AI is the Oxygen, Data is the Fuel: Why Your CISO Role is About to Become the Hottest Strategy Job on the Planet
Hey, what's the most important thing in your enterprise? It's not your infrastructure. It's not your endpoints. It's your data. If you are relying on yesterday’s technology—like firewalls and antivirus—to defend against the revolution driven by Agent AI, Large Language Models (LLMs), and Shadow AI, security experts warn you are fundamentally setting yourself up for potential, significant problems.
The AI boom is not just a technological shift; it’s a seismic event for cyber security, fundamentally changing the risk profile of every organization. For these complex new applications—including Agent AI, RAG (Retrieval-Augmented Generation), SaaS applications, and LLMs—to be effective, they require "oxygen," and that oxygen is your data.
Interested in navigating these challenges? Ronan Murphy and other world-class speakers will be discussing these issues, along with innovation and the regulatory landscape, at Forcepoint Aware 2025, a virtual event taking place October 7th and 8th. You can find more information at Forcepoint.com/aware.
The End of the Perimeter and the Strategic CISO
For two decades, security veteran and Forcepoint Chief Strategy Officer Ronan Murphy has seen almost everything when it comes to cyber and data security. Previously, the role of the Chief Information Security Officer (CISO) was straightforward: build high walls and a moat around the data, often leading the "department of no".
But that paradigm has been utterly shattered. The modern enterprise has no effective perimeter due to the proliferation of portable devices, the shift to the cloud, and the universal connectivity of the internet. Now, CISOs are faced with an unavoidable mandate: they must enable the business to operationalize AI.
Security is, at its core, the business of revenue protection. To fulfill this duty, CISOs must transition from being enforcers or builders of controls to becoming business strategists. This evolution requires that CISOs supplement their existing security tooling—such as firewalls, EDR (Endpoint Detection and Response), and identity tools—with new capabilities that grant deep visibility into the data itself.
The Data Lake Dilemma: Finding Value in the Unstructured Past
The staggering opportunity presented by AI is undeniable; companies that seize this wave of innovation could look dramatically different in five years. However, to capitalize on AI, you must first understand your data.
The biggest challenge is the legacy data lake. Companies have accumulated terabytes of unstructured, unlabeled information since the "dawn of time". While this data lake is mostly legacy, it represents the real value for training agents, driving insights, and building automation.
This accumulated, highly valuable data also introduces significant risk. If it is operationalized incorrectly with an AI initiative, or if the organization suffers a double extortion, ransomware attack, or an insider threat, the consequences can be profoundly damaging.
Introducing DSPM: The New Security Imperative
To solve the complexity of dealing with data that exists everywhere—on-prem, on endpoints, in SharePoint, in Oracle, and across hyperscalers like Microsoft and Google—a new, rapidly growing sector has emerged: Data Security Posture Management (DSPM).
DSPM is a necessity because, unlike infrastructure (which can be outsourced to hyperscalers) or platforms (SaaS/PaaS), the responsibility for data cannot be outsourced. DSPM is designed to give executive leaders, InfoSec professionals, and risk leaders the ability to look at the posture of their data and make powerful, informed decisions regarding governance, risk assessments, compliance, and InfoSec.
A key use case for DSPM is determining an organization’s Gen AI readiness. Organizations need to confirm that their data has been correctly discovered, classified, profiled, tagged, and labeled before they turn on an AI application.
AI to Prepare for AI: The Intelligence Layer
Addressing the legacy data lake doesn't require manually checking every file. DSPM leverages automation, specifically AI, to retroactively prepare data for the AI revolution.
Forcepoint, for example, built an AI Mesh, described as a "whole zoo of small language models," whose sole purpose is to interrogate the contents of data documents. This AI mesh allows organizations to quickly and accurately contextualize vast data repositories, determining what is sensitive, regulated, intellectual property (IP), or customer details. Once discovered, the data can be tagged and profiled, enabling informed decisions about its use.
Furthermore, modern data protection requires a far more granular taxonomy and classification than the historical five to seven basic labels (e.g., internal, confidential). If an HR department wants to maximize the ROI of a new AI tool, it might need to serve up all HR data except specific items like payslips or disciplinary records. DSPM helps facilitate this complex requirement by interpreting data content and applying the necessary granular labeling. Industry-specific blueprints (like those for healthcare and HIPAA controls) are often used to provide a sophisticated starting point for profiling and risk assessing data assets.
Holistic Protection: Data at Rest vs. Data in Motion
Protecting data can no longer be done in a silo. Even if an employee is authorized to read sensitive IP, the controls are lost if they can copy and paste that information into an unsecured channel like Slack or an external email.
Comprehensive security must address data at rest (in S3 buckets, SharePoint, OneDrive) and data in motion (as it moves through the internal network). The ability to understand, interpret, and track data flow is now more powerful than ever before.
