Company

Why I Joined Riscosity and the Future of Data Security/Privacy

As an experienced Product Leader, critical decisions are a part of my everyday work-life that involve a complex set of criteria. When I recently decided to join Riscosity as the Lead Product Manager, I treated the opportunity as I would any other critical decision. I thought I would explain why I chose to join Riscosity and what the future holds for data security/privacy.

Christopher Widstrom
Lead Product Manager at Riscosity
Published on
1/28/2025
4
min.

A Pioneering Product Solving a Pervasive Problem

Riscosity’s mission is to secure data in transit, and they are particularly focused on data being sent to 3rd party services and AI models. No other vendor, not even the myriad of network solutions out there, is able to adequately solve this problem today and make no mistake – this is a very real problem as is evidenced by the meteoric rise of various data protection regulations and data breaches. As a Product Leader, the idea of working on a product that addresses unmet needs that impact such a wide array of industries is truly thrilling. 

Thoughtfully Designed

I have been aware of Riscosity, followed its progress over the last couple of years, and I have been continuously impressed with the amount of care and consideration that has gone into the solution. I was recently able to try the product for myself and I could tell how much thought the Riscosity team has put into the problems they are solving and how to streamline the user experience for every user persona that interacts with the product. Riscosity has many customers now, and is on track for many more, who are delighted to have a solution for their data protection needs.

The People Behind the Product

Products cannot be successful without good people behind them who deeply understand the problems that they are solving and the users they are solving those problems for. I have always placed a tremendous amount of value on companies who fit this profile and Riscosity most certainly does.

The two co-founders behind Riscosity, Anirban and James, are no strangers to the technology needed to be successful in solving data protection needs or the problems behind those needs. At previous companies, they encountered numerous situations where data security/privacy-conscious customers needed fully documented catalogs of what data was being sent from the products they worked on and where that data was going. Without a proper solution, compiling such a catalog was often a task of months’ worth of effort. After repeatedly encountering this challenge and learning that there were no true solutions out there today, Riscosity was born. 

There is also the broader Riscosity team, whom I am meeting more of, and it is clear to me that they are a group of individuals who are passionate about data security/privacy challenges.

The Future of Data Security and Privacy

Before I dive into where data security and privacy is headed, let me take a moment to set some context.

I have spent over 7 years in the Application Security space as a Product Leader and, as a result, I have had the privilege of having a front-row seat to the software trends across every industry. One of the most common trends for most industries is that software companies are always looking for ways to bring their products to market faster and this is a major reason why leveraging 3rd party vendors to incorporate functionality in those products has become so pervasive. Why build your own payment processing or analytics system when you could use a well-established solution from one of the many popular vendors in those spaces to save time?

Despite the convenience, there are always trade-offs. In this case, a major one is that you are now sharing data with a vendor with whom you have little to no control over the security posture of. This is where data breaches and supply chain risk can come into play.

Given the historical trends of data breaches and supply chain attacks, it is easy to predict that the occurrences of these incidents will only increase while software companies continue to use as many 3rd party vendors as they can to stay competitive. Gartner has identified digital supply chain risk as one of 7 top security trends and predicts that 45% of organizations worldwide will have experienced software supply chain attacks by 2025.

I believe that we will also continue to see more regulations across the world aimed at safeguarding data privacy. Without proper solutions in place, organizations around the world could suffer catastrophic fines and loss of reputation. GDPR could be considered the harbinger of data privacy regulations, but since then many more data privacy regulations have been or are being put into place. Here are a couple of recent data privacy regulation trends:

  • In the United States, 7 states passed comprehensive data privacy laws in 2024 and in 2023. If that pace continues in 2025, we could see 26 out of 50 states with their own privacy law. With more than half of US jurisdictions covered by a privacy law, it will be increasingly likely that businesses will be subject to at least some of these laws.
  • Effective as of 1/17/25, the Digital Operation Resilience Act (DORA) establishes a framework to ensure financial entities in EU maintain operational resilience and manage risks related to 3rd party relationships, ICT systems, and data exchanges.

Finally, I would be remiss if I did not mention AI as part of this conversation. Most of the prominent AI models have little to no built-in capability to reject inputs like PII or PHI, but use of AI models will continue to explode while countries around the world try to catch up with implementing regulations. It is important to note that there is already one AI regulation, the EU AI Act, which went into effect on 8/1/24. One major component of the EU AI Act is identifying any 3rd party entities receiving data from AI systems and ensuring proper governance over those data exchanges, including understanding what data is passed to 3rd parties and ensuring they comply with EU data protection laws (like GDPR).

For organizations around the world to ensure that their users are not leaking sensitive data to these AI models and that they are best positioned to comply with future regulations, they will need a proper automated solution like Riscosity to help control what data is passed to those AI models. 

Onwards and Forwards

I hope that this blog post helps you make your next employment decision and that you learned a thing or two about data security and privacy along the way. If you are interested in learning more about Riscosity or have your own thoughts about the future of data privacy and security, reach out to us at hello@riscosity.com.