Fortanix CPO Unpacks the 10 Most Critical Data Security Questions

Data security is shifting under new pressures. Companies are handling more data than ever while adjusting to stricter laws like GDPR and PCI DSS 4.0. At the same time, AI is changing the threat landscape, and quantum computing raises questions about the future of encryption.

Security standards are evolving, but are businesses keeping up? What challenges—and solutions—lie ahead?

In this blog, Anuj Jaiswal, Chief Product Officer at Fortanix, breaks down the biggest trends, challenges, and innovations shaping data security today.

Let’s get into the top 10 questions.

What trends in data security should businesses be aware of for the coming decade?

First, we have data sprawl. As businesses store extensive data in the cloud or across hybrid environments, they lose track of where their data is. When data is scattered across different platforms, it becomes harder to manage and protect, leaving it open to potential data security breaches.

Next, businesses must stay on top of data security compliance. Laws like GDPR, PCI DSS, DORA, set strict rules for handling data. If a business doesn’t follow these regulations correctly, they could face fines or, worse, a data breach. Keeping track of all these rules can be challenging, especially when they’re always changing.

Then, there’s the issue of post-quantum cryptography (PQC). As quantum computing advances, it’s becoming clear that current encryption methods might not be strong enough to protect sensitive data.

If businesses don’t prepare for this shift and start using encryption methods resistant to quantum computers, they risk having their data easily accessed.

Finally, we must address the security of data in AI. AI relies on huge amounts of data to function, but without proper protection, that data can be compromised. Hackers could manipulate the data AI uses, or they might use the AI system itself to breach security.

What are the major challenges companies face in hybrid and multi-cloud environments, and how does Fortanix address them?

The challenge is that data security is fragmented. Every cloud provider has its own tools, its own encryption, and its own key management system. That creates risk—businesses lose visibility and control.

Fortanix fixes this by unifying. Top key management, encryption, and access control across all clouds. Our platform lets businesses bring their own encryption keys (BYOK), manage secrets centrally, and enforce Zero Trust policies across hybrid environments.

So, instead of being at the mercy of cloud vendors, companies take back control of their security.

How does Fortanix’s Data Security Manager simplify compliance and audits for enterprises?

Compliance is painful when its reactive companies scramble to prove they are compliant rather than being compliant by design. Fortanix’s Data Security Manager (DSM) flips that.

It automates encryption, key management, and access policies so security controls are always in place. Instead of manually gathering audit logs, Fortanix DSM generates reports in real time, giving auditors instant visibility.

Whether it’s PCI DSS, GDPR, or HIPAA, regulatory compliance becomes a side effect of good security, not an after-the-fact headache.

Could you explain the innovation behind Fortanix Key Insight and its impact on enterprise data security?

While working very closely with customers and CISOs from different enterprises, we learned that it is an industry challenge to know and learn the cryptographic security posture for any infrastructure, be it cloud/s or on-premises. This research led to the innovation of the industry's first true key security posture management product, Key Insight.

Most organizations don’t even know where all their encryption keys are. That’s a huge risk. Fortanix Key Insight scans, discovers, and maps out all encryption keys across cloud and on-prem environments.

It finds weak keys, orphaned keys, and misconfigurations before they become security gaps. The result? Businesses can fix problems before attackers exploit them, and they gain full visibility into their encryption posture.

What advice would you give to organizations looking to strengthen their cryptographic security posture?

Three things:

1. Know what you have – Most companies don’t even have an inventory of their encryption keys. Without that, you can’t secure them.

2. Centralize and simplify – Stop using 10 different key management systems. Unify everything under one control plane.

3. Think post-quantum now – Waiting until quantum computers break encryption is too late. Start testing quantum-resistant algorithms today.

With the rise of post-quantum cryptography (PQC), what proactive measures should organizations take, and how is Fortanix preparing for this shift?

The biggest mistake companies make is thinking they have time. Quantum threats may feel distant, but data stolen today can be decrypted later (harvest now, decrypt later attacks).

Fortanix is already preparing for this by supporting post-quantum cryptography (PQC) standards and integrating quantum-safe algorithms into our key management solutions.

Businesses must start discovering, assessing quantum vulnerable assets and plan for PQC transition now so they’re not caught off guard when quantum computers arrive.

Could you discuss the impact of confidential computing on data privacy and its significance for enterprise security?

Confidential computing protects data while it’s in use. Until now, encryption only protected data at rest and in transit, but once you processed it, it was exposed.

With confidential computing, even when data is being used, it stays encrypted inside secure enclaves. This is critical for industries handling sensitive databanks, healthcare, AI workloads.

Fortanix is a leader in this space, helping companies run sensitive applications with full privacy and security.

What future innovations can customers expect from Fortanix to address emerging data security challenges?

The future of security is automation and intelligence. We’re working on solutions that don’t just encrypt and protect but adapt—automated security that understands risks in real-time and responds before a breach happens.

Expect deeper AI-driven insights, tighter security for AI workloads, and integration of post-quantum cryptography into our platform.

As AI is becoming pervasive, what challenges have you heard from customers about AI and data security?

Unauthorized access to sensitive data by AI systems is a growing concern as more organizations use these tools. With 87% of security executives reporting data breaches, the risk of exposing sensitive information during AI interactions is clear.

Even though 95% of executives trust publicly available GenAI models, they fail to ensure data privacy. Despite restrictions, many still use GenAI for work, putting data at risk. Organizations should encrypt data, anonymize it, and conduct regular audits to improve security.

Learn more in our in-house GenAI report.

How is Fortanix helping its customers to mitigate security challenges with AI?

We secure AI at three levels:

1. Protecting the training data – Fortanix ensures that sensitive datasets used for AI training are encrypted and access-controlled.

2. Securing AI models – Our confidential computing solutions prevent AI models from being stolen or tampered with.

3. Enforcing AI data governance – We help organizations control who and what can access AI-generated insights, reducing the risk of leaks.

AI is transforming security, but it’s also creating new risks. Fortanix is making sure businesses can innovate with AI without compromising security.