DSPM is the "brains" that interprets and labels the content. This intelligence is then fed to tools that act as enforcers:
DLP (Data Loss Prevention): DLP acts as the "bouncer in a nightclub" or the security guard inspecting packages at the exit. It is implemented at the edge to stop data from being lost outside the organization, ensuring that if a document containing IP is attempted to be emailed or sent, the policy is enforced at scale.
CASB (Cloud Access Security Broker): The CASB sits between employees and crucial SaaS applications, such as Salesforce, Office 365, or Google Workspace. It enforces policies, provides compliance, offers threat protection, and ensures that users only connect to sanctioned, safe applications. For instance, a CASB can block unauthorized users from accessing an application or prevent the upload of sensitive documents (like those containing IP) to unsanctioned services like Dropbox. CASB offers a more efficient approach by requiring only one tool to manage security across multiple SaaS environments.
The Existential Risk: Shadow AI and Insider Threats
The risks are staggering. Shadow AI—the use of unauthorized AI applications by employees—is a significant concern because these tools can "hoover up data" that could be damaging to the organization. If data lacks the correct guardrails and finds its way into open models (especially since platforms like ChatGPT are now being indexed by search engines), organizations are vulnerable.
The danger posed by AI is acute, even with sanctioned tools like Microsoft Copilot. If an organization feeds unlabeled data into an internal Copilot, an employee is only "one prompt away from a data breach or a data loss" by asking a query like, "What was Ron's salary last year?" or "What's the disciplinary record for this person?".
For security veterans, this risk is now paramount: data loss through AI presents a greater risk to large organizations than even the most prolific ransomware actors. Ransomware actors now prioritize stealing data (data exfiltration) for double extortion because they know that victims, often lacking visibility into what was stolen, will pay to avoid dissemination.
CISO Action Plan: Eight Recommendations for Hardening Your Data Security Posture
The revolutionary changes driven by AI mean that the CISO's job is dramatically changing, focusing on the highly complex data layer. By embracing this shift, CISOs can significantly elevate their value and influence within the business.
Here are eight key action items CISOs must implement to mitigate risk and seize the opportunity of the AI revolution, drawing directly from the new strategic mandate:
1. Embrace the Strategic Data Focus:
Recommendation: Stop viewing the role as primarily building firewalls and EDR architecture. Instead, shift the primary focus to the data layer to become a strategy leader, enabling business initiatives (like RAG, automation, and Copilots) while assessing and mitigating data risk. Your ability to serve up data securely will make you an incredibly valuable asset.
2. Deploy Data Security Posture Management (DSPM) for Holistic Visibility:
Recommendation: Implement DSPM now to gain visibility across all data repositories (on-prem, cloud, endpoints). Use this tool to continuously look at the "posture" of the data—its risk assessment, governance status, and compliance requirements.
3. Prioritize "Gen AI Readiness" Audits:
Recommendation: Use your DSPM capabilities (like the AI Mesh) to explicitly run audits and ensure data is properly discovered, classified, and labeled before being served up to any internal AI models. Verify that proprietary and sensitive data is correctly segmented to avoid accidental exposure via an authorized prompt.
4. Revolutionize Data Taxonomy and Classification:
Recommendation: Abandon simplistic, legacy data labels. Develop a highly granular taxonomy tailored to specific department needs and AI use cases (e.g., labeling specific document types within HR or finance that must be explicitly excluded from internal AI training sets). Consider leveraging industry blueprints (like those for HIPAA or defense standards) to expedite this process.
5. Enforce Security in Motion using DLP:
Recommendation: Ensure your Data Loss Prevention (DLP) capability is fed intelligence from your DSPM "brains". DLP must be configured to monitor and enforce policies on data in motion—tracking IP as it moves through internal channels like Slack, Teams, or email—to prevent authorized users from copy-pasting sensitive information to unauthorized destinations.
6. Control Cloud Applications with CASB:
Recommendation: Implement a Cloud Access Security Broker (CASB) to manage security policies across all Software as a Service (SaaS) applications (e.g., Salesforce, Office 365). Use the CASB to block connections to unsanctioned or malicious cloud apps (mitigating Shadow AI risk) and enforce policies that prevent data exfiltration (like bulk downloads or uploads of sensitive data to external cloud storage).
7. Harden M&A Processes:
Recommendation: Integrate data security requirements into the M&A decision process. Require the acquired company to implement the acquiring company’s data classification and tracking toolset quickly, especially prior to internal staff announcements, to proactively prevent insider IP theft or "raiding and pillaging" by worried employees.
8. Integrate GRC and InfoSec Functions:
Recommendation: Recognize that AI risk is a shared challenge. Actively work to converge Governance, Risk, and Compliance (GRC) functions with InfoSec to jointly mitigate the risks introduced by AI adoption while ensuring compliance and enabling innovation.
By implementing these strategic steps, CISOs can transform their departments from operational cost centers into essential business enablers that protect the enterprise’s most valuable asset: its data.