Future-ready: How to secure enterprise data pipelines

Has digitization grown beyond the financial or practical means of enterprise? The unwanted consequences of moving from physical paper trails to cyber ones have exposed the roads with which enterprise data takes to and from its intended destination.

To some, this risk exposure might be worth it. Moving on from paper has allowed businesses to create many niche applications. For example, banks can create specific apps for loan approvals, a process which was previously done at a bank’s branch with physical documents—now transformed to fully online-enabled services with the goal of speeding up the loan approval process to increase loan volumes. 

AI could be very useful here, if not for its own vulnerabilities in potentially exposing enterprise data trails even further. 

“AI dramatically speeds up the data processing efficiency, but it comes hand in hand with higher risk of exposing enterprise data. Organizations must keep their data practices under control even in the constantly increasing demand for higher data traffic,” said Stanislav Marosz, Senior Delivery Manager at ESET.

Key points of this article:

• Cloud scale is accelerating faster than enterprise security models can keep up.
• As data volumes explode and workflows stretch across clouds, partners, and borders, traditional trust assumptions are quietly breaking apart.
• From cloud apps and SaaS platforms to CI/CD pipelines and file exchanges, threats increasingly bypass usual controls.
• Real‑world breaches show how a single compromised file, update, or third‑party relationship can cascade across entire industries.
• Regulations, breach costs, and hard lessons prove that “someone else’s infrastructure” doesn’t mean “someone else’s problem.”
• Scanning data at ingestion points and in transit is fast becoming a baseline requirement for resilient enterprises.
• Organizations that inspect data early and thoroughly are redefining how trust, scale, and resilience coexist.

Why cloud adoption is reshaping enterprise data security

According to various reports, one of the top five business drivers are cloud services and digital business operations. This means anything from general purpose services (e.g., AWS or Azure), to storage, cloud apps, AI services, content delivery networks, virtual machines, and more all exist to enable vast efficiencies on a global scale.

Predictions place the cloud market to reach $1.48T by 2029. While some trends continue to support on-prem applications due to data sovereignty considerations, it is undeniable that cloud computing is here to stay. With data creation growth also estimated to be around 23% YoY, the volume of data effectively doubles every three or four years, directly evidenced by massive data center demands.

Great news for cloud service providers with deep pockets and building permits, and even greater news for chief information officers (CIOs) looking to scale up and skip ahead of internal data bottlenecks. However, for CISOs (Chief Information Security Officers) whose bread and butter is continued focus on cyber resilience, this introduces additional security risk; the cloud widens the attack surface and raises the stakes of every misstep.

Cloud growth, AI spend, and geopolitical risk: The new CISO agenda

Enterprises are caught between a rock and a hard place. A nationwide, or better yet, global footprint, demands the flexibility and cost-effectiveness offered by cloud solutions. The latter can drive boardroom conversations to the benefit of a CIO and CISO because:

1. CIO operating budgets are trending up. 43% of CIOs say¹ that their budgets for 2026 have increased, with planned investments set to grow along with these budgets.
2. AI services will considerably shape cloud costs. Around 67% of CIOs report² that they plan on investing in AI and machine learning. The flipside of this is that these investments need to demonstrate value (productivity gains/cost savings), which in the face of boardroom AI knowledge gaps might pose a challenge.
3. Geopolitical changes are reshaping enterprise data footprints. Digital sovereignty considerations, data laws, and vendor disruptions (including cyber-attacks) are impacting entrenched cloud operations, forcing CISOs to go for on-prem (if possible), multi-cloud strategies, or hybrid. This change in dynamics might prove to be an opportunity for CIOs and CISOs to steer their business ship into safer, more economically viable waters, while also reinforcing the overall resilience of their company.

If nothing else, the boardroom should take heed of these dynamics because they can directly influence company value. When executed effectively, scaling with cloud can support higher valuations through lower upfront capital expenditures, more standardized delivery operations, and elastic growth without the drag of proprietary infrastructure. Businesses aligned with long‑term, structural shifts—such as the ongoing migration to cloud—benefit from persistent demand tailwinds that, over time, can translate into stronger margins and more resilient operating models.

The cloud trust problem

All the above sounds nice. But while the value considerations located within cloud investments are indubitably profound, there’s a catch. A big one, at that.

Cloud solutions, as they are, considerably transform the enterprise environment by extending its networks across the globe based on “trust.” You trust your regional office to handle HQ data at rest securely, while also trusting the digital means of transit it takes to journey there—likely handled by a third-party service (Microsoft 365, GCP, etc.). So, unless your data moves between on-prem servers via a secure connection, there’s a chance some of your flows are exposed, especially if you handle them via off-prem cloud.

