I have a confession. When my team proposed hosting an executive boardroom at the Gartner Cybersecurity & Risk Management Summit on data loss protection, I had my doubts about attendance. As a tech category, DLP doesn’t give CISOs the warm fuzzies.
But every seat was taken. We even had to turn people away at the door.
That’s because security leaders came to talk about something bigger. Within just a few years, employees across every department have started feeding sensitive company data into AI, and the so-called “DLP solutions” companies have now are useless. CISOs need better answers for data security. Not tomorrow – now.
Thanks to everyone who joined us in the executive boardroom. Here are six takeaways from the event.
DLP PTSD Is Real
The feeling was unanimous: the old DLP playbook based on regex-based policies has failed. It catches too many false positives or miss real threats entirely, and someone has to sort through the wreckage. Security teams are spending money and burning hours and still losing data.
My co-host for the session was Matthew Mudry, CISO at Alera Group, and he has lived this. At one point he had a small army focused on sorting real alerts from false ones. Credit card numbers flagged as contract numbers, and PHI flags on everything. A universal experience for CISOs that’s given DLP a bad reputation and maybe even triggered a few anxiety nightmares.
Matthew called it “DLP PTSD.” We’ve all been there.
AI Has Changed the Risk Math
ChatGPT, Claude, Claude Code, and Gemini are running directly on endpoints, with more employees using these desktop and browser apps every day, often with extremely sensitive data. Tools like Cursor let non-technical employees build unauthorized apps that connect directly to internal data sources, without security ever knowing they exist.The surface area is orders of magnitude larger than it was three years ago. Writing more policies is not a response to that and it doesn’t scale.
The only way to keep up with AI-driven exposure is with AI-driven detection. You can’t fight this with more analysts and policies. The answer for data security in today’s world is agentic technology that understands context, learns what normal looks like, and flags what doesn’t fit.
CISOs Need Data Movement Visibility
Matthew’s approach at Alera inverted the conventional playbook. Instead of starting with data classification, the two-year DSPM scan, the labeling project, the policy architecture, he started with a simpler question: where is data actually going right now?
Not long after deploying ORION Security agents, his team had answers. And the other thing he said that was interesting: once he had clean, accurate data, the conversation with his board changed completely. He could show them exactly what was leaving and where. That is what a DLP reset looks like.
Pre-Classification Delays Protection
Someone in the room asked about Matthew’s choice to not pre-classify data before deploying ORION. His answer was direct: he’s not against classification. He’s against it being the thing that has to happen before you can protect anything.
ORION classifies data in motion, and those detections feed back into compliance and labeling workflows. Protection doesn’t have to wait.
This matters especially now, when AI tools are creating exposure faster than any labeling project can move.
The only way to keep up with AI-driven exposure is with AI-driven detection.
Fragmented DLP Means Fragmented Signal
Most enterprise data loss protection programs aren’t one program. They’re three or four point solutions covering different surfaces: endpoint, email, network, AI, SaaS apps, etc. Each with its own policies and alert queue.
The problem is data doesn’t respect those boundaries. When you look at email, endpoint, AI channels, and SaaS together, you see a completely different story than when you look at each in isolation.
Context is everything. A file download that looks routine on its own looks very different when you can see it was then zipped, renamed, and uploaded somewhere else. That full trace only exists if you are looking at all of it at once. Fragmented signal means more noise, missed incidents, and tuning cycles, which is exactly the failure mode everyone in that room has lived.
Data Security Done Right Gets Everyone in Sync
One of the more interesting moments in the session came when Matthew described how his security team had built a shared workspace with HR. When a relevant HR situation arises, HR flags it in the system. When ORION detects unusual data movement patterns, the security team flags it back. Both sides are working from the same context.
It sounds simple, but almost no one is doing that. Most security teams are either monitoring everyone equally or waiting for an incident before they escalate. The HR partnership lets security focus attention where the risk is actually elevated, not because anyone is assumed to be doing something wrong, but because context-aware protection is more accurate than blanket coverage.
It also shifts the security-HR relationship from reactive to collaborative. And when the two teams are in sync, response time improves.
The Conversation Is Just Starting
We’re at a moment where the traditional DLP approach has failed, and a new playbook is being written.
I co-hosted the executive boardroom not knowing if we’d have good attendance. DLP doesn’t exactly have a fan club. But the room was full because the data protection problem is real and getting harder, and security leaders know it.
What stood out was how much everyone agreed on: AI has made this urgent, and they needed answers to this problem yesterday.
If you were in that room, or find this conversation interesting, I’d genuinely like to hear how you are thinking about this. What’s working? What’s still broken? Is that checkbox we all knew as a “DLP tool” even relevant in today’s world? That discussion was the best 45 minutes of the conference for me, and I don’t think we got close to finishing it.
Leave a Reply