Cybersecurity

Legacy Security Tools Hinder Data Protection Efforts

Analyst 207||Source: InfoSecMag
Professionals gather in front of a futuristic data center at a tech company headquarters.

"Modern data security must evolve beyond static, perimeter-based approaches to address the constant movement of data across cloud and AI environments," Capital One Software said in a communication about new research it commissioned.

72%: Data security urgency among security professionals

A study commissioned by Capital One Software and conducted by Forrester, A 2026 Snapshot on the State of Data Security, found that 72% of security professionals agreed that data security is more critical than ever. The research, conducted in February 2026, surveyed 211 North American director-level and above decision-makers in IT and data and analytics who are responsible for their organization’s security and risk technology strategy.

The survey quantified a clear sense of urgency across the respondents: protecting enterprise data at scale was the top security priority for the next 12 months (66%), followed closely by improving overall security posture against external threats (64%) and taking a more proactive approach to security (63%). Other priorities included investing in or updating technology to support operational efficiency and customer experience (62%) and improving overall security posture more generally (58%).

Legacy siloed solutions and visibility gaps

Forrester’s analysis found legacy, siloed security solutions are impeding organizations’ ability to protect data. Over half of respondents reported they lack full visibility of vulnerabilities, a shortfall the research identified as a key issue holding back adequate data protection.

At the time of the study, organizations continued to rely on multiple, traditional solutions: network security technologies such as SASE, firewalls, VPNs and IDS/IPS (70%); identity and access management systems (65%); and vulnerability management tools (60%). The report concluded that while many organizations believe their current tools adequately protect data, legacy solutions “lack the speed, flexibility, scalability and AI readiness required today.”

AI adoption declared “impossible” without rethinking data protection

Forrester’s research argued bluntly that without rethinking data protection, AI adoption is “impossible.” The report flagged a particular operational risk: as AI agents act autonomously and bypass human oversight, the risk of unintended data exposure is heightened. That linkage between AI behavior and data protection shortfalls is presented as a strategic blocker to realizing AI use cases securely.

Tokenization as a proposed path to both protection and value

Capital One Software framed data protection as inseparable from data value. The firm argued that “creating value with data must be the key motivator to protect it,” and singled out tokenization as a tool that can help — reducing risk while expanding allowable data use so organizations can maximize data return on investment.

The study emphasized opportunity in the market: two in three decision-makers reported they do not use tokenization solutions, indicating substantial non-adoption despite the claimed benefits. Capital One Software recommended integrated strategies that protect data across cloud and AI environments while preserving flexibility, sovereignty and support for emerging AI use cases.

What this means for technologists, procurement leaders, and enterprise decision-makers

  • Technologists and security teams will be watching visibility and vulnerability metrics closely: over half of respondents already report incomplete vulnerability visibility, and those teams are the ones expected to close that gap if organizations are to meet the stated priorities (protecting data at scale, improving posture, and taking proactive measures).
  • Procurement leaders and IT decision-makers face a technology choice: the study reports continued reliance on network, IAM and vulnerability tools (70%, 65%, 60% respectively), but also warns these legacy solutions may lack the AI readiness firms say they need. The research implies procurement will need to weigh integrated or newer approaches including tokenization.
  • Enterprise leadership should reconcile security with business goals: nearly half of respondents admitted their organizations can’t successfully compete given current data security processes. That finding frames data protection not just as a technical issue but as a competitive one tied to the ability to deploy AI and unlock data-driven value.

The Forrester study commissioned by Capital One Software lays out a blunt choice: continue to rely on legacy, siloed defenses and face persistent visibility gaps and competitive limitations, or adopt integrated, AI-aware data protection approaches — including tokenization — to enable both protection and business value. The research leaves one concrete next step on the table: organizations that want to pursue AI use cases will need to rethink data protection now if they are to avoid unintended exposure and realize data-driven returns.

https://www.infosecurity-magazine.com/news/legacy-security-tools-are-failing/

Ai SecurityCloud SecurityData ProtectionData SecurityEmerging ThreatsNorth AmericaCapital OneForrester ResearchPerimeter-Based SecurityModern Data Security
Related Intelligence

Continue Reading

Healthcare worker sits at desk, looking concerned, with computer screen displaying email inbox.

Healthcare Organization Backpedals on Phishing Test Targeting Staff Burnout

Newfoundland and Labrador Health Services is hitting the brakes on a well-intentioned but misguided phishing test that left staff feeling frustrated and burnt out. The healthcare organization has apologized and pledged to review its approach after sending employees a fake email offering an extra paid day off.

Analyst 207
Close-up of a smartphone's circuit board with blurred background, components out of focus.

BootROM Exploit Targets Millions of iPhones

Millions of iPhones are vulnerable to a newly discovered BootROM exploit, known as "usbliter8", that can't be fixed with software updates because it's embedded in the device's hardware. This means iPhones with A12 and A13 processors will be at risk for the rest of their lifespan.

Analyst 207
Blurred laptop screen on office table surrounded by coworkers.

AI Agents Emerge as Unchecked Identities in Enterprise Security

The equation for enterprise security is no longer simple: with AI agents now connected to critical business services, controlling identities is no longer enough to control risk. These emerging insiders have quietly become privileged - and potentially invisible - attack paths that security and identity programs must urgently address.

Analyst 207
Security analysts work at computer workstations and a large wall screen in a brightly-lit operations center.

AI Shifts Threat Management from Reactive to Proactive Stance

With a sprawling security stack of 40+ tools, enterprise teams are drowning in overlapping alerts and manual handoffs, leaving gaping holes for adversaries to exploit. This disjointed approach leaves teams scrambling to respond to threats, with attackers enjoying a lengthy 43-day window to wreak havoc.

Analyst 207