Three Top Cybersecurity Projects to Prioritize

The SRM leader's role is changing as businesses are taking on more risks, responding to the macro-economic conditions and the evolving threat landscape. This change has led to additional responsibilities for the SRM leader such as cyber-physical systems security (e.g., operational technology, the Internet of Things, enhancing data governance frameworks, ensuring robust business continuity strategies and facilitating the adoption of AI technologies). SRM leaders must also navigate new data and AI compliance regulations, a constant barrage of new threats and increasing complexity in IT. Uncertainty about tariffs tops it all off.  

SRM leaders can make measurable progress in the next 12 months by:

• Introducing the safe use of GenAI by embedding cybersecurity considerations into the GenAI governance framework

• Adopting risk-reducing practices and technologies to unstructured data management

• Implementing advanced storage governance and AI-driven threat detection

As organizations integrate and commoditize GenAI in operations, SRM leaders must make it their business to establish strong security guardrails that protect the technology and its use. GenAI is deployed via software embeds and emerging structures (e.g., agentic AI), so policies must be updated routinely to address emerging capabilities and security implications.

Approach this initiative with the assumption that GenAI capabilities are embedded in most software and that users cannot detect the presence of GenAI functions in applications. This mindset covers the interests of the organization while seeking to preserve stakeholder trust.

SRM leaders should create short-, medium- and long-term goals to define and implement GenAI governance:

• Short term. Augment governance artifacts with GenAI guidance by creatingGenAI policy, standards, procedures and usage guidelines to cover GenAI-specific security issues.

• Medium term. Monitor for compliance and identify governance deficiencies.

• Long term. Collaborate with business leaders to address gaps produced by evolving GenAI adoption and deployment models.

The top reason for failed GenAI deployments is a lack of GenAI-ready data. Organizations that use retrieval-augmented generation pipelines for their GenAI applications need access to unstructured data, which comprises 70% to 90% of the data in today’s organizations.

As vendors race to address demand for augmented data management, SRM leaders must establish data governance programs that enforce security measures to prevent GenAI from allowing unauthorized access to sensitive data. This means discovering, classifying and cataloging unstructured data, optimizing access entitlements and protecting sensitive content by redacting or concealing it.

SRM leaders should:

• Implement a data governance program to address the specific challenges and benefits of integrating GenAI into the organization.

• Reduce unnecessary data and streamline data preparation for AI applications.

• Make sure data discovery tools, data classification and handling instructions are ready for AI use.

• Ensure compliance with data residency requirements, especially GenAI services that involve cross-border data transfers.

• Maintain clear visibility and transparency in the use of AI in standardized business applications and custom AI applications that require large language model (LLM) training data.

Traditional infrastructure security layers that focus on network and endpoint are no longer enough to prevent cyberattacks and data loss. By 2029, 100% of storage products will include cyberstorage capabilities focused on active defense beyond recovery from cyber events,up from 20% in early 2024. Cyberstorage adds a security layer at the storage level ─ a proactive bulwark against advanced cyberthreats.

Storage teams may be reluctant to step outside their comfort zone. However, as cyberattacks increase and gain visibility at C-level, storage operators must accept responsibility for implementing cyberstorage capabilities. Ultimately, if the security layers at the network perimeter or application levels fail, the storage administrator is responsible for identifying what data to recover and from what point in time, while ensuring access to critical data.

Enterprise storage solutions vendors have started to offer a range of security features that align with the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework’s six pillars: govern, identify, protect, detect, respond and recover.