Connect with us

Hi, what are you looking for?


Data Protection

The VC View: Data Security – Deciphering a Misunderstood Category

I’m both excited and concerned to write about data security as one of the hot trends to monitor in 2021. Data security is a tough topic to summarize and I’d argue it may be the most misunderstood category in security right now. We’re a raw industry that has been shaken up multiple times for years.

I’m both excited and concerned to write about data security as one of the hot trends to monitor in 2021. Data security is a tough topic to summarize and I’d argue it may be the most misunderstood category in security right now. We’re a raw industry that has been shaken up multiple times for years. We’ve gotten micro-services, Agile software development, public cloud, GDPR, multi-cloud, work-from-home, federal regulations and SaaS applications all disrupting how we lived and worked.

It’s gotten to the point now that if you were to ask a CISO what they’re doing to protect their data, you’d get different answers; there is no consistency. Yet, if you were to ask those same folks who the leading data storage, analytics, processes and vendors were, clear market leaders would quickly emerge.

Yet the idea of protecting data is still ubiquitous with cybersecurity. Data continues to be a top-3 security topic within the board. “What are we doing to protect our customers’ and the organization’s data?” If the many, many public breaches have told us anything over the years, it’s that losing data escalates a “security incident” into a “data breach”. Lawyers get involved when we lose control of our data. How else would we figure out our liability to our suppliers and customers? 

[ Related: The VC View: Hot Trends in Security After the Pandemic ]

Data Security Trends

There is a reason we’re in this situation: for the longest time, security was architected with “defense in depth”. Data was the soft, shishy middle of a hardened perimeter. We protected data by first making sure our endpoints weren’t compromised, then by making sure threats weren’t moving around in our networks undetected, then by making sure our applications weren’t vulnerable to data leaks. Now that we’re all moving towards the multi-cloud, SaaS world, the castle walls we’ve built over the years no longer works. It’s impossible to monitor data flowing across clouds, microservices, internal, external applications, geographies, data centers and technologies. 

Considering all of this complexity, it’s clear to me that most projects will adopt a “back to the basics” theme. Even though each company doesn’t have the same crown jewels, business models or customers, I envision most data security projects this year will align to the first two parts of NIST’s Cybersecurity Framework: Identify and Protect. The remaining three (Detect, Respond and Recover) will come later as the industry starts to train the people, mature the processes and develop the technologies to begin to reasonably protect disparate data via the 80/20 rule.

Aligned to Identify and Protect, I expect to see two camps of data security projects: Visibility & Control. One set of folks interested in visibility: How much data do I have? Where is it stored? Who has access to it? What is our current risk profile due to accessible data and our threat model? How can I protect the data? Are there any quick wins that we can do to significantly reduce risk? Perhaps we can delete sensitive data in our staging environment?

Advertisement. Scroll to continue reading.

Another set of folks will be interested in control. How can we protect our data by design? Are there ways for us to segment data by groups & roles? What technology is out there that allows us to enforce policy as data is being generated, moving across the network and in production?

In the end, I envision a “data firewall” being created to merge those two paths and as an important milestone in this category. We’ve had every version of the firewall to protect the endpoint, the network, the application. These firewalls complemented technology changes from personal computing, local networks, the internet, mobile, IoT. It’s only logical we’ll see a new firewall being created due to multi-cloud and the firewall moving closer to data; a pattern we’ve seen for multiple decades now.

Written By

Will is a Managing Director and a founding team member at ForgePoint Capital. He has been an avid technology enthusiast for decades: building his first computer in elementary school and starting online businesses while completing his bachelor’s degree from the University of California, Berkeley. Focusing on security startups for a decade, he has worked with more than 20 cybersecurity companies to date. In his spare time he’s a foodie with friends, enabling serendipity and building communities.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...