What's Up with Tech?

From Ransomware To Resilience: Unifying Data Security And AI

Evan Kirstel

Share episode

Interested in being a guest? Email us at admin@evankirstel.com

We’re joined by **Anand Eswaran**, CEO of **Veeam Software**, and **Rehan Jalil**, CEO of **Securiti AI**, following Veeam’s bold acquisition of Securiti—a move that fuses data protection, security, and AI governance into one platform. Together, they unpack why GPUs alone can’t fix untrusted data and why 80–90% of enterprise AI projects fail, exploring how unifying data security and resilience lays the groundwork for AI that’s safe, compliant, and genuinely useful.

GPUs don’t fix untrusted data. We dig into why 80–90% of enterprise AI projects falter and how bringing data security and data resilience together creates the foundation for AI that’s safe, compliant, and actually useful. Our guests break down a data command graph that maps files, tables, permissions, sensitivity, and regulations across on-prem, cloud, SaaS, and modern warehouses, then uses that context to enforce the right controls and power rapid recovery.

We explore how DSPM fits inside a larger platform that understands data relationships, flags toxic connections, and automates remediation. From ransomware and exfiltration to model poisoning, the graph approach speeds both prevention and incident response. You’ll hear how to prioritize the crown jewels, set dynamic resilience policies, and hit aggressive RPO/RTO targets so the business stays online. We also dive into safe AI enablement: find the sensitive “needles,” mask or tokenize them, and let the “haystack” fuel conversational search and agents without leaking secrets.

The conversation goes further into operational reality: low-friction adoption for existing environments, visualizing which datasets train which models, and rolling back AI pipelines with precision when bad data slips through. We talk timelines for integrating the platforms and why this unified view unlocks better security, stronger governance, and smarter storage tiering. If you’re ready to raise AI success rates, reduce blast radius, and move faster with confidence, this one lays out the playbook.

If this resonates, follow the show, share it with a teammate who owns AI risk, and leave a quick review telling us which challenge you want solved next.

---

Would you like me to format it as a LinkedIn or YouTube post (optimized for engagement and readability on those platforms)?

Inspiring Tech Leaders - The Technology Podcast
Interviews with Tech Leaders and insights on the latest emerging technology trends.

Listen on: Apple Podcasts   Spotify

Support the show

More at https://linktr.ee/EvanKirstel

SPEAKER_00:

Hey everybody, really excited for this chat today. Breaking news means acquisition of security AI. Super intriguing, bringing together data protection, security, and AI in a whole new way. Gentlemen, how are you?

SPEAKER_02:

Excellent, Evan. It's uh an absolute pleasure. Anandis for them, CEO. Absolute pleasure to join.

SPEAKER_00:

Thanks, Anand.

SPEAKER_01:

Evan, thanks so much for hosting. It's great to be talking to you live.

SPEAKER_00:

Well, great to be here. And um, let's talk big picture, Anand. What was the thinking, the big idea behind acquiring security AI? Why now? And why them?

SPEAKER_02:

Yeah, that's a great question. You know, at the heart of it, it's a very simple thing. There is no enterprise AI without data security, data resilience, and AI trust all coming together. You know, as we all know, 80 to 90% of the AI projects are failing right now, despite hundreds of billions of dollars of investment on GPU and capacity, because while you need that capacity in infra, the problem no one has solved yet is trusted data. Across your entire unified data estate, primary and backup, structured and unstructured, nobody is doing that right now. And that's what we are setting out to do between Vee and Security AI. The number one leader in data resilience is joining the number one leader in data security. And by coming together, we are going to fundamentally disrupt this and create the first solution which allows every company to invert that 80% failure rate to 80% success rate for AI projects.

SPEAKER_01:

You already covered very well. I think that's really about it. We really want to be the uh enabler and uh the company that accelerates the safe AI in the enterprises. And to do that, you need both prevent bad things from happening to data, but if they do happen, you're able to recover from it. That is needed. And I'm super excited to be, you know, doing it along with Anand and the bean together.

SPEAKER_00:

Fantastic. And then on what were customers, our customers needing, asking for, that the market wasn't delivering until now.