A caveat: For some, there’s no way to avoid this. App developers, for example, must rely on third-party app stores to distribute their creations. Again, they trust the platform holders to keep their pipelines secure in exchange for broader publicity (and a fee). But who’s to say those lines will remain squeaky clean? Mischief could vector from the developer’s, but also from the platform’s side.

If we go back to our app for bank loans discussed earlier, how sure can a bank’s IT department be that none of those uploaded docs might be loaded with malware-carrying macros/embeds? It can’t. For example, Evil Corp is a Russia-aligned APT group notorious for targeting banking institutions with malicious macro-heavy documents containing the Dridex malware strain, causing millions of dollars in losses. 

Supply chain attacks: How APTs weaponize trust

Let’s stay with the financial sector for a bit here. It’s known that senior executives working for cash-flush organizations are prime targets for social engineering. Spearphishing, a very potent form, uses legitimate-looking message-based lures to compromise valuable targets. This technique sees advanced threat actors proactively conduct legitimate and very specific research on their targets.

MuddyWater, an Iran-aligned threat group, is notorious for their sophisticated spearphishing campaigns.

In Bangladesh, a spearphishing attack gave the attackers (Lazarus) long-term access and visibility into the Central Bank of Bangladesh’s SWIFT-connected systems, resulting in fraudulent payment messages to the Federal Reserve Bank of New York, attempting to steal as much as $951 million from the country’s foreign currency reserves. While caught relatively early, the attackers still managed to get their hands on $81 million. In a roundabout way, we could classify this as a supply chain attack of sorts (trust-chain), as the compromise abused the relationship between the bank and SWIFT, cascading across institutions.

The larger a company is, the more numerous these chains are. The likelihood that one of them will fail to remain secure at some point is significant—in the UK alone only 45% of large businesses specifically monitor for immediate supply chain vulnerabilities, with even fewer accounting for their wider supply chains (25%). Seeing how impactful an attack like this might be (A UK retailer lost around $400 million), it’s a tragic percentage.

How AI expands the cloud attack surface

We can’t omit AI from the cloud service conversation. “AI can do it all”: help with workflows (it depends), generate useful material (it depends), and extract insights from oceans of data—provided you already have gallons of data to spare, plus the budget, patience, and governance to survive the process.

That’s GenAI (mostly). Agentic AI takes the same data, makes decisions, and starts pulling the levers. All the same, neither are free from scrutiny, especially in a cybersecurity context where there are plenty of examples of malicious AI skills designed to pull the rug from under the user and steal (in some cases) sensitive information.

The cost of cloud security failure

In a landscape defined by constant change, the next phase of cloud adoption is about proving that scalability and security can be engineered together. Whether on-prem, multi-cloud, or hybrid, cybersecurity is a constant where failure has a heavy price tag—with breach costs ranging around $4 to $5 million³ .

Organizations today manage vast volumes of digital assets across increasingly complex infrastructures. Those with high file traffic—such as software publishers, service providers, and corporations exchanging files with customers or partners—are facing a threat landscape where a single file could bring down an entire network. “It’s like getting a shipment of contaminated grain passing unchecked through a global supply chain,” commented Marosz, “the volume is so high that inspection becomes selective, and by the time contamination is detected, it has already spread downstream.”

This raises the question: Who is ultimately responsible when security controls fail? While a breach occurring on remote servers may suggest that accountability rests with the service provider, the reality is more complex. It is equally a failure on the contract holder’s side for not performing due diligence or putting adequate controls in place to manage third‑party risk. In fact, regulations like the EU’s DORA directly address this particular question—with a massive fine.

Securing data at scale: Scanning as a baseline control

The critical differentiator is not the service provider, but the degree of control the organization retains over its data—its governance, quality, and decision rights. Enterprises that treat data as a strategic asset, rather than an operational byproduct, reduce dependency risk and gain better outcomes across their supply chain.

Thus, scanning plays a critical role in identifying and mitigating risks hidden within files, applications, and data flows. It enables businesses to detect threats early, reduce exposure, and maintain control over sensitive environments. Practically speaking, this is the baseline promise that an endpoint security product provides, though… it’s limited. This is where custom scanning solutions enter the picture.

Beyond traditional endpoint scanning

Unlike standard endpoint scanning—which focuses on known devices and operating systems—custom scanners can inspect files in transit, at ingestion points, within workflows, or inside cloud services and partner integrations. 

This makes them especially valuable in high‑volume, high‑trust environments (such as file exchanges, CI/CD pipelines, or SaaS platforms) where threats may bypass traditional controls entirely and where context‑aware, policy‑driven inspection is required to manage risk without slowing the business.

