Effective data management is essential for businesses navigating growing data volumes, evolving regulations and cybersecurity risks. Striking the right balance between scalability, security and compliance is key to maintaining efficiency and resilience in a data-driven world. We asked industry experts how businesses can balance scalability and security when managing large volumes of data in an increasingly complex regulatory landscape.
Iwona Rajca, Senior Solution Engineer EMEA at Protegrity
Balancing the security and usability of data is indeed a balancing act and it’s a challenge to get it right. Too stringent controls often translate to locking down information sources and platforms. In companies that subscribe to this approach any access to data is governed by a multi-step approval process. If we believe that data is the new gold, this can stifle or even kill any innovation. In fact, security concerns are one of the top reasons why companies are reluctant to adopt cloud technologies and modernise.
Recently, we have seen that approach in action as everyone in the corporate world rushed to block access to Copilots and AI chats on employees’ computers. On the other end of the spectrum, lenient governance and underdeveloped controls are the two main ingredients of data breaches.
Operating in a complex regulatory landscape adds another dimension to this dilemma. To avoid fines, it may appear more attractive to keep everything locked down, as the saying goes, it’s better to be safe than sorry. Prioritising a system’s security comes first.
Companies can learn from the banking industry and how they approach non-financial risks – such as data privacy or IT platform risk. In their world, risk is quantifiable. You can translate this idea to other sectors: the strategy around data management should come down to what constitutes an acceptable risk for your organisation.
Top global banks have widely adopted solutions that automatically apply security guardrails to data. In a well-designed system all data coming in is protected, so that it resides on the server or on the database in an encrypted form, that no one in the organisation or an outside attacker can decipher.
The data is only re-identified for authorised users when needed: within their Business Intelligence reports or customer applications. That’s the core of data-centric security, something that we at Protegrity have been building and perfecting over decades. AI has been a great motor for enhancing this capability: it’s now possible to automatically detect if any given data is sensitive and protect it accordingly.
It’s AI at its best, enhancing existing processes by improving their quality – AI models get better over time – and reducing cost and effort by automating manual tasks. Together, this approach builds a strong control framework over the most sensitive data resources and provides a programmatic answer to the security verses usability conversation.
Andrew McMillan, Partner and corporate lawyer specialising in M&A and data governance within the Technology, Media and Telecommunications (TMT) sector, at RPC
Recent studies suggest that up to 90% of the world’s data was generated in the last two years. And according to IDC, the volume of data stored globally is doubling every four years.
In this context, with businesses generating and having access to more data than ever before, the questions of scalability and data security are becoming ever more pressing.
In the past, the analysis of this quantity of data would have been too time-consuming to be practical. But now, with the advent of AI, we can interrogate data in depth and at a speed we would only have been able to dream of previously.
At one end of the scale, data can provide businesses with insights into their operations that enable them to optimise processes and supply chains. At the other end, AI can identify new and unexpected correlations between distinct data sets that might lead to entirely new opportunities and business cases.
We have also seen that those businesses with access to the most data are able to gain competitive advantage in the market when that data is exploited – in compliance with regulation – to its full potential. This might be their own proprietary data, or data to which they have access through some form of sharing arrangement, such as a data trust framework.
In addition, businesses increasingly rely on outsourced providers for a wide range of company functions, from payroll services housing employee data and financial information to CRM systems potentially holding a plethora of personal data relating to individual customers.
While all of this presents a wealth of commercial opportunity, it can also result in a large concentration of data which makes data security critical.
The security risk is exacerbated by the trend towards threat actors who steal data for malicious purposes (often extortion) taking an increasing amount of data. Storing large volumes of data anonymously is cheaper, download speeds are quicker and reviewing and making sense of stolen data using AI-driven tools is easier. Where threat actors were previously taking gigabytes of data from organisations, we are now sometimes seeing multiple terabytes of data being exfiltrated.
The most acute data concentration concerns often arise in a supply chain context. A data security incident involving organisations to whom data processing is outsourced can have far-reaching consequences as there is the potential for that one incident to have a downstream impact on multiple organisations worldwide – take, for example, the 2023 incident affecting file transfer platform MOVEit.
The importance of data security, particularly within the data-related supply chain, is being reflected in both UK legislation, such as the Cyber Security and Resilience Bill, and EU legislation, such as DORA and NIS2. Through legislation and related regulation such as this, particularly in critical sectors, cyber and data security is coming under increasing scrutiny.
