In this podcast, we talk to mathieu gorge, CEO of VigitrustAbout Key Topics at RSA 2025 in San Francisco.
The impact of Artificial Intelligence (AI) on Compliance was huge. Gorge discusses its spread in the enterprise and how this impacts the potential Risk surface for organizations. Meanwhile, he also notes the trend amn suppliers towards a More Consultative Approach Based Around Business Outcomes.
Finally, and with reference to the impact of ai on Organisations, Compliance, and their dataHe talks about the discussion at rsa about the role of the ciso – Chief Information Security Officer – And Whether they should be (Solyly) Responsible in the face of Risks Pode by Ai.
What was the key topics of relevance to data, storage and data protection that came up at rsa 2025?
I've been going to rsa in the us for about 20 years, and i've done a less in europe. And generally speaking, every year, there's one single topic, whether it was blockchain, it was orchestration, then last year was about AI Deployment, AI Adoption,
This year, it was kind of hard to see one single trend. However, what we can say is that based on the talks, and based on what the vendors were doing, compliance is at an all-time high. You could feel the energy, you could feel the innovation in compliance. There was a lot of vendors on the GRC [governance, risk, compliance] Front, there was vendors on Specific Areas of Compliance And data protection.
So, that was interesting to see. The next thing is we felt when we were there with some of my colleagues, that at least on the vendor showcase, the narrative had changed. It was more about the business outcome of using the right products.
So, whereas in the past, typically at rsa, it was like pure sales: boy my encryption, being you needs encryption; Buy My Storage Solution, Because You Need Proper Storage. This year, it really felt like a lot of work has been done on the business outcoming of selecting solutions. So, The Business Outcome Being, Well, You'll Be More Compliant, You'll be able to demonstrate you're Doing data protection, you'll be able to at a click of a button, kNow with data and voice don't.
And then there was also The role of cisosCisos was mentioned a Good Bit and Extended to Head of Risk, Head of Compliance, and Talking about the Role of CISOS, Specifically with Regards to Ai Adoption.
Are the cisos the right people to be in charge of ai adoption? Are they not busy enough already dealing with data protection? Who else should work with the cisos? Who else should be looking after ai governance, which was also one of the big themes in the organ? And what does it mean for compliance and for data protection? And there was some very interesting talks about that.
Cold you expand a little on how vendors are emphaasing business outcomes raather than Necessarily their functionality or what they are particularly offering?
I felt the vendors were taken Whether you like it or not, you're going to have to use us or our competitors ”.
It was a case of, we're now in a state where with ai adoption, the risk surface goes up trendily. It reminds me of cloud where people could buy buy services and extend the risk surface with bypassing security and compliance.
And we see that happy with ai deployments as well. So, I felt there was a genuine direction from the vendor communication and from the speakers to say, “Hey, we are going to adopt ai, so let's try and do it the right will be without Compromising the resist We're Doing.
And then came the question I alredy mentioned, which was who really should be in charge of that? Is it just the ciso, or is the ciso and the Chief AI officer, or do we need a chief ai security officer? And what does it mean for compliance? Really one of the key messages is that with ai, you just have a lot more data and you have live less control on the new data that is being done.
And so you need to have the right frameworks. And whilst there alrady many ai frameworks out there to manage ai deployments and ai in terms of data classification, they're not alllesss well known. In Fact, even some of the cisos are not necessarily aware of them.
So, I think as an industry, we have a duty to show up and make it easy to do the right thing things the risk surface is definitely going up.