DigitalTransformationTalk: Simplifying and scaling your data storage strategy

On 8 July 2025, Digital Transformation Talk host Kevin Crane was joined by Jean Carlos, Information Security Lead, Trade Republic;Morgan O’Neill, Director, Data Protection Services, Thorntons Law LLP; and Adam Gale, Field CTO for AI and Cyber Security, NetApp.
 
Views on news 

in today’s cyber threat landscape, simply having a backup isn’t enough. It is also critical to ensure that backups go along with proactive planning, with protection strategies to ensure the organization can quickly respond to issues and restore data in the event of an incident. That’s why modern enterprises need more than just data backup. They need cyber-resilient storage, meaning their data security is proactive and self-defending, thanks to AI analysis taking place in the background. A backup and storage solution that works in conjunction with AI doesn’t just protect data – it predicts, alerts and responds to threats before they escalate. Instead of simply reacting after an attack or failure. User behaviour analytics or ransom detection is the way forward, especially if you consider the skills gap that cybersecurity is struggling with. Having already used AI for a long time, the financial sector can serve as a model for other industries as well. 

Upgrading data infrastructure to support AI at scale

Unless you find the right technology stack for your purposes, your AI project is bound to fail. There are a few important questions that must be answered right at the beginning about whether PII should go into the system, how confidential information should be handled and if there are some IP considerations too. It’s also key to abstract the access layer to the actual data layer. Data should be made immutable, so it can be recovered when infected or broken.

 

The importance of access management is often overlooked as too many people get access to critical data. Multi-administrator verification is one of the key tools in access management, where two administrators must turn the key at the same time. The best approach is to use the tools that the company already has and only give just-in-time permissions. Establishing a robust data pipeline involves making automated data quality checks at each level before data gets injected. But the data pipeline must also be continuously developed and improved, make sure you bake data protection and security controls into the pipeline from the start. 

Cyber resilience by design is closely intertwined with operational resilience. To learn about data protection compliance, AI deployments need to consider what the EU act or the UK GDPR act mandate – as well as the UK Data Use and Access Act. An update on the Cyber Act is also in the pipeline. DORA, the Digital Operational Resiliency Act, calls for autonomous monitoring systems. In addition to finance, DORA covers insurance and crypto as well to avoid that a financial institution gets compromised through a backdoor. Although there are no examples of intentional data poisoning by bad actors yet, cyber defences must get prepared to fend these types of attacks off as they soon may become reality. IT experts often struggle with multi-cloud and hybrid cloud environments. DORA also mandates the ability to repatriate and move workloads from one cloud to another and back to premise. Solutions like will help companies not only move between clouds but also prove their ability to move to regulators. 

 

The panel’s advice

• Know what data you’ve got and where it is.  
• There are three major steps to a data project: initiation, implementation, monitoring.
• Never overlook your data protection and security obligations.