In the world of cybersecurity, there's a revolution happening right before our eyes. The center of gravity is shifting—moving away from traditional network perimeters and decisively toward what truly matters: the data itself.
The evidence is undeniable. In just the past month alone, we've witnessed a remarkable cascade of market validation:
When CrowdStrike and Palo Alto both acquire early stage DSPM players – it’s easy to see how the most sophisticated security platforms are racing to consolidate control planes closer to the data itself. And, when cloud data platforms like Databricks and Snowflake—who quite literally have their fingers on the pulse of enterprise data flows—are investing in specialized data security, the market is clearly speaking.
But what exactly is driving the rising tide of data centric security?
Data: The New Security Perimeter
Traditional security has failed us. For decades, we've invested billions in building impenetrable walls around our networks, only to watch breach after devastating breach demonstrate the fundamental flaw in this approach: data doesn't stay put.
The shift to cloud, AI, and distributed workforces means our most valuable assets—our data—moves constantly between applications, cloud services, partner domains, and devices. In this new reality, perimeter-based security is like building a fortress around a ghost town; the crown jewels have already left the building.
This is why zero trust architectures have gained such prominence. The fundamental premise—never trust, always verify—acknowledges this new reality. But implementing zero trust correctly requires us to rethink security from the outside in, with data at the center.
Two Sides of the Data Security Coin
The market explosion we're witnessing centers around a critical realization: data security requires a two-sided approach that goes beyond simple classification and discovery.
Side One: Defensive Controls
The first side—represented by companies like Cyera, Varonis, and Rubrik—excels at the defensive aspects of data security:
- Discovering where sensitive data resides
- Classifying data based on sensitivity and regulatory requirements
- Identifying inappropriate access rights or exposure risks
- Preventing data from being lost or stolen due to malicious actions or honest mistakes
This defensive approach is absolutely essential, and the market validation we're seeing confirms it. However, it's only half the picture.
Side Two: Offensive Controls
The second side of data security—where Virtru has pioneered innovation—focuses on enabling organizations to proactively and confidently share data without sacrificing security or control:
- Applying persistent encryption and access controls that stay with data wherever it travels
- Maintaining visibility into how shared data is being used
- Empowering data owners to revoke access or modify permissions in real-time, even after data has left their immediate control
- Enabling secure collaboration across organizational boundaries
This "offensive" approach to data security is powered by our implementation of the Trusted Data Format (TDF), an open standard that embeds security and policy controls directly into data objects themselves.
Why Both Approaches Are Essential
In today's data-driven economy, organizations can't afford to just play defense. Data creates value only when it's used, shared, and analyzed—when it's in motion. Restricting data to prevent loss may prevent breaches, but it also prevents innovation and collaboration.
The companies thriving in this new landscape understand a fundamental truth: security must enable business, not impede it.
The Data Security Lifecycle
Rather than seeing these approaches as competing philosophies, forward-thinking security leaders are implementing them as complementary layers in a comprehensive data security lifecycle:
- Discover & Classify: Identify sensitive data across all repositories (using DSPM solutions)
- Govern & Control: Apply appropriate policies based on sensitivity and context
- Protect & Share: Enable secure usage and collaboration without sacrificing control
- Monitor & Remediate: Maintain visibility and respond to threats
- Revoke & Destroy: End access when no longer appropriate
Why This Matters Now
The timing of this market explosion is no coincidence. Several forces have converged to make data-centric security the most compelling segment in cybersecurity:
- AI Adoption: Organizations racing to implement generative AI face unprecedented data security challenges, as these systems require access to vast amounts of data
- Regulatory Pressure: Global privacy regulations continue to expand, with substantial penalties for non-compliance
- Breach Costs: The average cost of a data breach has surpassed $4.5 million, with even greater costs for regulated industries
- Cloud Complexity: Multi-cloud environments have created data sprawl and visibility challenges
- Zero Trust Mandates: Government and industry directives increasingly require zero trust architectures with data at the center
The Future: Open Standards for Data Control
As this market continues to mature, we believe strongly that open standards like TDF will become increasingly central to comprehensive data security strategies. Proprietary approaches create silos and friction that ultimately undermine security by fragmenting control.
The Trusted Data Format, originally developed by Virtru co-founder Will Ackerly during his time at the NSA, is an emerging open standard adopted by NATO and the FVEYS and there’s also an open project that provides the foundation for true data-centric security. By embedding policy controls, encryption, and access rights directly into data objects, TDF ensures that security travels with the data itself..
Conclusion: The Best of Both Worlds
The extraordinary market activity we're witnessing around data security underscores the critical importance of getting data security right.
The most sophisticated organizations are realizing that comprehensive data security requires both defensive and offensive capabilities. They need to protect sensitive information from theft or loss – and also create agency over data so it can be shared with others.
At Virtru, we're proud to play our role in this revolution, providing the open standard-based controls that enable organizations to share data confidently, knowing their security travels with their data wherever it goes. As the market continues to validate the importance of data-centric security, we remain committed to our mission: giving organizations true sovereignty over their most valuable asset—their data.
