Yogesh Badwe is Chief Security Officer for Druva, a leading provider of cloud-based data protection and security solutions. With over 20 years of cybersecurity leadership experience at high-growth organizations like Okta and Salesforce, Badwe is passionate about helping organizations secure their digital transformation journeys to the cloud.
Expert Insights reached out to Badwe for his insights on the cloud backup and data security threat landscape, his recommendations for CISOs seeking robust solutions, and his predictions on trends shaping the industry in 2025 and beyond.
Want more stories like this? Subscribe to Decrypted.
Q. What are the biggest challenges for customers in the cloud backup and data security space today?
As more customers turn to the cloud, protecting and securing multi-cloud environments has become increasingly difficult. The frequency and severity of cyber incidents are rising, leaving IT and security teams overwhelmed, disconnected, and struggling to respond quickly and effectively. When a breach occurs, IT admins are flooded with urgent questions from security teams and executives – often without the tools or visibility needed to provide answers. This disconnects, arising from organizational and data silos, and slows down incident response, as well as increasing the risk of costly errors and prolonged downtime.
Another major challenge is balancing centralized control with the flexibility of best-of-breed technologies. Many organizations try to replicate on-prem environments in the cloud, leading to inefficient, “quick fix” systems that are hard to manage. On the other hand, when organizations use best-of-breed technologies for each cloud, they often end up with disparate environments requiring multiple teams to manage, resulting in confusion and inconsistent protection. Visibility is also a persistent issue. In complex multi-cloud and SaaS ecosystems, teams often don’t know what needs protecting until it’s too late – after data is lost. This lack of insight leads to chaos during attacks, delayed recovery, and increased business risk.
The result? Costly mistakes, prolonged downtime, and heightened risks to both the business and its customers. Without a fundamental shift in how security and IT teams collaborate around data security and cyber resiliency, organizations will continue to fight an uphill battle against an increasingly hostile cyber landscape.
Q. How does the Druva Data Security Cloud help teams address these challenges, and how do you differentiate yourselves from competitors?
Organizations need to protect and secure data—and recover when breaches happen. Druva helps organizations achieve multi-cloud resilience by uniquely centralizing data protection to deliver unified visibility into data across on-premises, hybrid, and cloud environments, without the need for additional software or a steep learning curve. With this unified view, customers can accelerate threat detection, remediation, and recovery—while protecting and securing data at scale. Druva’s Data Security Cloud is battle-tested against advanced threats, empowering users to confidently navigate the threat landscape.
Unlike other solutions, Druva’s platform is designed for scalability and simplicity, delivering robust security with zero-trust architecture, end-to-end encryption, and genAI capabilities that empower IT and security teams to defend the business. The only vendor that delivers a 100% SaaS solution, Druva offers a lightweight platform that doesn’t require additional hardware, software, or costs, from customers.
Dru Investigate, Druva’s genAI copilot, enables users to investigate potential data risks with natural language queries—and guides users when they don’t know what to look for. This allows both security and IT teams to quickly understand exactly what they need to do to thoroughly support cyber investigations and remediate any data security issues—effectively bridging the operational gap between IT and security teams.
Druva’s modern approach to data security enables businesses to quickly bounce back from any threat with ease. For instance, DMS Health Technologies, one of the country’s largest providers of mobile imaging equipment and accessories, leveraged Druva to recover 100% of its data from a ransomware attack, restoring operations confidently and efficiently.
Q. What are your top recommendations for CISOs in the process of looking for a cloud backup and data security solution?
Data security, privacy and governance must be a top priority for CISOs as AI-driven business use-cases and multi-cloud environments become the norm. To mitigate risks—whether from external threats or internal mismanagement—CISOs need to ask pointed questions: How will my data be used? What compliance and ethical safeguards are in place? Can AI-driven security outputs be traced and explained? With evolving regulations like DORA pushing organizations to reduce single-cloud dependency, now is the time to build a resilient, well-governed AI and data protection strategy.
To strengthen defenses, organizations should implement a unified platform that consolidates backup, recovery, and archival processes across cloud, on-premises, and endpoint data. A centralized approach enhances visibility, control, and the ability to respond swiftly to security incidents.
Additionally, as cross-cloud compliance regulations continue to evolve, CISOs must ensure organizations remain flexible, while preparing for future mandates. Regulators increasingly expect companies to avoid over-reliance on a single cloud provider, making cross-cloud backup a critical step toward compliance and cyber resiliency. The CISO must also oversee adherence to data sovereignty requirements, ensuring that even backup data remains within designated regions. To achieve this, many CISOs are turning to third-party Backup-as-a-Service providers, adding an extra layer of security and operational separation from their primary cloud accounts.
By prioritizing governance, resilience, and an integrated approach to cloud security, CISOs can ensure their organizations are well-prepared for emerging threats and regulatory shifts—without sacrificing operational efficiency.
Q. What trends do you expect to see in the cloud backup and data security space in 2025?
We’ve continually seen ransomware dominate headlines in a banner year for hackers, and as the risks continue to rise, I expect to see businesses continue to invest in security tooling to prevent or improve resiliency from cyber attacks. Prevention is just the start here, and it is imperative that every business be prepared in the event that they do face a security attack.
2025 is the year security at the data level becomes a board mandate. The consequences of a breach are simply too high, and it will be a point that a few unfortunate businesses will illustrate for the benefit of the rest of the industry. Businesses must have systems established that prepare them for facing an attack, enabling them to quickly understand exactly what happened and how to remediate.
Q. In your view, what should organizations’ top cloud backup and data security planning priorities for 2025 be?
As cyber incidents surge in frequency and severity, organizations need to put data security at the forefront to stay ahead of evolving threats. Being able to effectively and efficiently respond to threats is critical, and key to that challenge is looking for ways to bridge that clear operational gap between IT and security teams. This disconnect slows down the incident response process and increases overall operational risk. Organizations need to look for tools that can enable seamless collaboration, ensuring IT teams can provide security teams with the data and insights needed for effective security breach response.
With increasing dependence on data as a vital asset, financial losses, operational disruptions, and reputational damage from breaches make it imperative to prioritize strengthening cyber defenses. However, even with cybersecurity tools like XDR, SIEM, and SOAR, organizations struggle to detect and remediate threats in real time due to limited visibility into anomalous access or user activity on sensitive data and backups. The result is prolonged recovery, potential reinfections of backup data, and difficulty in investigations. To improve cyber resilience, businesses need a strong integration of perimeter-focused cybersecurity and data security.
For more information on data backup, check out some of the following articles:
