How do you get started with data retention when different regulations require different retention periods?

Start by working with legal counsel to establish a baseline retention policy that addresses regulatory requirements. Then meet with data owners to identify where exceptions are needed and why. Pete Statia recommends hammering out the retention policy first, then using it as the framework for conversations with business stakeholders who often readily accept the policy once they understand the legal and reputational risks of keeping data indefinitely.

What is the most effective way to get executive buy-in for data security initiatives?

Both panelists emphasize starting at the top rather than trying to push initiatives uphill. Use real-world examples of breaches and their consequences—Pete referenced the Sony hack and its reputational damage from retained emails. Frame data security in terms executives understand: litigation risk, reputational exposure, and regulatory compliance. Once senior leadership is bought in, the rest of the organization follows.

Next-Gen DLP: AI, Blocking & Data Ownership Strategies

Name: Next-Gen DLP: AI, Blocking & Data Ownership Strategies
Uploaded: 2026-03-26T17:13:55-04:00
Duration: 22 min 45 s
Description: TL;DR Legacy DLP fails because it provides visibility without actionable outcomes, while organizations continue hoarding data they cannot effectively manage or protect. Identity compromise is the primary attack vector—once attackers gain privileged acc...

Varonis

03/26/2026

0 (0%)

Report Like Favorite

TL;DR

Legacy DLP fails because it provides visibility without actionable outcomes, while organizations continue hoarding data they cannot effectively manage or protect.
Identity compromise is the primary attack vector—once attackers gain privileged access in environments without least-privilege models, they can access everything.
Establishing retention policies with legal counsel and identifying data owners are foundational steps that enable defensible data deletion and proper access controls.
Next-generation DLP must incorporate AI-driven behavioral analysis, real-time user feedback, and actual blocking capabilities rather than relying on manual rule creation.
Security culture and employee awareness remain critical—technology alone cannot solve data security without engaged leadership and educated users.

Legacy DLP Challenges and the Data Explosion

The panel opens by examining why traditional data loss prevention approaches are failing modern enterprises. The massive explosion of unstructured and semi-structured data from IoT devices and cloud applications has outpaced legacy DLP capabilities. While these tools provide visibility into data sprawl, they struggle to translate that visibility into actionable outcomes. Organizations compound the problem by hoarding data indefinitely, creating unmanageable alert volumes that overwhelm security teams with limited resources. The panelists note that point-in-time scanning approaches feel disconnected from the real-time blocking capabilities organizations actually need.

Attacker Advantages and Identity-Based Threats

The discussion shifts to how threat actors exploit current weaknesses in data security. With traditional enterprise boundaries effectively dissolved by SaaS applications, cloud storage, and remote work, attackers have multiple exfiltration paths. Pete Statia highlights that the simplest attack vector is identity compromise—logging in as a legitimate user and leveraging excessive permissions to access sensitive data. Without least-privilege models and defined data ownership, a single compromised privileged account can access everything. The panelists emphasize that defenders must be 100% effective while attackers only need to find one weakness.

Building Data Security Posture Through Ownership and Retention

Both panelists stress that improving data security starts with foundational governance work. Establishing clear retention policies with legal counsel creates the framework for defensible data deletion—Pete's organization eliminated 100 million files in six months using this approach. Identifying data owners is equally critical, as security teams cannot make classification or access decisions in isolation. The panelists recommend engaging general counsel as an ally, framing old data as litigation risk rather than just storage cost. John Koester notes that most business leaders readily accept retention policies once they understand the reputational and legal exposure of keeping data indefinitely.

The Future of DLP: AI, Blocking, and Behavioral Analysis

The panel concludes with a vision for next-generation DLP that moves beyond rule-based detection. Both panelists agree that AI and behavioral analytics must replace the current model of manually defining thousands of rules. Real-time user feedback at the point of sharing—helping employees make correct decisions before data leaves—represents a significant improvement over after-the-fact alerts. Matt Radulak emphasizes that effective blocking must be part of the solution, noting that only 18% of organizations currently perform any blocking. The future lies in behavioral profiling that understands normal patterns and can automatically intervene based on transaction risk, reducing the configuration burden on security teams while improving protection.

