The recent Veeam acquisition of Securiti.AI isn’t just another consolidation play—it's a clarion call signaling the end of data security as we know it. For decades, we've built walls around data, treating it like a prisoner that needs maximum security confinement. But here's the provocative truth that most security vendors won't tell you: the companies that win the next decade won't be the ones that lock data down the tightest. They'll be the ones that set data free most intelligently and learn to share like never before.
For too long, risk-obsessed CISOs have been myopically focused on a singular mission: protect data from external threats, prevent it from being lost or stolen, build higher walls, deeper moats. This defensive crouch made sense in an era when data was static, when perimeters were definable, when the biggest threat was someone breaking in to steal the crown jewels.
The data landscape has fundamentally transformed. The rise of the modern data stack, the AI boom, and the dissolution of traditional perimeters have rendered the old playbook obsolete.
Today's reality? Data security is no longer about just protecting information from external cyber threats and unforeseen disasters. It's about identifying all your data, ensuring it's governed and trusted to power your AI-enabled enterprise transparently. It's about helping customers understand, secure, recover, rollback, and unleash their entire data estate to drive new business value. Most importantly it’s about having the confidence and control to share data with others (humans and machines) that does not sacrifice security, privacy, or compliance.
After many talks with my former boss Wayne Jackson, Chairman at Sonatype, here's honestly what keeps me up at night—and also makes me very excited about Virtru’s future: our industry is witnessing a great inversion in security architecture. Tomorrow isn't about the same old system architecture designed to "lock data down" and minimize risk. It's about an entirely new (and far more granular) security architecture that is capable of "setting data free" via discovery, classification, lineage, policy, and granular access controls.
As noted in the Veeam-Securiti deal announcement, industry studies estimate that 80-90% of AI projects fail, many due to data issues including accuracy, lineage, permissions, identity, and privacy concerns. The problem isn't that data isn't secure enough—it's that it's so locked down, so siloed, so ungoverned that it can't be readily shared with other systems, or other people, to create value.
Tomorrow's winners will be capable of one thing: sharing sensitive data with humans and machines both in a manner that does not sacrifice security, privacy, or control.
This is where Trusted Data Format (TDF) and innovation brought forth by Virtru fundamentally diverges from the pack. While so many others, for so many years, have been building better data locks -- we're building a platform and a portfolio of opinionated apps that is enabling sensitive data to be shared while maintaining cryptographic control throughout its entire lifecycle, regardless of where it travels or who accesses it.
In his analysis of the Veeam acquisition of Securiti, Frank Wang nailed it: "Generic data security isn't enough". The winners in this space will not only have platforms – but they will also offer a portfolio of vertically-integrated, industry-specific applications with opinionated workflows.
This is why Virtru's strategy of building a portfolio of specialized applications and Policy Enforcement Points (PEPs) on top of our core platform isn't just smart—it's essential. We're not trying to be everything to everyone. We're building purposeful, opinionated solutions that solve specific data sharing challenges in specific use cases – and by doing so we’re demonstrating to the entire world the power of our underlying Data Security Platform (DSP).
In addition to delivering world class software products, we’re also investing to scale our capacity for delivering professional services to support bespoke requirements that commonly exist with public sector and national defense customers. Virtru’s Mission Engineering and Services team—with support from Virtru Labs— offer resources to help customers and partners accelerate time to value and deepen product adoption.
Perhaps the most underappreciated shift happening right now is this. The future of data security is not just for CISOs. It's for engineers, data scientists, and product owners. As Wang observed, that means the data security platforms and tools must be programmable, API-first, and developer-native. TLDR: a command-line interface and the ability to innovate faster is far more valuable than another compliance dashboard.
This is exactly why Virtru has invested so heavily in our developer-first platform approach. While other vendors are still shipping point-and-click dashboards for compliance teams, we're building SDKs, APIs, and command-line tools that developers actually want to use. We're making data security a first-class citizen in the development process, not an afterthought bolted on by the security or compliance teams.
Going forward, data security vendors will struggle if all they offer is verticalized apps and products. Further, they are likely to struggle if all they offer is a platform. You need both – platforms and apps – orchestrated in harmony.
Our strategy is deliberately three-pronged:
As an Application Company: We're building a finite, carefully curated portfolio of products and PEPs that enable out-of-the-box sharing of sensitive data across domains. These aren't generic tools—they're purpose-built solutions that embed our deep understanding of specific workflows and requirements.
As a Platform Company: We're exposing programmable APIs and SDKs that enable third-party innovation on top of the Virtru platform. We're not trying to build everything ourselves. We're creating the foundational layer that others can build upon.
As a Company Committed to Open Standards: We're developing and promoting open specifications like the Trusted Data Format (TDF) through OpenTDF and aligning with emerging standards like ACP 240 to enable data interoperability across organizational boundaries. This creates a shared foundation where protected data flows seamlessly between systems, vendors, and domains while maintaining cryptographic policy enforcement. For data-centric security to succeed at scale, it must be built on open, auditable, widely-adopted standards that any organization can implement and trust.
Our three-pronged approach positions us a uniquely valuable and complementary player within the broader data security ecosystem. We integrate upstream with adjacent DSPM players like Cyera, Securiti, Rubrik, and others who are discovering and classifying sensitive data. We connect downstream with identity players like Ping, Okta, Radiant Logic, and SailPoint who are authenticating identities and managing entitlements. And in the middle, we're the intelligence layer that defines and enforces granular policy and access controls – so organizations can unleash the power of their data by sharing it with others without sacrificing governance.
The work is hard. Data security means context, nuance, and ugly edge cases, but that's what makes it valuable. At Virtru, we're not running from this complexity—we're embracing it head on – and making the complex simple.
The Veeam-Securiti acquisition is just the opening salvo. We're about to see a wave of similar deal making as legacy data security players scramble to remain relevant in the AI era. But consolidation isn't innovation. Buying your way to relevance isn't the same as building for the future.
At Virtru, we've been building for this moment. While others spent years perfecting the art of locking data down, we've been pioneering the science of setting it free—securely, intelligently, with granular and cryptographic controls that travel with the data itself.
The future belongs to those who can liberate data without losing control of it. That's not just our strategy—it's our mission, our competitive advantage, and frankly, the only path forward in an AI-powered world where data isn't just an asset to protect, but the primary driver of business value.
To our team at Virtru: The market is finally catching up to what we've been building. The consolidation of the data control plane, the shift from risk to value, the developer-first revolution—these aren't challenges to overcome. They're validations of the path we've chosen.
Let’s go!