Fully Homomorphic Encryption (FHE) is moving from academic theory toward practical enterprise adoption. Now, a combination of regulatory pressure, client demands, and the growing data needs of artificial intelligence is forcing the issue. For many security leaders, FHE is emerging from its academic 'winter' and is on a path to becoming as standard as HTTPS.

The move from theoretical to tactical is finding advocates among a new generation of security leaders. We spoke with one expert on the front lines of this change: Dmitry Golovin, the Chief Information Security Officer at IOTA Software, Inc., an industrial data visualization provider. Armed with an MBA and deep technical expertise, Golovin has built a career architecting security strategies at high-stakes firms like Deloitte Digital and Reltio. From his view, the industry is on the cusp of a significant security revolution.

• A tough sell: For most CISOs, the first battle for FHE isn't fought with hackers, but with the rest of the C-suite. Golovin himself is passionate about the technology but notes this common friction point. In his experience, the biggest hurdle is the gap between a technology's conceptual appeal and its immediate, practical application on a product roadmap. "I've been pushing to use it, but right now the CTO doesn't see the immediate use, even though the concept itself is interesting to him."

Now, Golovin says that resistance is where external forces become a CISO's best friend. In his view, there are two primary forces: a regulatory "stick" and a commercial "carrot."

• The compliance hammer: With a growing patchwork of data privacy laws like GDPR and CCPA, the financial risk of non-compliance is becoming a powerful motivator for executive teams. "Regulations are a key driver that will push FHE to become the norm, especially with the threat of fines for exposing sensitive data."

• The dealmaker's demand: Beyond compliance, Golovin sees sophisticated clients beginning to treat advanced security not as a feature, but as a competitive differentiator in the procurement process. "Customers will eventually say, 'Either you have homomorphic encryption built-in, or we will find somebody else who is more secure.'"

Wielding those external pressures demands a shift in communication, Golovin explains. His strategy is to reframe the conversation around business growth.

• From cost to cash: To win over skeptical leadership, CISOs must learn to speak the language of the CRO, shifting the focus from technical hurdles to revenue opportunities. "Present it not as an inhibitor, but as an enabler. When you can translate a security initiative into percentage growth for sales, it becomes much easier to sell to the board."

FHE as the next logical step in a well-established pattern of security evolution, according to Golovin. Historically, standards have progressed in response to new threats. For instance, when the industry transitioned from storing passwords in plaintext to hashing them, it moved from the insecurity of HTTP to the default encryption of HTTPS. Rather than competing with other priorities, Golovin positions FHE as the successor to today's most critical security framework.

• Beyond Zero Trust: While Zero Trust architectures verify identity and limit access, he argues that FHE provides a more absolute guarantee by protecting the data itself, even while it's in use. "In some ways, homomorphic encryption is the ultimate Zero Trust. You don't even need to check the originator of the traffic. You can blindly trust it because it's encrypted."

While regulatory and commercial pressures create a steady push toward adoption, history shows that a sudden shock to the system can trigger a much faster, industry-wide change. Golovin pointed to catastrophic breaches like SolarWinds as the type of focusing event that often forces an overnight re-evaluation of security standards.

• The 'black swan' catalyst: Proactive security is the ideal, but the industry remains reactive, Golovin says. Most of the time, widespread change occurs only after a significant incident makes the financial consequences undeniable. "Attention comes much easier when something costs millions or billions in breach costs and reputational damage."

• The CPO connection: Instead of waiting for a disaster, Golovin recommends a proactive approach: find the internal allies who can translate abstract risk into financial terms before a breach occurs. Instead of narrowing focus on a technical sell to the CTO, a more effective strategy is to build a business and compliance case with the Chief Privacy Officer. "The audience for this technology should be chief privacy officers. They can translate privacy risk into dollars and cents, which helps them make the case to comply with ever-growing regulations."

For Golovin, the key driver that will eventually make FHE essential is the maturation of artificial intelligence. As AI models evolve from simple tools into agentic systems, their need for vast amounts of sensitive data could create an unavoidable privacy crisis.

• AI's forcing function: Golovin identifies an inherent conflict between the data-hungry nature of advanced AI and the enterprise's need to protect its most sensitive information. "As AI matures beyond a shiny toy and we get to agentic AI, it's inevitable we will adopt homomorphic encryption to mitigate the risk of data exposure."

Even as FHE becomes standard, new threats will still emerge. When it comes to the long-term risk of quantum computing, which could one day render current encryption obsolete, Golovin is pragmatic, not alarmist.

• Not so fast: While acknowledging the 'store now, decrypt later' threat, Golovin separates the theoretical risk from the practical reality of today's quantum capabilities. "Large stores of captured data could be waiting for quantum computing to decrypt them. But that threat is not on the three-to-six-month horizon, and its impact is still unknown."

Ultimately, he reframed the quantum threat as the next familiar challenge in cybersecurity's endless game. Rather than viewing quantum as a unique, existential threat, he contextualizes it within the historical arms race between code-breakers and cryptographers. "It will be a similar game of Whac-A-Mole."