Solving Velocity vs. Control in the AI Era - Ketan Gotmare - Guardians of the Data - Episode #37
How do you protect sensitive data without becoming the bottleneck in a business that’s moving faster than ever?
Today, Ketan Gotmare shares how nearly two decades in cybersecurity have shaped his perspective on modern data protection and why today’s biggest challenge isn’t a lack of tools, but a fundamental imbalance between speed and control.
He introduces the concept of the “velocity versus control paradox,” where businesses are under constant pressure to move faster, adopt AI, and drive digital innovation while security teams are still expected to verify, govern, and reduce risk without slowing anything down. Ketan walks through the evolution of data security, from the “castle and moat” era to today’s borderless, cloud-first world, explaining why traditional approaches no longer work and what organizations must do instead. He emphasizes that security teams can no longer act as gatekeepers, and must shift toward enabling the business while still protecting sensitive data. The conversation dives into practical ways to get started, including how to define what sensitive data actually is, where it lives across structured and unstructured environments, and why most organizations struggle before they even begin implementing frameworks like zero trust.
Takeaways:
- Embrace the "Velocity vs. Control" Mindset: Security teams must stop being blockers. Find the balance between enabling business innovation and maintaining data protection.
- Apply Zero Trust as a Concept, Not a Product: Don't buy into "zero trust" tools blindly. Start small and identify your most sensitive/high-value data, layer controls around those assets, and expand from there. Never trust, always verify.
- Know What Your Sensitive Data Is Before Worrying About Where It Is: Partner with Privacy, Legal, and Compliance early. Ask: "If this data got out, would it cost us money or damage our brand?" That's your sensitive data. Define it in a formal standard before scanning anything.
- Don't Try to Boil the Ocean, Start with the Obvious: Prioritize structured/business-system data first. Then tackle unstructured user-generated data. Leave shadow data for the crawl/walk/run phase.
- Don't Do It Alone: Build strategic partnerships with data teams, privacy, legal, risk, and compliance. Data governance and data security have the same goals. Leverage that alignment.
- Think Data Lifecycle (DSPM), Not Just Classification + DLP: Track data from creation to retirement. Understand how data flows across your network, to SaaS platforms, and to third parties. Data lineage is the foundation of mature data security posture management.
Quote of the Show:
- “You cannot block the business.” - Ketan Gotmare
Links:
Ways to Tune In:
- Transistor: https://guardiansofthedata.show/
- Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ
- Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323
- Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
- iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
- YouTube: https://www.youtube.com/@GuardiansoftheDataPod
Creators and Guests
