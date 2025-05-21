In this podcast, we talk to Mathieu Gorge, CEO of Vigitrust, about key topics at RSA 2025 in San Francisco.

The impact of artificial intelligence (AI) on compliance was huge. Gorge discusses its spread in the enterprise and how this impacts the potential risk surface for organisations. Meanwhile, he also notes the trend among suppliers towards a more consultative approach based around business outcomes.

Finally, and with reference to the impact of AI on organisations, compliance, and their data, he talks about the discussion at RSA about the role of the CISO – chief information security officer – and whether they should be (solely) responsible in the face of risks posed by AI.

What were the key topics of relevance to data, storage and data protection that came up at RSA 2025? I’ve been going to RSA in the US for about 20 years, and I’ve done a few in Europe. And generally speaking, every year, there’s one single topic, whether it was blockchain, it was orchestration, then last year was about AI deployment, AI adoption. This year, it was kind of hard to see one single trend. However, what we can say is that based on the talks, and based on what the vendors were doing, compliance is at an all-time high. You could feel the energy, you could feel the innovation in compliance. There were a lot of vendors on the GRC [governance, risk, compliance] front, there were vendors on specific areas of compliance and data protection. So, that was interesting to see. The next thing is we felt when we were there with some of my colleagues, that at least on the vendor showcase, the narrative had changed. It was more about the business outcome of using the right products. • Download this podcast • So, whereas in the past, typically at RSA, it was like pure sales: buy my encryption, because you need encryption; buy my storage solution, because you need proper storage. This year, it really felt like a lot of work had been done on the business outcome of selecting solutions. So, the business outcome being, well, you’ll be more compliant, you’ll be able to demonstrate you’re doing data protection, you’ll be able to at a click of a button, know where you have data issues and where you don’t. And then there was also the role of CISOs. CISOs were mentioned a good bit and extended to head of risk, head of compliance, and talking about the role of CISOs, specifically with regards to AI adoption. Are the CISOs the right people to be in charge of AI adoption? Are they not busy enough already dealing with data protection? Who else should work with the CISOs? Who else should be looking after AI governance, which was also one of the big themes in the organisation? And what does it mean for compliance and for data protection? And there were some very interesting talks about that.