Pack analyst btn         PAC        
 
Home » Blog » Part 9: What’s Next? Emerging Trends in Data and Application Security
Wolfgang Schwab

by Wolfgang Schwab

1 December 2025

tagsTags
AI security Application Security Cybersecurity Data Security DevSecOps Digital Trust

Part 9: What’s Next? Emerging Trends in Data and Application Security

In the previous eight posts, we have thoroughly covered the full scope of securing data and applications, from business strategy and compliance to architecture, implementation, and operations. As we look ahead, it’s evident that the security field is changing quickly.

The digital landscape is changing rapidly. AI is transforming how development and attack models work. Applications are becoming more temporary, data is spreading out more, and attackers are getting more inventive. At the same time, user expectations, legal requirements, and trust issues are growing.

In this final chapter, we will examine the major trends and transformative changes shaping the upcoming era of data and application security and discuss what you can do to prepare.

Before we dive in, if you’re looking for real data on cybersecurity trends, key vendors, and market direction, explore our Cybersecurity Intelligence Page. You’ll find free reports and insights to help you make confident decisions.

1. From Perimeter to Post-Perimeter: Identity and Data Take Center Stage

Traditional security methods concentrated on controlling a physical or logical perimeter, using tools such as firewalls, VPNs, and trusted networks. However, advances in cloud-native architecture, remote work models, and API-first development have effectively removed these boundaries.

In response, modern security is increasingly:

  • Identity-centric: verifying who’s asking, every time, from everywhere
  • Data-centric: focusing on protecting the asset (data) rather than the container (system)
  • Context-aware: assessing device health, user behavior, and risk level dynamically

Expect to see Zero Trust continue to mature, not as a buzzword, but as the operational reality of distributed access control and adaptive security enforcement.

2. AI: The Double-Edged Sword of Security

AI is increasingly serving as a force multiplier for both defenders and attackers.

On the defense side, AI powers:

  • Behavior analytics (UEBA/XDR) to detect subtle anomalies
  • Intelligent threat correlation across thousands of signals
  • Automated classification of data, risk, and assets
  • Natural language interfaces for security operations and compliance analysis

But attackers also use AI, to:

  • Write more convincing phishing emails
  • Reverse-engineer APIs or credentials at scale
  • Evade detection by mimicking human-like traffic patterns
  • Rapidly scan and exploit large swaths of cloud infrastructure

The implication? Organizations need to secure their AI systems, especially LLM-based apps, and use AI defensively to stay resilient at machine speed.

3. Privacy and Data Protection Laws Continue to Expand

The GDPR was just the start. It is notable that over 140 countries now have some form of data protection laws. The U.S. has seen an increase in state-level laws (e.g., CCPA, CPRA, Colorado Privacy Act), and the EU continues to expand into areas like:

  • DORA: Operational resilience for financial services
  • AI Act: Risk-based governance for AI systems
  • NIS2: Expanded cybersecurity obligations for essential and digital services

Meanwhile, international frameworks are being created for data transfer (e.g., EU-U.S. Data Privacy Framework), data localization, and cross-border cloud services.

Implication: Organizations must integrate compliance-by-design principles into their processes, not as an afterthought, but as a core part of data governance, privacy-aware development, and automated audit readiness.

4. Software Supply Chain Security Moves to the Forefront

Recent incidents, such as SolarWinds, Log4Shell, and MOVEit, have shown how vulnerable the software supply chain is. Security now emphasizes a broader view, including inherited code from other sources, beyond just individual coding.

Expect to see more focus on:

  • Software Bills of Materials (SBOMs) as a procurement and compliance requirement
  • Secure artifact signing and validation in CI/CD pipelines
  • Dependency monitoring and sandboxing for third-party components
  • Vendor security assessments are becoming part of every audit

Securing the pipeline becomes as important as securing the product.

5. Confidential Computing and Data-in-Use Protection

Most companies have historically focused on encrypting data at rest and in transit. However, data in use, when it is actively being processed, has been a blind spot.

However, confidential computing is changing this landscape by using secure enclaves (such as Intel SGX and AMD SEV) to isolate workloads at the hardware level.

