CrowdStrike pivots to data security

CrowdStrike is trying to change the subject. Less than two years after the software update that crashed millions of Windows machines around the world, the company is pushing a new message: the next security fight is not just about protecting devices, but about following sensitive data wherever it goes. On March 24, at RSA Conference 2026 in San Francisco, CrowdStrike launched Falcon Data Security, a product meant to discover, classify, and block risky data movement across endpoints, browsers, SaaS apps, cloud systems, and AI workflows (crowdstrike.com). The pitch is simple. Data no longer sits still, so security tools built for static files and fixed perimeters are falling behind (crowdstrike.com). That matters because this is a real shift in how enterprise security vendors are framing the problem. CrowdStrike says older categories like DLP and DSPM were designed for snapshots: a laptop here, a cloud bucket there. Falcon Data Security is supposed to watch the flow instead, using the company’s existing visibility into identity, endpoint, cloud, and SaaS activity to decide when data movement is normal and when it looks like theft, insider abuse, or an employee making a dangerous mistake (crowdstrike.com). The emphasis on GenAI is not decoration. CrowdStrike explicitly says the product is built to stop sensitive information from leaking through managed and unmanaged AI tools, which tells you where vendors think customer anxiety is heading next (crowdstrike.com). The company can make that argument because it is no longer selling endpoint protection alone. In its fiscal fourth-quarter results, reported March 3, CrowdStrike said annual recurring revenue had reached $5.25 billion, up 24 percent from a year earlier, with quarterly revenue of $1.31 billion and record free cash flow for both the quarter and the year (businesswire.com). Management also highlighted how much business is now tied to broader platform adoption, including $1.69 billion in ending ARR from Falcon Flex accounts, up more than 120 percent year over year (businesswire.com). A company with those numbers has every incentive to bundle one more security layer into the platform and call it the future. That platform story gets a useful assist from services. On April 6, CrowdStrike said Falcon Complete had been named a Customers’ Choice in Gartner Peer Insights’ 2026 Voice of the Customer report for managed detection and response, with a 98 percent willingness-to-recommend score based on 137 responses as of January 31, 2026 (morningstar.com). Gartner badges do not prove technical superiority, and vendor press releases built around them are marketing documents first. But the number still matters. After the July 19, 2024 outage tied to a faulty CrowdStrike update, trust became part of the product (cisa.gov). Microsoft estimated that incident affected 8.5 million Windows devices, and CISA kept updating its alert for weeks as organizations struggled through remediation (cisa.gov). That history makes the company’s next move easier to read. Also on April 6, CrowdStrike said its board had authorized another $500 million in stock repurchases, bringing the total buyback authorization to $1.5 billion (tmcnet.com). Buybacks are often sold as discipline. Here, they also look like theater with a purpose. CrowdStrike is saying that its business has recovered enough, and its stock is cheap enough, to justify spending cash on itself while it tries to persuade customers that the center of gravity in security has moved from the endpoint to the data moving through an AI-soaked enterprise (businesswire.com). The concrete thing it put on the table was a product that promises to watch sensitive information move across browsers, SaaS apps, cloud runtimes, and AI prompts in real time (crowdstrike.com).