In 2025, security leaders stopped treating the network as the main boundary and started treating data as the perimeter. In this episode, we unpack what “data-centric security” really means with Can POLAT (15+ years in security & privacy engineering) and turn it into a practical roadmap: data classification and modern DLP, encryption across the full data lifecycle (at rest, in transit, and increasingly in use), confidential computing/secure enclaves, and the telemetry/observability you need to continuously watch how sensitive data is accessed and moved.

We also explore how privacy engineering and privacy-by-design are converging with security under regulatory pressure—and why many organizations are building a single, unified “data protection” strategy instead of separate privacy and security programs.

Key takeaways

• Start with a data inventory + classification model before expecting DLP to be effective.

• Treat encryption as a baseline (rest + transit) and plan for “data in use” protection.

• Use telemetry + observability to detect abnormal data access and enable rapid containment.

• Follow a repeatable framework: inventory → access controls → protection → monitoring → incident response → continuous improvement.