The Announcement
Starburst has named Paras Malhotra as its Chief Information Security Officer, effective June 2026. Malhotra comes to the role with more than 20 years of experience building security and compliance programs at high-growth cloud companies, including Datadog, where he led information security operations, and AWS, where he served as Principal Manager for AWS Security Assurance. In his new position, Malhotra will oversee information security, governance, risk, compliance, and product security across Starburst’s SaaS and on-premises offerings. The hire signals that Starburst is treating security and trust as go-to-market imperatives, not just engineering concerns, as the company deepens its push into enterprise AI and federated data infrastructure.
The Bigger Picture
A Security-First Signal in an AI-Competitive Market
Starburst’s decision to elevate a seasoned CISO with an enterprise-scale pedigree is a deliberate message to the market: as data infrastructure becomes the backbone of enterprise AI, the organizations that win will be those that can credibly answer questions about data security, governance, and compliance before the procurement conversation even begins.
Starburst competes in a market where data virtualization and federation have become central to how enterprises approach AI readiness. The company’s pitch, connecting distributed data across on-premises systems, clouds, and hybrid architectures without forcing consolidation, is compelling on its technical merits. But the credibility of that pitch depends entirely on how well customers trust the platform to handle their most sensitive data assets. Bringing in a CISO whose résumé runs through AWS infrastructure security and Datadog’s regulated-industry compliance programs is a targeted response to that trust gap.
The timing is not accidental. ECI Research’s 2025 Application Development report found that 83.8% of respondents use code scan tools during CI/CD processes, and separately, ECI Research data shows that 65% of organizations rank security and compliance as a top technology investment priority for the next 12 months, second only to AI projects. Those two data points together describe an enterprise customer base that is spending on security and is already expecting the vendors they evaluate to meet them there.
What This Means for ITDMs
For IT decision-makers evaluating Starburst against alternatives like Databricks, Dremio, or cloud-native query services from the hyperscalers, this appointment changes the conversation in a specific way. Enterprise procurement teams, especially in regulated industries such as financial services, healthcare, and government, want a named, accountable security leader they can engage. A CISO with Malhotra’s background gives procurement and compliance teams a credible counterpart, someone who has operated inside AWS’s security assurance organization and built GRC programs at Datadog’s commercial scale.
The business case for federated data architecture is strong: avoiding the cost and latency of consolidating data into a single warehouse, while still enabling AI applications to reason over complete enterprise context, is exactly the kind of infrastructure tradeoff that resonates with CIOs under budget pressure. But for that architecture to clear the security review process inside a large enterprise, the vendor needs demonstrable maturity in AI governance, data protection, and compliance automation. That’s precisely what this hire is designed to address.
ITDMs should also note the scope of Malhotra’s remit. This is not a product security role bolted onto engineering. It spans GRC, SaaS security, on-premises security posture, and direct partnership with go-to-market teams. That breadth is an acknowledgment that in 2026, security is a sales motion as much as a technical one.
What This Means for Developers and Platform Engineers
Developers and platform engineers working inside Starburst’s customer base will feel this appointment most acutely at the intersection of AI pipeline security and data governance. Starburst’s platform is built on Trino and Apache Iceberg, open standards that give engineering teams flexibility and avoid vendor lock-in. The risk with open, federated architectures, however, is that governance and access control can fragment across the same distributed infrastructure the platform is designed to simplify.
Malhotra’s mandate explicitly includes product security, which means his influence should extend into how Starburst surfaces policy enforcement, access auditing, and vulnerability management to the developer and data engineering teams consuming the platform. His background building scalable security tooling and automation at AWS, including vulnerability detection and remediation workflows at enterprise scale, suggests he will prioritize programmable, automatable security controls over manual review processes. That’s the right disposition for an audience that expects security to move at the speed of CI/CD, not the speed of a compliance committee.
For platform engineers considering Starburst as the federation layer beneath an AI stack, the governance architecture question is not abstract. Enterprise AI workloads frequently process PII, regulated financial data, and proprietary business context. A platform that cannot demonstrate granular, auditable access control will not survive the data classification review in most large organizations.
What’s Next
Security as a Competitive Differentiator in Federated Data Platforms
The Starburst hire reflects a broader maturation of the enterprise data and AI platform market. The early competition was primarily on capability: which engine was fastest, which connector ecosystem was widest, which cloud integrations were most complete. That conversation has largely been won or lost. The next phase of competitive differentiation will be anchored in trust, auditability, and compliance depth.
Expect Malhotra to move quickly on two fronts. First, building out Starburst’s compliance certifications and audit capabilities to support regulated industries, where the company has clear expansion opportunity. Second, formalizing Starburst’s AI governance framework, defining how the platform handles AI-specific risks such as model data lineage, training data access controls, and inference-time privacy enforcement. Both of these are prerequisites for enterprise deals that move beyond pilot deployments into production infrastructure.
The Broader Pressure on AI-Native Vendors
Starburst’s appointment also signals what enterprise AI vendors should expect from their customers over the next 12 to 18 months. As AI operationalization moves from proof-of-concept to production, security and compliance scrutiny will intensify. Procurement cycles will include deeper CISO-to-CISO conversations. Vendor security questionnaires will grow more sophisticated, and requests for AI-specific governance documentation will become standard.
Vendors that have invested in mature security leadership will process those conversations faster and with fewer deal delays. Those that haven’t will find security reviews becoming a material drag on their pipeline velocity. Starburst is clearly betting on the former. That bet looks well-timed.
Stay Ahead of Application Development Trends
Get weekly analyst insights, research notes, event coverage, and AppDevANGLE updates delivered directly to your inbox.
Subscribe for Weekly Insights
Join technology leaders, practitioners, and GTM teams following the trends shaping modern software delivery.
Looking for deeper research access?
Explore ECI Research reports, survey insights, and market analysis through the ECI Research Portal.