Chapters

0:00 - Introduction and Panel Setup
1:34 - Legacy DLP Challenges
3:25 - Attacker Advantages in Data Exfiltration
5:08 - Improving Data Security Posture
8:00 - Enabling Secure Data Sharing
12:04 - Next Generation DLP Vision
14:45 - Tips for Better Security Outcomes
16:29 - Engaging Employees on Data Security
20:43 - Behavioral Analysis and Closing Thoughts

Key Quotes

2:15 "Visibility is only telling you how big the problem is, not solving any problem."
4:17 "I would just log in as the person I wanted to steal their data, right? You compromise the identity."
11:07 "We got rid of a hundred million files in about six months."
13:07 "It's kind of akin to saying the barn door is open. By the way, the horse left an hour ago."
18:36 "I've never been successful getting anything to go uphill at any organization."

Categories:

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

05/12/2026

01:00 PM

05/12/2026

Transforming Black Box to Glass Box: Revealing Hidden Threats and AI Risks through Data Lineage

https://www.truthinit.com/index.php/channel/1895/transforming-black-box-to-glass-box-revealing-hidden-threats-and-ai-risks-through-data-lineage/
05/12/2026

11:30 PM

05/12/2026

Implementing Effective Strategies for Active Directory Security and Data Protection

https://www.truthinit.com/index.php/channel/1888/implementing-effective-strategies-for-active-directory-security-and-data-protection/
05/13/2026

01:00 AM

05/13/2026

Transforming the Black Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1890/transforming-the-black-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/13/2026

05:00 AM

05/13/2026

Transforming Black Box to Glass Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1894/transforming-black-box-to-glass-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/19/2026

01:00 PM

05/19/2026

Establishing a Robust AI Governance Framework for GenAI Throughout Its Lifecycle

https://www.truthinit.com/index.php/channel/1936/establishing-a-robust-ai-governance-framework-for-genai-throughout-its-lifecycle/
05/20/2026

10:00 PM

05/20/2026

APAC: Establishing an AI Governance Framework for GenAI Throughout the Deployment Process

https://www.truthinit.com/index.php/channel/1953/establishing-an-ai-governance-framework-for-genai-throughout-the-deployment-process/
05/21/2026

11:00 AM

05/21/2026

The Autonomous Era: Orchestrating a Resilient Enterprise

https://www.truthinit.com/index.php/channel/1372/the-autonomous-era-orchestrating-a-resilient-enterprise/
05/27/2026

04:00 AM

05/27/2026

Rivoluziona i rischi dell'AI in opportunità con Netskope AI Security

https://www.truthinit.com/index.php/channel/1925/rivoluziona-i-rischi-dellai-in-opportunità-con-netskope-ai-security/
05/28/2026

10:00 AM

05/28/2026

Harnessing AI: Transforming Perception into Purposeful Mastery

https://www.truthinit.com/index.php/channel/1924/harnessing-ai-transforming-perception-into-purposeful-mastery/
05/28/2026

01:00 PM

05/28/2026

AI in the Fast Lane: Effectively Managing AI Security for Small Teams

https://www.truthinit.com/index.php/channel/1951/ai-in-the-fast-lane-effectively-managing-ai-security-for-small-teams/
06/02/2026

01:00 PM

06/02/2026

Satori Spring: Insights from Recent Research on the 2026 Threat Landscape

https://www.truthinit.com/index.php/channel/1930/satori-spring-insights-from-recent-research-on-the-2026-threat-landscape/
06/04/2026

02:00 AM

06/04/2026

Mastering the Unseen: Managing Shadow AI and Agentic MCP Traffic

https://www.truthinit.com/index.php/channel/1948/mastering-the-unseen-managing-shadow-ai-and-agentic-mcp-traffic/
06/16/2026

07:00 AM

06/16/2026

Transforming Data Risk into Actionable Priorities: What to Address First

https://www.truthinit.com/index.php/channel/1952/transforming-data-risk-into-actionable-priorities-what-to-address-first/