Those who can balance the opportunities that large volumes of data provide, whilst managing the risk that data concentration causes, will be best placed to thrive.
Jean-Philippe Avelange, Chief Information Officer, Expereo
Businesses today are waking up to a stark reality: data is both their biggest asset and their biggest risk. Scaling operations while keeping up with security and compliance isn’t just a checkbox exercise – it’s a strategic balancing act that separates the winners from the rest.
The challenge isn’t just about handling large volumes of information but doing so in a way that is both secure and adaptable to an ever-changing regulatory landscape. Move too fast, and vulnerabilities pile up. Move too slow and agility is lost.
Cloud environments have become the backbone of enterprise intelligence, automation and decision-making. They fuel innovation and enable organisations to operate at scale, but the more data flows through these systems, the more they become a prime target for cyberthreats.
Too often, security is treated as a necessary evil rather than a core component of growth, something to be patched in later rather than embedded from the start. But the days when companies could afford to take that approach are long gone.
With regulations tightening and cyber-risks escalating, security isn’t just a safeguard – it’s a competitive advantage. There’s still a widespread belief that security and scalability are at odds with each other, that protecting data slows things down.
The reality is quite the opposite. Security isn’t about restriction; it’s about enabling businesses to move faster with confidence. It starts with understanding that not all data is created equal. By classifying data based on sensitivity and enforcing intelligent access controls, organisations ensure that critical information is only available to the right people at the right time.
AI-driven automation can then take security to the next level, identifying real-time anomalies, streamlining compliance and preventing breaches before they happen.
Encryption should be a given, applied consistently whether data is at rest, in transit or in use. And in a world where multi-cloud, on-premises and hybrid environments have become the norm, a fragmented security approach is no longer viable – unified policies must apply across the entire digital estate.
The key to making this work is visibility. If businesses can’t see what’s happening with their data, they’ve already lost control. Every transaction, access request, and system interaction must be auditable, not just for compliance but to ensure that security evolves alongside growth rather than lags.
The most successful companies don’t treat security as an afterthought; they build it into their foundation from day one. Those who do will be able to scale with confidence, while those who don’t will eventually hit bottlenecks – whether from cyberincidents, regulatory scrutiny or eroding customer trust.
At the end of the day, it’s about moving fast without breaking things. The right security approach doesn’t slow businesses down; it gives them the freedom to grow without looking over their shoulders. The real winners are the ones who figure out how to make security and scalability work together – not as trade-offs, but as two sides of the same coin.
Dr Chris Royles, EMEA Field CTO at Cloudera
Organisations continue to deal with growing data volumes, a trend which has only intensified with the rise of AI and GenAI. At the same time, data is being born and managed across multiple environments – on premise and in the cloud. Companies continue to face the challenge of how to scale their cloud operations while ensuring data security and compliance across all environments.
This is where unified data platforms help. With data residing across on-premise and cloud environments, a true hybrid approach allows for a seamless, compliant movement of data and applications across environments, ensuring flexibility without sacrificing governance. Increased visibility makes it easier to apply rules to data consistently, keeping compliance intact from creation to destination.
With the introduction of regulations such as the Digital Operational Resilience Act (2025) and NIS2 (2024), companies can no longer afford lenient attitudes to cybersecurity. High-profile data breaches have proven that compliance is no longer a box-ticking exercise, it is essential for maintaining customer trust and preventing significant reputational damage. For industries such as banking, healthcare and manufacturing, where organisations must now demonstrate compliance in their sharing, storage and use of data, having the right controls in place is critical.
Hybrid cloud requires the implementation of robust security measures, including encryption, tokenisation and data masking. This can mitigate risks, save time and reduce human error. Businesses also need workload observability to make data driven decisions about which workloads belong in the cloud and which should stay on-premise. This ensures cost efficiency, regulatory compliance, and optimal security. Some data, particularly proprietary or highly sensitive information, may even need to be repatriated to on-premise or sovereign cloud solutions to stay within regulatory frameworks.
Adopting a modern data architecture is essential for companies to remain agile while also extracting business value from data assets spread across different cloud environments without risking safety. With a unified data platform underpinned by a data lakehouse, security is built in, ensuring controls are up to date and always ‘on’. This enables businesses to strike the right balance between scalability, security and compliance – allowing them to fully capitalise on the value of their data without compromising trust or regulatory obligations.
Consistent security and data governance means more users can access what is an enterprises most valuable asset, its data.
