Over the past two decades we have seen security get more and more granular, going deeper into the stack generation after generation, from hardware, to network, server, container and now more and more to code. The next frontier of this evolution is data, especially sensitive data. Sensitive data is what organizations don’t want to see leaked or breached. This includes PHI, PII, PD, financial data.

Now is the time to rethink how you manage data security. We’ve discussed the potential for breaches, financial ramifications, and loss of business in the past. These get your attention, but we’re well beyond that. No company is immune to these risks anymore. It’s the “how” that trips people up. How do you account for every line of code? How do you keep tabs on third parties? How do you ensure security teams aren’t in the way of developers?

I’ve heard the title of this article uttered in exasperation by more than a few CISOs. That can’t be the case though, right? Developers are some of the most paranoid cautious, security-conscious people I know. Compared to your average person, developers are far more skeptical when it comes to their personal data. Even as a CEO, those instincts from my time as a full-time dev persist.