Podcast: Play in new window | Download
Subscribe: Apple Podcasts | RSS
Cybersecurity strategy has evolved over the years—first focusing on keeping the bad guys out, then on detecting and responding to threats faster, and now on cyber resilience and the notion of ensuring business continuity no matter what happens.
In the latest episode of the TechSpective Podcast, Druva Chief Security Officer Yogesh Badwe joined me to talk about why the next phase of security maturity must be built around a single, non-negotiable truth: data is the real crown jewel.
The Shift to Data-Centric Security
Historically, organizations poured resources into protecting networks and identities, often treating data as a secondary concern. “Breaches are inevitable,” Badwe explained. “Detection is a lagging indicator. Organizations need to be ready to respond and recover from bad scenarios—and that starts with the data itself.”
With sprawling hybrid environments, complex supply chains, and AI agents introducing new attack vectors, prevention alone isn’t enough. Security teams need full visibility into what data exists, where it resides, and who can access it.
Backups: From IT Tool to Security Backbone
Most companies think of backups as an IT disaster recovery resource. Badwe argues they must be elevated to a frontline security capability.
Recovering from ransomware isn’t as simple as restoring a snapshot—you need to identify clean copies, remove malicious artifacts, and, in some cases, blend files from different points in time to minimize business disruption. “Security recovery is completely different than IT recovery,” he noted.
Attackers know this, too. Modern ransomware campaigns often target backup systems directly to remove a company’s safety net.
Preparing for Emerging Risks
The conversation also touched on two looming challenges:
- Double-extortion ransomware, where attackers both encrypt and exfiltrate data to increase leverage.
- Post-quantum cryptography, and the “harvest now, decrypt later” risk that stolen encrypted data could be cracked in the future.
Organizations should begin mapping their encryption landscape now to prepare for a PQC transition within the next few years.
The Visibility and Classification Challenge
Centralizing all corporate data is unrealistic. Instead, companies need tools that can provide visibility where the data lives—whether that’s in SaaS apps, multi-cloud environments, or third-party systems.
Badwe sees automated classification as essential, not just for prevention but for rapid incident response. Knowing which 20% of your data is truly sensitive allows you to focus security controls where they matter most.
AI’s Real Role
AI in security is often overhyped, but Badwe sees practical value in tier-one SOC triage, automating runbooks, and enhancing secure software development processes. AI can’t replace sound security architecture, but it can accelerate analysis and decision-making.
Looking Ahead
As AI agents and integrated corporate search platforms become more common, traditional authentication and authorization models will be tested. Security leaders will need to rethink access controls for human-to-agent and agent-to-agent interactions.
For Badwe, resilience isn’t just about bouncing back—it’s about making data the centerpiece of prevention, detection, response, and recovery. Because in the end, it’s not the network or the identity we’re protecting—it’s the information that keeps the business running.
Check out the full podcast for more:
- Why Data Must Be the Heart of Cybersecurity - August 8, 2025
- Retail Under Fire: Why Hackers Love Shopping Season - August 4, 2025
- Rethinking Compliance as a Strategic Advantage in 2025 - July 28, 2025
