AI has entered enterprise workflows as an active participant. As a data security intelligence provider, Nilesh Bhojani, VP Product – Engineering, Seclore exclusively outlines to Rajneesh De, Group Editor, CXO Media & APAC Media that Seclore applies context-aware intelligence and protection to the data itself rather than to the infrastructure around it.
You have spent several years working on enterprise data protection technologies. What motivated you to work in this space, and how has the data security landscape evolved during this time?
My journey into enterprise data protection was driven by a fundamental gap I kept seeing in how organisations approached data security. When I joined Seclore, the core challenge was preventing sensitive files from being misused once they left the enterprise. That challenge remains, but the environment around it has changed substantially. Enterprises today operate across on-premises infrastructure, cloud platforms, partner ecosystems, and third-party applications simultaneously, and most of the security tooling in place was architected for a far simpler model.
AI has added a new layer of complexity. Organizations are deploying systems that read, summarize, and act on enterprise data at scale, frequently without human oversight at the point of use. Conventional security models were not designed to answer the accountability questions that creates: how do you maintain control over information being processed and redistributed by AI systems operating across your environment?
As VP of Product Engineering, what are the most common data security challenges you see enterprises struggling with today?
Despite significant investment in security tooling, most enterprise security teams cannot confidently answer three questions: where is our sensitive data right now, who has accessed it, and is it actually protected? Everything else tends to follow from that underlying uncertainty. The most persistent challenge is the gap between policy and enforcement. Once data is downloaded, forwarded, or shared outside the organization, most tools lose sight of it. A governance policy may be in place, but it has no operational effect on a file that has moved beyond the systems where that policy is enforced.
Compounding this is fragmentation of the security stack. Enterprises have accumulated point solutions, each covering a particular channel or environment, but none designed to provide a unified view of how sensitive data has moved over time. Security teams spend a disproportionate amount of capacity reconstructing that picture manually. The most urgent emerging challenge is AI adoption. Business functions are integrating enterprise data with AI tools at a pace that outstrips the ability of security and compliance teams to govern. The visibility and control structures needed to understand what data AI systems are working with are not yet in place in most organizations.
What are the key pillars of Seclore’s GTM strategy for India?
India is foundational to Seclore, not simply as a revenue market but as the centre of our engineering and product capability. Our development operations are anchored across Mumbai, Delhi, and Pune. The DPDP Act has significantly changed the conversations we are having with Indian enterprises. Organisations are now under pressure to demonstrate, with verifiable evidence, how personal data is protected and governed at the file and record level. That requirement is surfacing at board level in ways it was not two or three years ago, and it plays directly to what our platform is designed to do.
We have a well-established presence in Indian banking, financial services, government, and defence, sectors where data sensitivity, regulatory obligation, and institutional maturity converge. That installed base provides strong reference points as we extend into adjacent industries. The third pillar is AI. As Indian enterprises accelerate AI deployment, governing the data those systems access and act upon is becoming a pressing concern, and it is a space where we have both a clear point of view and a product answer.
What are Seclore’s unique differentiators over other data security solution providers?
The central differentiator is that we apply protection to the data itself rather than to the infrastructure around it. Conventional security tools secure a location, a network, or an endpoint. Once data moves outside those boundaries, protection lapses. Seclore embeds controls directly in the data, so protection travels with it regardless of destination, whether that is an external partner, a cloud environment, or an AI workflow. Permissions can be updated, access restricted, or a file revoked entirely even after it has left the organisation, something perimeter-based tools cannot provide.
The second differentiator is context-aware intelligence. Rather than enforcing static rules, ARMOR evaluates protection decisions based on who is using the data, in what context, and for what purpose. Access that is appropriate today may warrant restriction tomorrow based on changed circumstances, and the platform adapts dynamically. Third is our open platform architecture. We integrate with the security and IT ecosystem organisations already operate: DLP, CASB, classification tools, Microsoft 365, CRM and ERP systems. Enterprises need something that extends and strengthens existing investments, not displaces them, and that integration depth is a consistent reason organisations choose Seclore.
Seclore has recently repositioned itself as a Data Security Intelligence company. What led to this shift and how does it reflect the changing needs of enterprises?
The repositioning reflects a shift in the problem enterprises are actually trying to solve. Organizations need to understand where sensitive data exists across distributed environments, track how it is being used by both people and AI systems, and demonstrate continuous, auditable control over it. That is a substantively different challenge from what data security tools were originally designed to address.
The inflection point was AI entering enterprise workflows as an active participant. When AI systems read, generate, and act on sensitive data without human review at each step, the questions security teams need to answer change entirely. Existing tools could tell you who accessed a system. They could not tell you what an AI agent did with a document, or provide evidence that it was handled correctly. ARMOR, launched in February 2026, integrates data discovery, intelligent classification, persistent protection, continuous enforcement, and usage insight within a single control model. Data Security Intelligence describes the outcome: not simply securing data, but maintaining the understanding needed to make the right protection decisions continuously as context changes.
