STARCIO

drive digital transformation

STARCIO

StarCIO Drive: Agility, Innovation, Transformation
Drive: Agility, Innovation, Transformation

Welcome to Drive

Drive has 700+ articles for digital transformation leaders written by StarCIO Digital Trailblazer, Isaac Sacolick. Learn more.

Data Privacy Week: How Every CIO and CDO Must Take Control of Their Data

Data Privacy Day is January 28, and this year’s Data Privacy Week theme is “Take control of your data.” I’m using this opportunity to review several important technologies, practices, and governance to support your data and AI-driven organizations.

In addition to this post, please tune into this week’s Coffee With Digital Trailblazers, where we will cover Data Privacy Week: How to Take Control of Your Data.

Data Privacy Week: How Every CIO and CDO Must Take Control of Their Data

 “Data is everywhere, and people have more freedom with it than ever before—sharing, accessing, and leveraging it in ways we couldn’t have imagined a few years ago,” says Ravi Ithal, GVP and CTO of Proofpoint DSPM group. “But this freedom comes with risk, compounded by the new wave of AI-driven data proliferation and complexity.

I’m a strong proponent of proactive data governance. Proactive governance essentially means balancing the pursuit of business value and competitive capabilities while, at the same time, taking appropriate and aligned steps to reduce risk. Improving data governance and establishing robust dataops are the foundations of AI governance. CIOs and CDOs should go one step further and define their data and AI non-negotiables.

Data/AI risks and stakes are increasing

Here are two important reasons CIOs and CDOs are taking greater control of their data.

The risks are increasing, with more companies being compromised and larger-scale data breaches becoming more impactful.

“Just weeks ago, the U.S. Treasury revealed a breach that exposed sensitive personal data, including 3,000 unclassified files,” says Gary Barlet, public sector CTO at Illumio. “A new year with the same old story of massive data breaches and leaked personal information. Yet organizations and agencies are taking the same security measures year after year.”

 Second, the regulations not only impact companies but can also impact IT, data, and security leaders personally.

 “While the regulation reinforces existing concepts, it holds leaders personally accountable for two critical challenges enterprises often face,” says Tamar Bar-Ilan, Co-Founder and CTO of Cyera. “First, responding to incidents promptly and transparently, and second, effectively managing third-party risks. These challenges are particularly daunting due to the massive volumes of data organizations collect and share. When a breach occurs—whether directly or through a third party—the clock starts ticking, pressure mounts, and it often takes weeks to fully grasp the impact.”

Three areas to control your data: People, data security, AI governance

Here is advice on what data security, practices, and governance to focus on in 2025 in three areas: the human element, data security platforms, and AI governance.

The human element: identity, passwords, zero trust, and endpoints  

Organizations concerned about data privacy and security strongly emphasize addressing the human elements, which include identity, authorizations, password management, and edge infrastructure protection. Many leaders are adopting zero trust security as a first principle.

Barlet of Illumio says, “We need to fundamentally rethink how we protect the data that powers our lives, starting with zero trust as the foundation. And if there’s one thing this year’s Data Privacy Day reminds us, it’s this: it’s time to stop talking about securing data and start actually doing it.”

Here’s a description of zero trust security models and how AI and ML are advancing their implementations.

 “The zero-trust security model, based on the principle that no entity—whether inside or outside the network—can be trusted by default, will significantly depend on AI for its implementation in 2025,” says Nicos Vekiarides, CEO & co-founder of Attestiv. “Advanced AI systems will continuously verify identities by monitoring user behavior and access patterns in real-time, helping enforce strict identity verification and tackling the growing challenge of deepfake identity fraud. Machine learning algorithms will enable granular access controls by analyzing user roles, device health, and data sensitivity to adjust access privileges dynamically.”

Implementing zero trust security should start with educating employees, transforming identity management, and enabling real-time endpoint protection.