SPEAKER_02:

At the very simple level, when I talk to obviously for us, anything we do is market driven, it's customer driven. We generally don't do acquisitions to buy share, and artificially we beef up things. So at the heart of it, there were a lot of simple questions. One, uh customers are starting to look at their unified data escape, and there's no way for them to do that today. You either have uh software solutions which allows them to look at their uh primary data for a variety of different things, security, et cetera. And there's a lot of companies which, and we is one of them, which focuses on resilience, and that is the backup data and everything else we do to make sure that you can recover in you know minutes, not hours, not weeks, not months, no matter what happens, you know, we keep your business running. Customers are starting to look at how do they bring both of these together because that unified view is super critical for what they need to do. Number one. Number two, there's this problem of unstructured data, which I mean, the world has large view, business intelligence, the age of BI was driven by structured data. The age of AI is driven by unstructured data, and that's 80 to 90 percent of the data is in every single company. And so they're now looking at how do they make sense of it? How do they create security and trust around it? And how do they make sure that when bad things happen as we answered, they can actually create the right resilience posture for it? How does it all come together? Uh, and so that that was the second question. And the third, they're saying how they are responsible for stitching together platforms and tools and solutions to make this happen. You know, is there anyone who can actually bring it all together? That was a genesis behind us saying, okay, so let's start to tackle that problem for our customers, which led us to basically, you know, looking at security as the only company which you know is able to join forces of being to actually bring this to life beyond DSPM. Everybody talks about DSPM, but Rahan would tell you DSPM is a sliver of what security does in the context of data security. And so we have we are extremely optimistic on what we can do for our customers with that.

SPEAKER_00:

Fantastic. And for those who don't live in the world of DSPM, data security pasture management, uh, Rahan, um, what does this move mean in practice? What will it look like on the ground? And how, you know, also you guys are more than just DSPM. Uh, give us the kind of value prop uh these days.

SPEAKER_01:

I think you think from the lens of an enterprise, they have billions or tens of billions of files, hundreds of millions of tables and columns and all. And it's all jumbled up, and people often don't fully understand what kind of data do they actually have, right? And not only understanding, they also want to make sure that the fundamental controls that they need for the data, they exist. Security happens to be a top control that people need because they don't want data to be lost or misused. But there are other controls on the data, which is privacy, there are other controls like governance, and there are other controls like regulatory and compliance. So the the thought process behind the security offering has been could there be a unified solution that provides a very comprehensive understanding, what we call contextual understanding of the data, uh, and across data everywhere. What is meant by data everywhere? Data, as you know, in many organizations historically has been on premise. So that has not gone away for most large organizations. Then you have data in the public cloud, then you have data in the SaaS, and then you have data in data warehouses like Snowflakes and Databricks, and all kinds of data. Can you actually have full understanding of that in a very contextual manner? We'll like in a graph form, and we can go into depth of what graph really means. But if you have that understanding, it enables the organizations to do fundamental controls around it. All organizations want to actually have those controls be in place, but they can't do it manually. They have the right intention, they have the right desire, but without the right tooling, not possible. Um, so that's what really, if you think about security platform, is fundamentally creates that very comprehensive contextual intelligence layer. Then you can do security controls, you can do privacy, you can do access, regulatory controls, and find the risks that are in there and remediate those risks wherever those risks are actually practical to be remediated along the way. That's really fundamentally what the platform actually does. And DSPM is a very important aspect of it because all large organizations are also looking at DSPM as kind of an important pillar. And security, by many analysts, you'll see that actually tops the rank in the DSPM because of this very in-depth intelligence and very granular controls or remediation capabilities on it. Above it, you will see that as you go into this more automation using agentic frameworks to automate that. And as Anand was pointing out, our focus has been on the primary or the live data. But the data that people really care about also gets backed up. People want to make it resilient, but they need intelligence on it. They more granularity on it. And that's what we also provide alongside with this partnership. We're going to basically provide that also across in a unified fashion together.

SPEAKER_00:

That's what we we offer as a platform. Fantastic. And Anand, we talk about making data more accessible for AI, the topic of the day. But how do you balance that with keeping it secure? I assume that's a big driver here.

