By In this episode of Secure By Design, Dimitri Sirota, CEO and Co-Founder of BigID, shared insights on the company’s evolution, its approach to data security and compliance, and how it’s addressing enterprise AI concerns through its latest offering, BigID Next.
The origin story
Founded approximately eight years ago, BigID emerged as a response to the growing regulatory environment around data and the lack of evolved technology to address modern data security needs.
“The big idea behind BigID was that data remained a major issue—data security, data compliance and data management loomed large as problem areas for many organizations,” explained Sirota. “This was because data was becoming much more regulated than it had been in the past.”
BigID is helping enterprises modernize data security and compliance while embracing artificial intelligence (AI). Sirota noted that when the company started, new regulations were being passed internationally around privacy, data breach, and data exfiltration, elevating data concerns to boardroom-level discussions. Meanwhile, technology for understanding, securing, and managing data compliance hadn’t evolved significantly since the early 2000s.
BigID’s approach focused on three key areas: making data security cloud-native; expanding capabilities to handle the modern data stack; and thinking about data holistically across security and compliance
Introducing BigID Next
After years of customer interaction and learning, BigID recently launched BigID Next, a modular data platform for managing data privacy, compliance, and security. With growing regulatory demands and increasing reliance on AI technologies, the platform aims to provide organizations with the tools they need to modernize securely and at scale.
BigID Next aims to redefine how enterprises manage the above-mentioned complexities, reflecting years of customer feedback and product iteration. The platform supports both single- and multi-tenant environments, as well as bring-your-own-cloud (BYOC) deployments. Sirota notes that AI now drives every layer of the platform, from identifying data and prioritizing risks to executing remediations like deletion or access restriction.
“BigID Next takes a truly cloud-first approach, supporting multi-tenant cloud, single-tenant cloud, and even BYOC deployments,” Sirota shared.
The new platform focuses on three core principles:
- A cloud-first approach
- AI-centered functionality
- Actionable solutions through modular frameworks
“We’ve had a strong focus on AI and machine learning in BigID since the beginning, but now we take an AI-first approach to everything we do,” said Sirota. “That could mean large language models (LLMs), natural language processing, or even a copilot experience.”
The platform also introduces an app-like modular framework, similar to how smartphones offer stackable modules. Sirota explains how this enables users to layer capabilities for tasks like labeling, deletion, and access control. It also features an updated interface designed for mobile, with plans to support interactive agents in future releases.
AI Boom and Enterprise Security
BigID approaches AI from two perspectives: as both a problem to solve and a tool to leverage. “We look at it as a problem that BigID can help with, and over the past year, we’ve been adding capabilities to help organizations manage the security and compliance of their AI programs,” Sirota explained.
The company has elevated AI in its broader messaging, now describing itself as “connecting the dots in data and AI.” While BigID has been using various machine learning techniques since its inception, recent advancements in generative AI (GenAI) and LLMs have expanded their capabilities.
Sirota emphasized that LLMs aren’t a universal solution: “LLMs aren’t a solution for everything. They’re great with text and conversational interactions, but they’re less effective in other areas. On top of that, they’re incredibly expensive and come with a number of security concerns.”
Enterprise AI Adoption and Security Risks
When asked if enterprises are evaluating AI adoption because of security concerns, Sirota confirmed that security, compliance, and risk are significant considerations.
“Most companies already have AI programs, but they’re careful about which ones they roll out. They want to ensure they roll out solutions that don’t require sensitive data—and that won’t potentially compromise the brand,” he noted.
He pointed out that many companies haven’t fully embraced tools like Microsoft Copilot because “they’re nervous about making all of their company data available to copilot.”
Enterprise AI Concerns
Sirota identified three main areas of concern that enterprises have regarding AI adoption, all connected to data:
- Training data protection: “They want to put more protections around what data is going in to train the model.”
- User interaction controls: “They want to put protections and controls around how users interact with certain types of AI.”
- AI response guardrails: “They want to put protections over how the AI responds.”
Sirota emphasized the fundamental link between AI and data: “AI isn’t magic. It’s not conscious. We haven’t achieved AGI. It’s largely just a transformer model—transforming the data you provide into a format that mimics consciousness.”
When to Call BigID
Rather than viewing vendor relationships as purely transactional, Sirota encourages companies to engage with peers and vendors to build AI strategies rooted in secure, responsible data practices: “People should use vendors as sources of experience. And I think, rather than viewing the relationship purely transactionally—like, ‘If I call them, that means I have to buy something’—talk to them to gain insights, lessons, and learnings.”
What’s in the pipeline
Looking ahead to mid-2025, BigID is focusing on two main areas: enhanced AI integration for runtime interactions, protections, and guardrails; and agentic capabilities around search and data set construction for AI
Sirota also teases BigID’s plans to release new agent-driven features by mid-year, which will extend its capabilities in runtime protection and federated data search. “Everything we’re doing around search and data discovery—like identifying specific data to build AI datasets and federating it with intelligent agents—is also expected to roll out around mid-year,” Sirota revealed.
As organizations navigate the complex landscape of data security, compliance, and AI integration, BigID continues to evolve its offerings to address the interconnected nature of these challenges.
Guest: Dimitri Sirota
Company: BigID
Show: Secure By Design
