Protection by Design: Why India’s Data Infrastructure Must Rethink Readiness

As Indian enterprises head into 2026, the conversation around data infrastructure has shifted decisively. What was once a back-end IT concern has now moved to the boardroom, driven by the simultaneous rise of AI workloads, escalating cyber threats, sustainability mandates, and the enforcement of India’s Digital Personal Data Protection (DPDP) Act.

The convergence of these forces is exposing long-standing weaknesses in enterprise data foundations, legacy storage systems, fragmented data estates, slow pipelines, and architectures that were never designed for continuous availability or AI-scale performance. At the same time, ransomware attacks and operational outages are no longer viewed as isolated incidents but rather as potential data breaches with regulatory consequences.

In a conversation with CiOL, Sanjay Agrawal, CTO and Head of Presales, India & SAARC at Hitachi Vantara, outlines why Indian enterprises must move toward protection-by-design architectures, where availability, security, compliance, and sustainability are engineered into the data platform itself, rather than added later as controls or patches.

Interview Excerpts

As DPDP enforcement accelerates, what is the single biggest blind spot you see in how Indian enterprises are preparing their data and infrastructure for compliance?

“The biggest blind spot is a weak data foundation. Whether we talk about AI, DPDP, or any regulatory requirement, everything ultimately comes down to data. Many CIOs recognise that their foundational data infrastructure, storage, governance, management, and processes are not ready to support these initiatives effectively.

Without a strong data foundation, organisations end up spending disproportionate time managing infrastructure instead of focusing on compliance, data monetisation, or AI-driven outcomes. A robust data foundation shifts the burden of complexity to the platform, allowing enterprises to focus on business value rather than firefighting.”

Building on that, AI workloads are exploding, yet many organisations still rely on legacy storage and fragmented data estates. What is the hardest truth CIOs must confront by 2026 about becoming truly AI-ready?

“The hardest truth is that AI is only as effective as the data feeding it. Enterprises have invested heavily in GPUs and accelerators, but data remains fragmented across on-premises, cloud, and edge environments.

This creates two challenges. First, legacy systems cannot deliver data at the speed modern AI engines require, leading to underutilised AI infrastructure. Second, data silos prevent organisations from building a unified view that AI systems need to function effectively.

AI-ready infrastructure must deliver high-speed data throughput and allow data and compute to scale independently. Without addressing this, AI initiatives will struggle to move beyond pilots.”

With ransomware attacks surging across India, cyber resilience remains uneven. Beyond the buzzwords, what does a real protection-by-design architecture actually look like?

Protection by design means security and resilience are built into the platform, not layered on later. This starts with immutable snapshots that cannot be altered by attackers or insiders, combined with strong authentication and guaranteed recovery.

Importantly, protection isn’t limited to cyberattacks. System failures are also considered data breaches under DPDP. That’s why availability guarantees are just as critical as recovery guarantees. Enterprises need platforms that ensure continuous access to data and rapid recovery, regardless of whether the disruption is caused by ransomware or hardware failure.

Does that also mean rethinking how data is managed across environments? With hybrid-cloud sprawl now the norm, how can enterprises practically unify their data estates and maintain consistent protection controls across platforms without slowing innovation?

Yes, but it requires a shift away from fragmented tools toward unified management frameworks. Historically, on-premises and cloud technologies evolved separately, creating operational silos.

The industry is now moving toward single control planes that provide consistent data management, observability, and protection across edge, data centre, and cloud environments. This reduces operational overhead and allows teams to focus on innovation rather than manual management.

While hybrid and private clouds are clearly the way forward, sustainability is increasingly a board-level mandate. How can organisations balance energy efficiency with the performance demands of AI and high-growth digital operations?

“There’s a misconception that sustainability comes at the cost of performance. Modern architectures prove that’s no longer true. Energy-efficient systems, reduced infrastructure footprints, and lifecycle extension programs significantly lower power consumption and emissions.

At the same time, smarter AI practices, such as fine-tuning existing models instead of retraining from scratch, reduce compute usage and carbon footprint. Sustainability and performance must go hand in hand, and enterprises should demand measurable commitments on both.”

As DPDP compliance, AI expansion, cyber resilience, and sustainability converge, Indian enterprises are entering a defining phase for data infrastructure strategy. The shift toward protection-by-design architectures reflects a broader realisation: resilience, trust, and availability are no longer optional features but foundational requirements.

For CIOs planning the next decade, the message is clear: without a strong data foundation, neither AI ambition nor regulatory readiness will scale.