EPISODE · Dec 16, 2025 · 45 MIN
Data-Centric Security and Privacy Engineering_ How
from Siber Kafe: Sohbetle Güvende Kal · host Görkem Hınçer
In 2025, security leaders stopped treating the network as the main boundary and started treating data as the perimeter. In this episode, we unpack what “data-centric security” really means with Can POLAT (15+ years in security & privacy engineering) and turn it into a practical roadmap: data classification and modern DLP, encryption across the full data lifecycle (at rest, in transit, and increasingly in use), confidential computing/secure enclaves, and the telemetry/observability you need to continuously watch how sensitive data is accessed and moved. We also explore how privacy engineering and privacy-by-design are converging with security under regulatory pressure—and why many organizations are building a single, unified “data protection” strategy instead of separate privacy and security programs. Key takeawaysStart with a data inventory + classification model before expecting DLP to be effective. Treat encryption as a baseline (rest + transit) and plan for “data in use” protection. Use telemetry + observability to detect abnormal data access and enable rapid containment. Follow a repeatable framework: inventory → access controls → protection → monitoring → incident response → continuous improvement.
What this episode covers
In 2025, security leaders stopped treating the network as the main boundary and started treating data as the perimeter. In this episode, we unpack what “data-centric security” really means with Can POLAT (15+ years in security & privacy engineering) and turn it into a practical roadmap: data classification and modern DLP, encryption across the full data lifecycle (at rest, in transit, and increasingly in use), confidential computing/secure enclaves, and the telemetry/observability you need to continuously watch how sensitive data is accessed and moved. We also explore how privacy engineering and privacy-by-design are converging with security under regulatory pressure—and why many organizations are building a single, unified “data protection” strategy instead of separate privacy and security programs. Key takeawaysStart with a data inventory + classification model before expecting DLP to be effective. Treat encryption as a baseline (rest + transit) and plan for “data in use” protection. Use telemetry + observability to detect abnormal data access and enable rapid containment. Follow a repeatable framework: inventory → access controls → protection → monitoring → incident response → continuous improvement.
NOW PLAYING
Data-Centric Security and Privacy Engineering_ How
No transcript for this episode yet
Similar Episodes
Jun 16, 2026 ·41m
Jun 9, 2026 ·42m
Jun 2, 2026 ·38m
May 26, 2026 ·41m
May 19, 2026 ·39m
May 12, 2026 ·64m