Why Data Protection Fails Without Context in Modern Hybrid Environments

Eran Barak, CEO of MIND, joined TechNadu for a conversation on why data protection breaks down due to insider risks. Drawing from a career in risk intelligence and security innovation, Barak highlights how unstructured data, GenAI misuse, and policy drift continue to outpace legacy defenses. 

Barak has led programs to uncover the blind spots of modern defenses. “Data in use is widely seen as the most difficult to secure,” he notes, framing one of the key concerns in today’s hybrid environments. 

He explains how fragmented controls fuel false positives, and why shadow IT creates gaps that insiders can exploit. 

Barak believes that unifying policies across SaaS, endpoints, and cloud platforms gives organizations visibility without the noise. 

This interview outlines what defenders must change to protect sensitive information.

Vishwa: What is Data Loss Prevention (DLP)? Does it withstand attacks such as ransomware? Where is data hardest to secure — files, cloud, or endpoints?

Eran: Data Loss Prevention (DLP) is a security strategy that identifies, monitors, and protects sensitive data from unauthorized access, leaks, or exfiltration. It works by understanding the context and classification of data, applying controls to stop threats before they escalate. 

We enhance this by automating DLP with AI and real-time risk awareness, delivering precision without the noise.

Ransomware and targeted exfiltration are not just threats to endpoints; they exploit weak links in fragmented architectures. With MIND, DLP is deployed across files, cloud platforms, endpoints, emails, and GenAI apps from a single platform, ensuring complete visibility and proactive defense where data moves and lives.

Data is hardest to secure when it’s unstructured, unclassified, and distributed, which is often the case in SaaS and endpoint environments. MIND brings clarity to this complexity by continually discovering, classifying, and protecting data across all environments.

Vishwa: What insider behaviors have most often been observed in AI-driven DLP leading to data exfiltration? Can you share examples and findings?

Eran: Some of the most common risky behaviors include:

• Uploading sensitive data to unsanctioned GenAI tools (e.g., ChatGPT)
• Sharing files externally via personal cloud or messaging platforms
• Reusing code or configurations across repositories

Case in point: One customer saw employees pasting regulated customer information into an AI assistant for formatting. MIND detected and blocked the action instantly. 

Another client uncovered widespread use of DeepSeek before it was ever sanctioned. MIND responded before a breach could occur.

These risks are amplified when policies are reactive, fragmented or lack context. MIND's AI uncovers not just "who" but also "why," mapping user behavior to risk and allowing security teams to act on what matters.

Vishwa: Can you list a few critical risky actions, red flags, and anomalies detected in insider risk detection?

Eran: Here are several behavioral patterns MIND surfaces:

• Mass downloads followed by upload to external domains
• Data transfer to personal drives (e.g., USB, Dropbox)
• Sharing of high-sensitivity files outside business hours
• Access to source code by non-developers
• Repeated violations after policy notifications

These aren’t isolated events. When analyzed together, they create risk signals that help MIND assess user intent and escalate only what’s truly anomalous. Automated coaching or progressive controls can then be deployed to prevent harm while educating users in real-time.

Vishwa: How are safeguarding data at rest, in motion, and in use different from each other? Which state is considered the most risky and why? What do unified controls involve?

Eran: Data at rest includes stored data in databases, file shares, and cloud repositories. Risk arises from accidental exposure via misconfiguration or over-permissioning.

Data in motion includes data being transferred via email, uploads, or APIs. And risks in these scenarios come from exfiltration during transit. 

Data in use includes that which is actively opened, edited, or pasted into other apps. The risk comes from the difficulty of monitoring without endpoint-level inspection.

Data in use is widely seen as the most difficult to secure due to its dynamic, user-driven nature. 

We protect all three states with unified, intelligent controls and policies that adapt based on context, data sensitivity, and user behavior across all environments.

Vishwa: What are the consequences of policy drift across Software-as-a-Service (SaaS) when applying consistent DLP policies in hybrid environments? What challenges do shadow IT and misconfigurations create?

Eran: Policy drift occurs when inconsistent DLP rules are enforced across environments, leading to gaps that attackers and insiders exploit. In SaaS, this can result in sensitive data being over-shared, improperly stored, or completely invisible to security teams.

Shadow IT amplifies this risk. Employees adopt unsanctioned apps that lack security review, while misconfigurations in tools like Google Drive, M365, or messaging apps like Slack leave sensitive files open to the public, external collaborators, or connected shadow IT apps.

We mitigate this by unifying policy enforcement across SaaS, endpoints, and cloud. Automated discovery, policy mapping, and continuous scanning ensure data doesn’t slip through the cracks.

Vishwa: How can AI classification be enhanced for greater contextual accuracy and fewer false positives in sensitive data protection? How has scalable automation changed enterprise data protection workflows?

Eran: False positives are the Achilles' heel of legacy DLP. We eliminate them by using a multi-layered AI engine trained on business-specific patterns, not just keywords or RegEx. It understands file types, behaviors, and risk severity, from contracts to credentials.

Automation plays a force-multiplying role. MIND automatically classifies sensitive data, triggers contextual policies, and even remediates via user collaboration or workflow orchestration. 

This frees up security teams to focus on what matters most and dramatically reduces the operational burden.

Vishwa: Which cybersecurity tools would you recommend for beginners for better Password Management, Multi-Factor Authentication (MFA), and secure browsing? What would you recommend for professionals for endpoint monitoring and advanced threat detection?

Eran: Each organization will need to assess its unique needs and infrastructure when selecting tools for password management, multi-factor authentication, secure browsing, endpoint monitoring, and advanced threat detection.

Rather than specific tool recommendations, focus should be placed on a defense-in-depth strategy, ensuring overlapping layers of protection across identity, devices, applications, and data. 

It's also critical to prioritize interoperability between platforms, so that controls can work together seamlessly to strengthen your overall security posture without overburdening the people tasked with operating them.

The goal isn’t more tools, it’s smarter ones. Look for solutions that offer clarity over complexity, prioritize context, and deliver value with minimal manual work.