SPEAKER_02:

Absolutely, Evan. Uh and Rihan talked about all the aspects which go into DSPM and data security. The other side of that coin is data resilience and recovery. And this is where when you have a clean view and what uh the data command graph creates, it's like a social network of data. It's a visual view of your entire data estate. And so there you can actually look at the value of the data, what's the taxonomy of the data, uh, what is high-value data, and how should it be productive? It allows us to also create a much better agentic framework for resilience, real time, our dynamic policies of resilience and what gets backed up and how does it get backed up? And even those policies change dynamically because you understand your live data. And that merging those two sides of the coin between live and backup, structured and unstructured, data security and data resilience is what creates the best poster for every company. That's the heart of why now you can be comfortable that the data being fed into the AI pipelines and the LLMs and which data is used to train what LLM, you know, is something which every company will feel comfortable with. And to top it all out, now you're not just worried about recovering your data. You have to make sure that you're comfortable rolling back your AI pipe, rolling back your AI models to the right place. If there's any issues, if your model gets poisoned, if your model's stripped, you've got to be able to get back to the right place. This unified solution is the only one which will allow you to do that.

SPEAKER_00:

Fantastic. Of course, big picture ransomware is still a huge issue and getting worse with Gen AI and other tools. Um, talk about the graph approach and how it'll help companies recover faster after an attack, which is the name of the game. Yeah. So think of this.

SPEAKER_01:

If you're Sherlock Holmes, what do you do first? If you're solving a mystery, you collect a lot of dots, the evidence. You put on a you know, you put on a pinboard, you start connecting the dots together, and then you solve a mystery. What if the dots were automatically collected? What if the dots were automatically connected? And what if it was told that that is something bad connection there? That's graph, data command graph. By the technology of uh security AI, these dots or the evidence and information is connect collected automatically about files, what's inside the file, what is sensitive and all, what who has permissions, what AI is using it, what regulations apply. These are all dots. But then you connect them together with a variety of degrees of separation, and then you find toxicity, like toxic on it. What is toxic connections on it? What if it was magically done out of the box once you just connect to your data systems? And ability to for you to be Sherlock Holmes on top of it and find the things that you you think are toxic. That power only comes when you actually have an underlying engine that gives you that power. And frankly, as you go towards ransomware, and when you find to find the incidents and you're trying to find what went wrong, you need that power. And you need that power that actually helps you in seconds, not over months of you know what a Sherlock Holmes would do, you know, go collect all the information manually and all. What if it was just done for you? And that's really true to power and differentiation. What you're going to see here, which Secured AI inherently provides, but you're going to see here together with Veeam that across across both sides of things. And why this is more important, Evan, is think of uh AI. AI is not humans, so it goes very fast. So when an AI agent is let loose on your data, it can very quickly do and collect the information and give it to someone. Uh you need to actually have a blazing fast response time on the other side to first of all understand something went wrong. And when agents will do some mistakes, humans do mistakes, but at the human speed. Agents will do some mistakes at the human at the machine speed. You need something that can figure this thing out very quickly. First of all, prevent it. That's what we do. But if something destructive happens, you want refined capability. Go back in time, fix it. And that's we has is number one actually in that area. If you can combine these things two together, it's very powerful. And that's what enterprises need to feel comfortable to let AI lose on their data. When I say lose, it means because they know they have put the cardrails in place so they can have a playground for the AI to go do the magic that it's supposed to be doing.

SPEAKER_00:

Fantastic. And, you know, Nanda, I assume this new graph technology will be a huge boon for customers, existing customers, new new customers as well.

SPEAKER_02:

Absolutely. It's for everyone because you know, when you think about it, ransomware, you call out ransomware as a big secular trend. There's one other trend which is equally important, big, and very disruptive, and that's exfiltration. Exfiltration of data is happening a lot as well. Now, as Renan explained, what we can do, because we understand the data a lot, is you know, recovery is driven by any different lenses. One lens is what is the most important data which you need to protect so you can recover quickly and keep your business or city or government running. The other lens is what is the data you need to protect? Because you have to comply with local laws, with regulations. And that may be a much larger subset. But at the heart of it, it is also what do you need to do to recover? What data would you recover first to keep your business running? The depth of understanding of data that which this unified platform will bring will allow us to do that. You know, uh, someone very famously said it's the economy stupid. And I equally famously say it's the recovery stupid. So how quickly can we recover? What's the highest value data to recover, whether it's recovering from a ransomware attack, whether it's recovering from data exfiltration? This depth of understanding allows us to make sure that the RTO and RTO to geek out a little bit, or how quickly can you recover with how little data loss can you recover is zero. We can get businesses running instantly by this unified view across the entire data estate for every customer, new and old.

