The Data Security Team’s Guide to Data Security Posture Management (DSPM)

By Amit Shaked

By Amit Shaked, CEO and co-founder, Laminar

Out of the total reported data breaches in 2022 in the U.S., nearly half (45%) happened in the cloud and cost organizations over $9 million. While the statistics paint a bleak picture, the good news is that as adversaries have evolved, so have security technologies.

In its 2022 Hype Cycle for Data Security, Gartner announced a new category of solutions titled “Data Security Posture Management,” or DSPM. The term “DSPM” is used by Gartner to describe a product that “provides visibility into where sensitive data is, who has access to that data, how it has been utilized, and what the security posture of the data store or application is.”

The definition provides a high-level overview of what DSPM is, but in order for security teams to get the most benefits from the technology, it’s important to take a deeper look at the challenges driving the need for DSPM, the benefits it can bring data security professionals, and what the key components of a DSPM solution should be.

Why Do Data Security Professionals Need DSPM?

We all live in a digitized world. Competition between companies to deliver the best services and solutions possible to other businesses or to consumers is at an all-time high. Innovation has become a necessary part of doing business, not just a nice-to-have.

The biggest winners in our cloud-based digital era are those who generate the most value from data. The new age of data democratization (i.e. making it available to anyone who needs it) and cloud transformation is characterized by:

  1. The multi-cloud norm. The current state of cloud data security shows that over half of organizations are working with two or more cloud service providers (CSPs). The complex infrastructure design can easily make it complicated for data security and governance professionals who are tasked with dealing with multiple cloud providers all configured differently and are consistently evolving and challenging to manage.

  2. The sheer proliferation of data. Developers and data scientists have the ability to spin up new datastores in a matter of moments. As a result, organizations are increasingly creating what is known as “shadow data”. Shadow data is any data that is not governed, under the same security structure or reported to the security or IT team. 82% of security professionals today are concerned about it.

  3. An evolving security perimeter. We’ve reached the death of the traditional security perimeter in our cloud age. Data is accessible to anyone, across the globe with no single contention point — leading to sensitive data landing in the hands of adversaries.

  4. A faster development cycle. Developers now create in hours, weeks, or days rather than months or years — environments change with the click of a few buttons and often without security teams’ knowledge.

All of these components lead to what is now being referred to as the “innovation attack surface”. A new threat vector that most organizations unconsciously accept as the cost of doing business. In contrast to traditional attack surfaces determined by external forces seeking to exploit vulnerabilities to gain illicit access to protected information, the innovation attack surface results from the massive, non-contiguous patchwork of accidental risk created by the smartest people in the business. In essence, it refers to the continuous unintentional risk cloud data users, such as developers and data scientists, create when using data to drive innovation.

The advent of this new attack surface created the need for DSPM solutions.

What Value Does DSPM Bring to Organizations? 

There are many benefits to deploying a DSPM, including:

  1. Avoiding sensitive data exposure. DSPM protects cloud data by finding all known and “shadow data”. The visibility finds mis-placed data, mis-configured data assets, as well as overly permissive access rights, thus identifying sensitive data over exposure.

  2. Creating a more manageable attack surface. Identifying and remediating any data security violations, getting rid of outdated data and ensuring compliance with any existing legislation such as PCI, GDPR, CCPA and more, allows data growth, but reduces data risk.

  3. Lessening friction with value creators. DSPM empowers developers and data scientists because it automates the validation and enforcement of any existing security policies. Value creators can feel free to create, all while data is being protected with proper guardrails.

  4. Reducing the risk of compliance fees. CDMC, GDPR, COPAA and other compliance regulations can easily cause headaches for data security professionals. DSPM can help lighten the load by discovering data in the cloud, classifying it and then making sure it compares against data security policies. If it doesn’t, it can help drive the change so that it does.

  5. Lowering cloud cost. In our current economic climate, it’s critical to look at unnecessary costs and take the appropriate action to reduce them. The right DSPM has features to help data security professionals identify redundant, obsolete and trivial (ROT) data in the cloud and reduce cloud usage fees as a result.

What Should Data Security Professionals Look for in a DSPM Solution?

A mature DSPM solution has four key elements that work together: discovery, prioritization, security and monitoring. The tool should be able to identify all data, known and unknown, as well as prioritize it based on volume, exposure and security posture. Then, it should also be able to verify the security posture with your data security policies, alert on violations and provide guidelines on remediation. DSPMs should also be able to monitor the data regardless of where it moves across the cloud.

The Bottom Line?

Adversaries are constantly evolving, but new technologies such as DSPM can help data security, governance and privacy practitioners stay one step ahead. By partnering with a mature DSPM provider, organizations can reduce costs, prevent data leaks and breaches and combat the new innovation attack surface.


No posts to display