Expect increased adoption of:

  • Privacy-preserving analytics (e.g., multi-party computation, federated learning)
  • Secure enclaves for financial or medical apps
  • Data control even in outsourced or untrusted environments

This approach facilitates trusted collaboration without compromising data integrity.

6. Shift-Left and Shift-Right Meet in the Middle

Security was once added at the end. Then we began “shifting left,” integrating security into development workflows.

But what’s emerging now is a balanced approach:

  • Shift-left: embedding scanning, threat modeling, and IaC testing into early stages
  • Shift-right: focusing on observability, incident response, and behavior analysis in production

The future is DevSecOps maturity, where feedback loops among dev, sec, and ops teams foster continuous security learning and resilience.

7. Security as a Business Enabler

The days of viewing security as a cost center are fading. More and more, security serves as a competitive advantage, signaling trust, reliability, and ethical responsibility.

Investors, partners, and customers are asking:

  • “How do you handle our data?”
  • “What happens if something goes wrong?”
  • “Can you prove compliance?”

Leading organizations use security certifications (e.g., ISO 27001, SOC 2), transparent incident management, and strong governance to secure contracts, reduce churn, and speed up market entry.

How to Prepare for the Future

While no one can foresee every threat or trend, organizations can develop adaptive capacity by:

  • Investing in developer-first security tooling
  • Establishing resilient architectures with segmentation and failover
  • Using risk-driven security metrics, not just compliance checklists
  • Creating a culture of shared ownership across business, dev, and security teams
  • Staying informed through threat intelligence, industry groups, and postmortem learning

Security is no longer just a department. It’s a fundamental business function, integrated into how we build, ship, and grow.

Wrapping Up the Series

This wraps up our nine-part series on data and application security. We’ve covered a wide range of topics, including business drivers and regulations, architecture, controls, operations, and future trends. Our aim has been to understand what it takes to create a modern, resilient, and trustworthy security program.

However, the journey doesn’t stop here. Security is a continuous process. It develops alongside your business, your users, and your environment.

It is recommended to take the next step. A review of the architecture is necessary to ensure optimal performance. Please map your controls. Ask probing questions. It is essential to challenge assumptions. It is crucial to focus on the secure construction of these systems.

Latest Blog Posts

Part 9: What’s Next? Emerging Trends in Data and Application Security

In the previous eight posts, we have thoroughly covered the full scope of securing data and applications, from business strategy and compliance to architecture, implementation, and operations. As we look ahead, it’s evident that the security field is changing quickly. The digital landscape is changing rapidly. AI is transforming how development ...

Event Date : December 01, 2025

Read more

Trend Topics from SPS 2025

The SPS fair in Nuremberg, Germany, just closed its doors. From November 25 to 27, the SPS brought together 1,175 exhibitors (2024: 1,114 exhibitors) and approximately 56,000 trade visitors (2024: 51,300 visitors) to discuss the latest trends in smart factory and digital automation.

Event Date : November 28, 2025

Read more

The Core Ingredients Fuelling Sage’s AI Momentum

Earlier this month, PAC attended the Sage Future for Partners event in Barcelona, where the software provider highlighted the launch and expansion of its offering, closer ties with partners, and how AI is the most transformative opportunity of our time. With a core focus on the SMB segment, Sage is embarking on a journey to embed AI across every ...

Event Date : November 18, 2025

Read more

Part 8: Choosing the Right Partners – Navigating the Security Tooling and Services Ecosystem

No matter how strong your application architecture or how advanced your controls are, securing data and applications at scale is rarely a one-person job. This section examines the crucial process of selecting the best partners—when to build internally, when to buy, when to outsource, and how to evaluate technology that meets your needs and ...

Event Date : November 18, 2025

Read more

PAC at the Google Cloud Digital Sovereignty Summit in Munich: Europe’s Moment of Decision

Last week, PAC attended the Google Cloud Digital Sovereignty Summit in Munich, where leaders from government, industry, and the technology sector came together to discuss one of Europe’s most urgent strategic questions: how to accelerate AI and cloud innovation while maintaining sovereignty, trust, and compliance.

Event Date : November 17, 2025

Read more

Share via ...