The Digital Personal Data Protection (DPDP) Act is expected to reshape how organizations handle personal data. What are the key implications of this regulation for enterprise data governance?
The DPDP Act shifts the compliance standard from documentation to demonstration. Organisations must show, at the file and record level, how personal data is controlled and governed throughout its lifecycle. The financial exposure is substantial, with penalties reaching Rs 250 crore for inadequate security safeguards, and breach reporting to the Data Protection Board is required within 72 hours. That combination demands operational capability, not just documented intent.
The most significant governance implication is that security controls need to operate at the data level, not just at the infrastructure level. Most enterprise security architectures protect systems and networks. DPDP is concerned with the data itself: how it is collected, where it moves, who uses it, and for how long. The area of greatest exposure is what happens to personal data once it leaves direct organisational control, through vendor relationships, partner integrations, and third-party services. A compliance posture anchored to the internal perimeter is not adequate when personal data flows outward continuously. Maintaining auditability and control in those external environments is the capability gap that creates the most regulatory risk under DPDP.
Many organizations have data protection policies in place, yet sensitive information continues to move across systems, partners, and cloud environments. Why does this gap exist between policy and actual data movement?
Most data protection policies were designed for a model of data movement that no longer reflects how enterprises operate. Enforcement is applied at the point of transmission or within specific systems, not on the data itself. Once a file moves outside those systems, the link between that data and its governing policy is severed. Before that is an enforcement problem, it is a visibility problem. Organisations typically lack a complete picture of where their sensitive data actually resides. It accumulates in legacy repositories, personal cloud storage, email threads, and vendor systems. Governance decisions made without that visibility are inherently operating on an incomplete picture.
There is also an organisational reality that governance frameworks underestimate. People share data to accomplish work, constantly and across boundaries. Controls that introduce friction get worked around, not out of poor intent but out of practical necessity. Closing the gap requires protection that travels with the data and is intelligent enough to distinguish legitimate use from inappropriate use without impeding normal business activity.
Traditional cybersecurity tools often lose visibility once data leaves enterprise systems. How does Seclore’s approach to persistent data protection help organizations maintain control over their data?
Seclore applies protection directly to the data rather than to the channel or system it travels through. A protected file carries those controls wherever it goes. The organisation retains visibility and control whether the file is accessed by an external partner, opened on an unmanaged device, or consumed by an AI workflow. Organisations can define who can access a file, what actions they are permitted to take, and under what conditions, including time-bound access, device restrictions, and geographic controls. Critically, those conditions can be updated or revoked after distribution. The ability to revoke access post-sharing addresses a class of risk that most security tools have no mechanism to handle.
Protection at the file level also generates a continuous audit record of every access and action, giving security teams a verifiable log without having to reconstruct activity from multiple disconnected systems. Under DPDP, where producing evidence of how personal data was handled is an enforceable requirement, that file-level auditability is difficult to achieve through any other approach.
Seclore’s ARMOR platform focuses on discovery, classification, and continuous enforcement. How do these capabilities help organizations strengthen their data governance and compliance posture?
Discovery is the prerequisite. In most large enterprises, knowledge of where sensitive data resides is incomplete. It accumulates across old repositories, shared drives, email archives, and third-party systems, often outside the visibility of the security function. Without it, every governance decision is made against a partial picture. ARMOR provides a current, searchable understanding of the data landscape that makes meaningful governance possible. Classification makes protection proportionate. Applying uniform controls across all data is operationally unworkable and does not reflect how regulators assess compliance. ARMOR classifies data based on content, context, and intended use, creating controls calibrated to actual sensitivity, which is what allows organisations to demonstrate that specific data categories were identified and appropriately protected.
Continuous enforcement addresses the most common failure point in compliance programmes: the assumption that policies, once set, are followed. ARMOR enforces controls actively as data is used, re-evaluates access as context changes, and generates a running audit record as a matter of course rather than through manual effort. Compliance becomes an operational state rather than a periodic exercise.
Looking ahead, how do you see the role of data-centric security platforms like Seclore evolving as enterprises deal with stricter regulations and more complex digital ecosystems?
Regulatory frameworks globally are converging on a model that requires continuous, evidence-backed control over data rather than documented policy positions. DPDP, GDPR, and CCPA are all moving in that direction with increasing specificity and enforcement. The bar for what a data security platform must deliver is rising, and will continue to. The operating environment is becoming more complex at the same time. AI agents are more capable and more deeply embedded in enterprise workflows. The volume of systems, applications, and external parties interacting with sensitive data in any given organisation keeps expanding. The perimeter model is no longer a viable basis for data security strategy.
Taken together, these trends point toward data-centric security becoming a foundational operational layer rather than a supplementary control. For Seclore, that means continuing to deepen the intelligence layer. The more precisely we understand the context in which data is being used, the more accurate and adaptive our protection becomes.
