Inside Varonis: Building Data Security from the Ground Up

The story of Varonis begins with a mystery. In 2003, a large oil and gas company lost millions of dollars’ worth of high-resolution ocean-floor images stored on its file servers. Were they accidentally deleted? Stolen? No one could tell—there was no record of what had happened, and no way to narrow down the suspects.

From this disaster, two engineers—Yaki Faitelson and Ohad Korkus—saw an opportunity. With backgrounds in storage and systems, including experience at companies like NetApp and NetVision, they recognised that as enterprises created more data, they knew less about its security. In 2005, they founded Varonis Systems to give organisations the visibility and control needed to protect critical data.

Nearly twenty years later, Varonis with its strong Israeli R&D roots, remains the same: protect data wherever it resides—on-premises or in the cloud—by answering three fundamental questions every CISO struggles with: Where is your sensitive data? Who has access to it? And how is it being used?

In this conversation with CiOL, Santosh Shriyan, Director, Alliances – India & South Asia at Varonis Systems, shares insights on the company’s mission, its India footprint, and the advice he has for CISOs in an AI-driven world. Excerpts.

Varonis is now a two-decade-old company. What problem does it solve at its core?

Varonis was started by visionaries determined to solve complex data problems. We have singularly focused on one major challenge—protecting data where it lives, whether on-premises or in the cloud, across structured and unstructured content.

Traditional cybersecurity tools have focused on perimeter, endpoint, or cloud protection—mostly geared toward outside attacks. But data itself remained unprotected. Varonis addresses this gap by asking three fundamental questions: Where is your sensitive data? Who is accessing it? And who is using it?

These are questions most CISOs cannot fully answer today. The risk of not knowing leads to unlimited liability, because you don’t know which data has been compromised and by whom.

Enterprises struggle today with scattered data across cloud, on-prem and hybrid environments. How does the Varonis data security platform work to bring visibility and protection?

Our SaaS-based automated data security platform delivers three measurable outcomes: Find, Fix, and Alert.

• Find: We discover all your data across on-prem and cloud, structured and unstructured, while mapping the identities linked to it.
• Fix: We remediate critical exposures autonomously through what we call a “blast radius fix,” applying layered access controls to reduce insider threats.
• Alert: Using advanced machine learning and UEBA (User and Entity Behaviour Analytics), we monitor every data flow, map normal vs. abnormal access, and stop breaches before they happen.

India has become a critical growth market for global cybersecurity players. How has Varonis established its presence here, and what role does India play in your overall strategy?

We entered India three years ago and, in this short span, have added more than 30 large customers across IT/ITeS, BFSI, manufacturing, and other verticals. Today, we are a leader in the DSPM (Data Security Posture Management) space. DSPM has become a standard approach for safeguarding sensitive data across cloud and on-premises environments, helping organisations prevent breaches and meet compliance requirements.

We’re also investing heavily in India and will soon launch an R&D Centre in Pune, which will serve both domestic and global customers.

CISOs today face rising regulatory pressure, insider threats, and the added complexity of AI-driven risks. What advice would you give those struggling to strengthen their security posture?

Cybersecurity is a journey, constantly evolving with new threats and technologies. My advice to CISOs is to focus on data visibility: discover, classify, and label data correctly. That gives you the foundation for a proactive security posture.

In the age of AI, where sensitive data can be accessed and misused quickly, organisations must create holistic due diligence through data risk assessments and advanced, well-meshed data management platforms. This is where Varonis plays a vital role.