SPEAKER_00:

Fantastic. And I've heard you talk in the past about the shift from trying to protect everything to focus on protecting the right data. Um, what does that mean, practically speaking?

SPEAKER_02:

It literally means what I just literally called on, which is understanding the highest value data in a business allows us to focus on that as the first step. That's what you need to get your business back running. That's what you need, you know, when you're dealing with ransomware hackers and negotiating with them, whether you're dealing with people who have exfilcated your data, understanding the value of your data allows you to create the right focus on what data do you need back first. That's the first thing. And so this allows us to actually create that tiered taxonomy of value so that when bad things happen, you know exactly what is your first step of action. Now, the second thing, which is generally speaking a great thing, is understanding the value of data, understanding what data is accessed how often, understanding usage patterns, will also allow us to create the right tiered storage footprint for customers. So, what is it that goes on secondary? What is it that goes on archive and code storage? So it allows us to create a much better TCO uh story, optimize their cost uh based on understanding the value of this data as well. So it helps us on both fronts, you know, highest value, the recover quickly, get going fast, comply with regulations, and create the right TCO poster for every company as well.

SPEAKER_01:

Another and so just add to what Anand just said. So think of this way: if a thief comes to your home, you are more worried about your jewels, crown jewels. You put that in the safe, but you don't need to know what they are. You probably don't worry that too much. You probably do, but not too much worry about other things as much, right? But that's in an organization, those crown jewels are totally mixed up. You don't know where they are across billions of files. So first you have to find them. People sometimes call them needle needle in the haystack, but you have to find them first and understand do we have the appropriate controls around them? Because they are the ones that need to go on the safe first. You need to monitor them first. So, from protection perspective, they're very important. But if you don't know what they are, it's hard to actually apply the appropriate controls because if you uniformly apply controls to every other data, maybe just overdoing it, right? So I think that's important. The second thing, if you think about AI, people are worried about those crown jewels or needle in the haystack going into the AI models, going into the AI agents, touching it. So, what do you have to do? You have to first find those crown jewels or needle in the haystack, take the needles out, give the haystack to the AI. Because if you give the needles to the AI, you know what's going to happen on bad things will happen on the other side. And it's easier said that done. So there's another technology that we have we call GenCore. You should look at GenCore.ai, your audience should look at it. Where what we do is first analyze the data, find the quote unquote needles, take them out, like mask them, tokenize, anonymize them, take the haystack, the rest of the data that produced the goodness, let it go to the AI. So, what does it do for the companies? What it does for the companies, it actually then have them use their actual valuable data, which is not the problematic one, to actually create outcomes like conversational search on top of it, agents that they can build on top of it. So, in addition to just providing security, uh, one of the products of security AI is a Gen Core AI, which enables you to utilize the underlying data that we're sitting on with all the connectors, clean it, make it available. In fact, all they were down to create a conversation conversational search agent, or simply use this data layer to use it with your own agents that actually you're trying to create. And that is a big unlock for the enterprises because fundamentally, if you go into the uh any enterprise data security, regulatory compliance, and privacy laws, they're fundamental blockers. But if we want to be that enabler and partner with the AI teams on the other side to help them unlock so they're not worried about this needles going in along with the AI.

SPEAKER_00:

Well said, great opportunity. And then I'm as you know, teams in IT and security are super overloaded these days in an era of doing more with less. Um, what are some of the challenges uh they'll face trying to adopt a more data-driven security model?

SPEAKER_02:

Rayhan, you should go first, and I'll come uh back on it. Yeah, I'm I'm excited about data.