This is how, for example, cloud marketplaces address some of their data protection issues, since by employing a custom scanning solution they address third-party software risks (backdoors, vulnerable dependencies…) before they are extended to customers. Keep in mind, they’re not scanning one solution at a time; this needs to happen fast, at a large volume, and as soon as they onboard a new product or an update.

ESET PRIVATE Scanning Solutions: Custom scanning for enterprise data flows

With unpredictable daily (data) scanning volumes and a massive catalogue of partners/customers that use your pipelines daily, security can be stretched thin. To solve this, ESET developed its PRIVATE Scanning Solutions, which combines a powerful feature set with a flexible, scalable architecture. This makes it an ideal security solution for even the largest organizations because it is/has:

• Tailored, with flexible deployment: ESET PRIVATE Scanning Solutions can easily adapt to unique operational needs with flexible deployment options or as a fully managed service. 
• High-performing and accurate: Delivers lightning-fast scanning and real-time threat detection with over 98% accuracy and minimal false positives. 
• Seamless integration: ESET PRIVATE Scanning Solutions integrates smoothly with existing systems via a user-friendly low-latency API, supporting security across diverse environments. 
• Automatic scaling: The scanning infrastructure automatically scales based on load, distributing traffic to ensure instant, real-time responses even during peak demand. 

Whether deployed in cloud-native, hybrid, or on-premises environments, it delivers reliable malware, spam, and phishing protection that adapts to diverse infrastructure needs. Its versatility ensures seamless integration into existing workflows, while its robust design supports everything from high-throughput enterprise use cases to lightweight IoT deployments.

If requested, ESET PRIVATE Scanning is available for free trial. Contact the ESET PRIVATE team directly or visit our AWS Marketplace page for more information.

By default, ESET PRIVATE Scanning Solutions are configured to perform static scanning using the Static Scanning Engine, which is ideal for detecting known and zero-day threats with high speed and efficiency. There is also another powerful option via the Dynamic Scanning Engine, which detonates files in a simulated environment to uncover never-before-seen threats.

In specific cases, manual analysis is also possible via submission to the ESET Virus Lab team for more thorough manual inspection.

ESET PRIVATE Scanning Solutions analyzes file metadata and source code using a combination of malware signature detection, advanced heuristics, and machine learning models. Multiple detection layers allow rapid and reliable identification of malware based on recognizable patterns and behaviors. As a result, files scanned statically are classified as clean or malicious, with a corresponding threat name and category if malware is detected.

ESET Anti-Malware SDK for Windows and Linux

ESET PRIVATE Scanning Solutions are also available as an SDK for both Windows and Linux platforms. The ESET Anti-Malware SDK provides multilayered, cross-platform protection for a wide range of applications and integration scenarios. You have full control over the implementation process and which functionality you decide to use. The solution offers a wide range of options, supported with extensive documentation and ESET engineers at the ready to provide support if required.

"In our experience working with large enterprises, effective security scanning is not only about detection accuracy—it’s about scalability, reliability, and the ability to integrate seamlessly into complex infrastructures and workflows. Dedicated scanning infrastructure enables higher performance, operational resilience, and flexible deployment options tailored to each environment. By separating scanning workloads from endpoint protection, organizations can achieve faster scanning performance while maintaining efficiency and ensuring consistent, large-scale security coverage across their ecosystem," said Andrea Doyle, Head of Corporate Solutions NORAM at ESET.

More about ESET PRIVATE Scanning Solutions deployment, architecture, and data privacy:

• High degree of customization, allowing organizations to adapt the scanning solution to their unique operational needs, security policies, compliance standards, or workflow.
• Cloud-native by design, with seamless integration into major cloud platforms (AWS, Microsoft Azure, Google Cloud), while remaining platform-agnostic for maximum flexibility.
• Available for both cloud and on-premises deployments, making it a versatile solution for organizations with hybrid or regulated infrastructure needs.
• The solution does not store scanned files or any customer-specific sensitive data, ensuring full data privacy and compliance.
• Enterprise-grade support: Custom SLAs and 24/7 access to ESET's top-ranked enterprise support teams provide operational confidence and rapid issue resolution.

Additionally, ESET’s container-based scanning architecture enables flexible and isolated antimalware scanning within containerized environments, ensuring compatibility with modern DevOps workflows and microservices.

Data-powered, data-driven

For CIOs and CISOs navigating accelerating data growth, resilience is inseparable from enterprise cybersecurity. Custom scanning solutions help align security operations with data expansion, delivering adaptive protection and assurance as organizations prepare for an ever more data‑driven future—one which is already shaking the foundations of enterprise security.