“To meet the dual demands of security and productivity in 2025, security leaders must implement data protection tools including passwordless authentication, zero trust security, and endpoint protection,” says Mark Lee, co-founder and CEO of Splashtop. Teams leveraging passwordless authentication can protect against password breaches and secure sensitive data with certificate-based security parameters. Additionally, zero trust security and real-time patch management ensure only authorized users from a secured device can access company, employee, and customer data.”

Using password managers properly should be one of the first entry points in educating employees on their responsibilities around data protection, security, leakage, and privacy.

“Data privacy and security are a shared responsibility, and password managers empower everyone to play their part by creating and managing strong, unique credentials for every account,” says Gary Orenstein, chief customer officer at Bitwarden. “Using a password manager is a critical first step toward better security habits, with better data privacy coming from a multi-pronged approach. Integrating additional tools like privacy-centric browsers, email alias providers, and VPNs can further enhance users’ privacy, creating a comprehensive defense against the misuse of sensitive information and breaches.”

Data security lifecycle from classification to threat detection

Improving data security is a significant, enterprise-wide change management program, so I start with people-related practices and technologies before data and AI security considerations.

Several technologies help form the foundation of data security.

  • Data Security Posture Management (DSPM) for classifying and securing data and sensitive information across all environments
  • Data Detection and Response (DDR) for threat detection and response
  • Data Loss Prevent (DLP) to prevent unauthorized access
  • Insider Risk Management (IRM) addresses risks posed by insiders, including employees, contractors, and partners

“DSPM is emerging as a foundational technology for identifying, classifying, and securing valuable and sensitive data across sprawling environments.” Says Ithal of Proofpoint DSPM group. “DSPM enables IT teams to regain control by providing visibility into where data lives, who has access to it, and the risks it faces—while empowering DLP and other data protection tools with the right context to mitigate those risks even more effectively.”

Second, let’s consider how we monitor and protect data assets.

“AI is driving business growth, but it also introduces new risks. For 2025, CIOs must prioritize technologies that harness AI responsibly while addressing vulnerabilities, and tools like DDR should top the list,” says Nishant Doshi, chief product and development officer at Cyberhaven. “DDR replaces outdated DLP systems, offering advanced capabilities to mitigate insider threats and data leaks in AI-powered workflows.”

AI governance from LLMs to AI agents

Protecting and securing data should be the footing to develop a strong data foundation, coupled with robust data management platforms, reliable dataops (including data pipelines, data quality, master data management, etc.), and agile data architecture practices. Even more than buildings, the foundation needs ongoing investment, and prioritizing the right improvement areas to enable new capabilities and address risks is key to becoming an AI-driven organization.    

“Strong data foundations allow you to apply your domain-specific data to drive differentiated outcomes for your customers, whether fine-tuning LLMs to build accessible real-time insights for your internal teams, creating differentiated product experiences, or driving better customer outcomes,” says Pete DeJoy, SVP of products at Astronomer.

CIOs and CDOs should extend their data governance and foundations to the AI domains. Policies should focus on how employees use AI tools, how data scientists use data in their AI models, and how models and AI agents are validated for accuracy, bias, and trust issues.

“CIOs will need to invest in AI engineering and governance technologies to have any hope of delivering transformative value with AI,” says Kjell Carlsson, head of data science strategy and evangelism at Domino. “AI Engineering capabilities make it possible to orchestrate the range of technologies needed for production AI pipelines, while AI Governance capabilities, in turn, orchestrate and automate AI governance processes and the host of tasks required to manage risk, compliance, and the reliability of these internally developed AI solutions.”

Several months ago, I published a post on what technology, data, and AI professionals must understand about AI governance and shared seven questions to answer.

“Sound governance practices can be used to limit generative AI uses only to well-vetted use cases and to monitor the flow and impact of generated outcomes to the organization,” says Joe Regensburger, VP of research at Immuta. “CIOs should review AI governance platforms for their 2025 budgets to help manage data access and privacy controls, ensuring that only authorized users can access sensitive data to train AI models.”