SPEAKER_01:

I think challenges provide the opportunities for companies like us and it makes us feel good. Because if somebody's have challenges and you become the enabler to solve their challenges so they can go on their journey to be the best AI transformation in their enterprises. So if you look at any study, major study right now, whether you pick pick JP Morgan report or Morgan Stanley report on enterprise adoption of AI, you're going to see fundamentally few things on top of it. Data controls is number one priority, number one challenge, but number one opportunity to be partnered with those organizations to solve. Period. I mean, and when I say data controls, controls could be different kinds. Security is number one control, privacy is another one, uh, understanding agents what data they're going to access is another one, regulatory is another one. These are challenges. But again, for us, it's an opportunity to be a helper, to be a partner for those organizations, to provide the tech, because this can be done manually, provide the most advanced tech to take care of that part. And frankly, so they have no more of those challenges and they're on their journey to do this.

SPEAKER_02:

And as far as ever, as far as adoption goes, we are actually the moving friction. So if you are a Veeam customer and you have the Veeam portfolio which you use for all of your data protection and data resilience, we will have security spec, which allows you to understand your data, allows you to dynamically change your attention and resilience policies, automatically show up. Very low friction to uh adoption and use. The same thing. If you're a security customer, you will be able to do what you do. But if you choose to, and this is where the magic is gonna happen, we are going to have a unified platform at the data graph level, which allows you to see and visualize your entire data, the context of the data, the relationships of the data, which data is touching, which AI model, you're gonna see all of that and get to a very different place on what success rate for your AI projects mean. So low barrier to entry, no friction and adoption, and more magic as we come together.

SPEAKER_01:

Evan, I'll just add to it if you think about the data resilience landscape, it is unquestionably transform it for the purpose of the serving the customer. That is the number one goal. But it it requires that transformation, particularly in this uh in this era. Anand did touch upon it. I'll just kind of repeat that what he said. When you train the model, like your your human mind. If I tell you something, Evan or your audience, I can't ask them to forget it. Human mind cannot be rewinded, but models can be, because you have versions of it. If you back them up, you can pull something, but if something you've made a mistake, you can rewind the memory all the way back. That is fundamentally needed, but you need it a lot more precision is needed for it. You can't just do it carte blanche. You need to know some mistake did get made. And to understand that, how do you know that? You need to understand data because training happens with data. So you need to connect those dots together and say, well, wrong data went into it. It went to it this point in time. That was a sense of information, it did go into it. I would rewind it back. It will transform this industry for better because now the the need is there. How do you stitch in the same knowledge graph that we actually have the AI models, the AI agents, the AI tools that that go into it? You stitch it all of that into one place so you can actually have a much more comprehensive view and you know what to rewind and what not to rewind. We need precision in this. And this industry required this this transform, requires this transformation uh for people to feel comfortable to make use of AI agents and AI along the way.

SPEAKER_00:

Absolutely. Uh so well said. And Anand, when can customers start to see securities tech show up in Veeam's portfolio? What's the outline at the moment?

SPEAKER_02:

Yeah, we expect the acquisition to close at the end of November, early December. Expect really quick to see all of this tech start to show up together and joint use cases to show up together. I'm talking the first bit of it starts coming in the first quarter after we finish and close the acquisition, not far out. So very quick. Agility is what you can expect to see on how the two platforms, the number one data resilience and the number one data security platform, come together.

SPEAKER_00:

Brilliant. And final note big picture, you're uh the leader in the space. Uh, what is your big picture outlook for the next year or two? Uh, is it onwards and upwards as you know continue to serve customers? How would you describe the future?

SPEAKER_02:

Absolutely. Uh we are excited about the future because, as I started by saying, for enterprise AI to work at scale, you need data security and data resilience coming together to fuel AI trust in the right way. That's the future. All of these things coming together. GPU and capacity is one half of it. We are the other half of it. And we are excited that we're going to be the first company to actually bring this unified vision to life, bringing data resilience, data security, AI trust, all of it together for every customer on the planet. That's the future. We are the first.

SPEAKER_00:

Fantastic. And congratulations again, gentlemen, on the Blockbuster acquisition. Uh, win win for customers, partners, the industry as a whole. Thanks. And uh onwards and upwards.

SPEAKER_01:

Evan, it's a pleasure talking to you. Uh, thank you so much for taking time and to your audience. Thanks so much, and take care, everyone.

SPEAKER_00:

Thank you all for listening.