As organizations across industries grapple with evolving cybersecurity threats and compliance mandates, it is important to look ahead and prepare now for the challenges and opportunities that may arise in the coming year. In this first installment of our 2025 Predictions series, we sat down with Dana Morris, SVP of Product and Engineering at Virtru, to get his take on the security landscape and where we can expect to see the most impactful shifts in 2025 and beyond.
What are your broad predictions for the cybersecurity market as a whole?
The DoD Zero Trust and CMMC 2.0 deadlines are two major factors that are likely to drive significant shifts in the cybersecurity market. Overall, the trend is moving from coarse-grained to fine-grained controls—whether data, model, or code-centric. This shift, which brings detection and decision-making closer to valuable assets, will likely fuel adoption.
Where can we expect to see growth and increased investment? And what about decreased investment?
There are several areas poised for growth that I’d like to call out: data security posture management (DSPM), data-centric security, software supply chain security, and solutions enhancing privacy, security, and provenance for AI models. While defense-in-depth strategies remain essential, reduced investment may occur in cases of vendor consolidation, where large platforms consolidate workloads, driving down costs.
How do you foresee AI continuing to develop, specifically in relation to data security?
In 2025 I anticipate the integration of AI into data security to continue advancing rapidly along three main vectors:
- Data Classification: AI is dramatically improving our ability to automatically identify and categorize sensitive information. This enables more accurate and scalable data governance.
- Data Loss Prevention (DLP): AI-powered DLP solutions are moving beyond simple pattern matching to understand user behavior and data usage patterns. This has potential to improve preventative strategies with regards to data breaches while reducing false positives that plague traditional DLP systems.
- Threat Detection: AI systems are becoming increasingly sophisticated at identifying potential threats by analyzing patterns across vast amounts of data. This includes detecting anomalous behavior, identifying potential insider threats, and spotting sophisticated attack patterns that might be missed by conventional tools.
CMMC 2.0 is set to take effect in 2025. How do you think that will play out?
The CMMC 2.0 rollout will likely drive a surge in demand for compliance solutions, like Virtru, as organizations work diligently to meet the requirements. Compliance tech providers and consulting firms stand to gain significantly from this, as thousands of organizations will need third-party CMMC compliance.
While the program's goals are clear, the implementation path will be complex for many organizations. Smaller defense industrial base (DIB) players may face challenges with these requirements, given the costs of assessments, which could push some out of the market. It is important to note that given the grace period for existing contracts, the full impact of this shift may not be felt for another 2-3 years.
What predictions do you have for federal technology advancement and investment in 2025? What indicators do you see from Virtru’s customers in this space?
First off, I believe we’ll see budgets for Zero Trust implementation expand, especially around the data pillar. Organizations are realizing that traditional perimeter-centric security on its own is not sufficient, and they must implement data-centric tools like granular access controls in order to realize and activate the value of their sensitive data that they must share.
Second, we’re likely going to see progression with regards to pilot projects, as many will transition into full-fledged operational deployments with the looming 2027 Zero Trust deadline approaching.
Lastly, the focus on AI adoption will only continue to increase and intensify, as will AI security initiatives. This is an inevitability, as bad actors continue to utilize AI, the good guys must also yield its power as a countermeasure.
