Scaling a data-driven company is hard. Scaling one while meeting GDPR requirements, managing thousands of customers, enabling analytics teams, and standing up new infrastructure in under two weeks? That’s a different level of complexity.
In a recent episode of STRIVE, I sat down with Asif Dromi of monday.com and Ben Herzberg of Commvault to unpack what it really takes to operationalize data security at scale – not in theory, but in practice. This isn’t a high-level conversation about best practices. It’s a real-world look at how security, compliance, automation, and infrastructure decisions intersect when the clock is ticking.
Watch the full episode.
If you’re a CISO, data leader, architect, or compliance owner, this episode gives you something more valuable than theory. It shows how:
- A fast-growing enterprise handled GDPR pressure without stalling innovation.
- Infrastructure as code can simplify audits.
- Automation reduces risk instead of increasing complexity.
- Security and business agility don’t have to compete.
It’s rare to hear directly from operators who’ve done this under real constraints. That’s what makes this STRIVE conversation different.
Key Takeaways: Operationalizing Data Security at Scale
- Compliance and growth don’t have to compete. Monday.com demonstrates how GDPR requirements and rapid expansion can coexist when security is built into architecture from the start.
- Manual permissions don’t scale. Automation does. Infrastructure as code and API-driven access controls can turn governance from a bottleneck into a force multiplier.
- Role-based access must evolve with data usage. As more teams depend on analytics, visibility and fine-grained controls become important to help prevent permission sprawl.
- Operationalized security means visibility. It’s not just about setting policies – it’s about monitoring, auditing, and adapting controls dynamically as environments change.
- Speed is possible when architecture is intentional. A compliant European data warehouse stood up in under two weeks because governance, automation, and tooling were designed to scale.
- Security maturity enables innovation. When permissions, infrastructure, and compliance are programmable, organizations can move faster.
The Real Challenge: Growth + Compliance + Speed
For monday.com, the challenge wasn’t just storing European data in Europe. It was:
- Enabling GDPR compliance and regional data residency.
- Making sure employees only accessed relevant data.
- Maintaining visibility and auditability.
- Supporting analysts and developers who needed fast access.
- Doing it all under intense business timelines.
As Asif explains in the episode, becoming a data-driven organization means internal access expands rapidly. The more teams rely on analytics, the more complex permissions become.
And that’s where many organizations hit a wall. Security becomes manual, permissions become fragile, and compliance becomes reactive. That’s not operationalized security. That’s a house of cards.
Designing Security into the Architecture from Day One
One of the most compelling parts of the episode is how monday.com approached the problem architecturally. Instead of retrofitting compliance, it built:
- A dedicated European data warehouse.
- Clear role-based access controls.
- Fine-grained permission models.
- Automated governance layers.
Ben describes what happens in many large organizations: Over time, permissions accumulate in layers, often without central visibility. Eventually, no one is confident about who can access what. Operationalizing security means avoiding that drift. It means building systems where governance scales automatically as usage grows.
Automation Is the Force Multiplier
If there’s one theme that runs through this episode, it’s automation. Instead of treating permissions as tickets and manual updates, monday.com wrapped their infrastructure in code. Databases, roles, and access policies could be created and modified programmatically.
The result? A compliant, scalable environment stood up in less than two weeks. That’s not luck. That’s architecture. And it’s a powerful reminder that security doesn’t slow you down when it’s built correctly. It enables speed.
What Operationalizing Data Security Really Means
“Operationalizing” gets used a lot. In this episode, it’s defined as:
- Continuous visibility into sensitive data.
- Centralized and automated permission management.
- Access tracking.
- Integration with collaboration tools.
- Policies that adapt as users and data grow.
Static controls don’t scale. Manual workflows don’t scale. Security must become dynamic – part of the operating fabric of the organization. And that shift is where many enterprises struggle today.
Watch the Full STRIVE Episode
In the discussion, you’ll hear more about:
- How monday.com structured its European data warehouse.
- The biggest lessons learned during rapid implementation.
- Why automation was non-negotiable.
- What companies often underestimate about permission sprawl.
- How to think about operationalizing governance before AI initiatives expand.
FAQs
Q: How can small teams implement scalable data security?
A: Start with a clear permissions model and infrastructure-as-code tools. Automate permission management early to help avoid manual bottlenecks as you grow.
Q: What role does automation play in compliance?
A: Automation helps enable consistency, reduce errors, and simplify audits. Using APIs and scripts, you can monitor and adjust permissions dynamically.
Q: How long does it typically take to set up a compliant, scalable data environment?
A: With the right planning and tools, organizations like monday.com have achieved this in less than two weeks. Speed depends on scope and existing infrastructure.
Q: What are best practices for operationalizing data security?
A: Implement role-based access controls, automate permission management, monitor access logs regularly, and integrate security tools with collaboration platforms for real-time oversight.
Chris Mierzwa is Senior Director, Portfolio Marketing, at Commvault.
