves across systems, organizations, and AI workflows.
This becomes even more urgent as AI becomes embedded in everyday work. More data is being copied, uploaded, summarized, retrieved, and shared across AI tools and agents. If organizations cannot maintain control of that data once it leaves a repository or application, they are not truly protecting it.
Open, data-centric standards like Trusted Data Format are critical to solving this problem. TDF is designed to bind access policies directly to data objects, enabling protection and control to travel with files, emails, and other sensitive information wherever they go.
At Virtru, we believe this is the reality the market is moving toward: secure the data itself, not just the places where data happens to reside.
Cyera’s success is good news for the entire data security category. It reinforces the importance of knowing where sensitive data lives, how it is classified, and where risk exists. But as data moves across organizations, partners, customers, and AI platforms, security teams need more.
They need ways to maintain control after data leaves the systems they manage.
That is where object-level, data-centric protection becomes essential. For organizations that depend on secure collaboration, the goal is not to stop data from moving. It is to make sure security and governance move with it.