Henry Umney, managing director of GRC Strategy at Mitratech, says AI innovation can not – and should not – exist without parallel investment in governance to ensure its responsible and effective integration.

Umney says, “Start with an inventory of AI models, risk-ranked by business impact or regulations like the EU AI Act, and benchmark against frameworks like NIST AI RMF to identify governance gaps. Allocating resources for continuous monitoring, advanced training, and security ensures scalable and compliant AI adoption while unlocking growth opportunities.”

Balakrishna (Bali) D.R., global head for AI and automation at Infosys, shares several AI governance considerations. “A combination of frameworks, processes, and policies are needed to assess risks of use-cases from different dimensions of explainability, fairness, security, and privacy, to develop risk mitigation channels like periodical audits, sensitization training, instituting red-teaming mechanisms, and developing guidelines to ensure regulatory compliance,” says Bali.

Emerging technologies will simplify AI governance

If all of the identity management, data governance, and AI management sounds complicated, it’s because the platforms solve different problems, and there’s limited interoperability and integration. That’s likely to change as more organizations depend on data and AI, and vendors look to simplify approaches for mainstream businesses.

“Several emerging technologies focus not solely on data security but on what data is available to the various popular AI platforms,” says Rocky Giglio, director of security GTM at SADA. “These tools allow businesses to filter what information is sent to GenAI services and ensure sensitive information is not leaked. They can block unauthorized services and point users to the tools that are managed and ready for compliance.”

While this is a long, non-trivial to-do list for CIOs and CDOs, we must do more than hope for better data privacy and security.

Published on:

Topics:

, , , , , ,

Share on:

Leave a Reply

StarCIO

My company, StarCIO, provides leadership, learning, and advisory programs for companies looking to accelerate delivering business value from digital transformation. Contact me if you’d like to learn more about partnering opportunities.

Isaac Sacolick

Greetings from Isaac Sacolick

If you enjoy my thought leadership, please sign up for the Driving Digital Newsletter and read all about my transformation stories in Digital Trailblazer.

Coffee with Digital Trailblazers hosted by Isaac Sacolick

Digital Trailblazers! Join us Fridays at 11am ET for a live audio discussion on digital transformation topics:  innovation, product management, agile, DevOps, data governance, and more!

Join the Community of StarCIO Digital Trailblazers

About Drive

Drive Agility, Innovation, Transformation

Drive is the blog for digital transformation leaders brought to you by StarCIO and Isaac Sacolick.

Agility, Innovation, and Transformation are the three primary digital transformation core competencies that every StarCIO Digital Trailblazer must champion in their organizations. Learn more About Drive.

About the StarCIO Digital Trailblazer Community

StarCIO Digital Trailblazer Community

Revolutionizing traditional learning, networking, and advising experiences.

Visit the community

About StarCIO

Learn More about StarCIO

About Isaac Sacolick

Isaac Sacolick

Author, 1,200+ articles, keynote speaker, Chief StarCIO Digital Trailblazer. Full bio

Driving Digital Newsletter

Driving Digital Newsletter

StarCIO Guides

Learn StarCIO Agile Planning

Digital Trailblazer

Digital Trailblazer by Isaac Sacolick

Driving Digital

Driving Digital by Isaac Sacolick

Driving Digital Standup

Driving Digital Standup

Coffee with Digital Trailblazers

StarCIO Coffee With Digital Trailblazers

Recognition

reworked imapct awards 2026 Judge
InfoWorld 2025 Judge
InfoWorld Technology of the Year 2024 Judge
Thinkers360 Top 10 in IT Leadership
Thinkers360 Top Agile Thought Leader
Thinkers360 Top DevOps Leader
Thinkers360 Top in Digital Transfomation
Thinkers360 Top in Analytics
Thinkers360 Top in Product Management

Discover more from StarCIO Digital Trailblazer Community

Subscribe now to keep reading and get access to the full archive.

Continue reading