Two years ago, Data Security Posture Management (DSPM) had less than 1% market penetration, but Gartner predicts that the DSPM market will increase “beyond 20% in coming years.” Why? They cite that this spike will be prompted by “the urgent requirements to identify and locate previously unknown data repositories and to mitigate associated security and privacy risks.”
In other words, data is on the loose in our enterprises, and it’s finally come to a call. Compliance requirements are saying, “No more lost data.” Consumers are saying, “Where is my data?” Risk analysts are saying, “We’re quickly going to be in trouble because of all our unknown data.” And threat actors are saying, “It’s a lot easier to pilfer data no one knows about than to try and steal the protected stuff.”
The data for data reckoning is here, and DSPM is increasingly being seen as the tool to do it. A few of its most salient benefits indicate why.
DSPM Secures Data Across a Wide Range of Environments
Simply put, there is a gaggle of different tools for a reason. Consider the environments today’s organizations are working with (and they could have a mix of any of the below). You’ve got:
- Public cloud environments (Azure, AWS, Google Cloud)
- Private cloud environments
- Multi-cloud environments (already used by 98%, according to Oracle)
- On-premises systems (from SCADA to Microsoft Office and Adobe products)
- Hybrid environments
- Connected IoT devices
- Remote networks
And multiple data repositories and types, including both structured and unstructured data. Now, factor in the matrix of compliance requirements an organization might be under (from GDPA to PCI DSS to HIPPA, or a mix of all of them), and the task of protecting data in all its forms and locations becomes more than a little daunting.
Data Posture Security Management was designed for these situations and can offer coverage across a wide range of environments, leveraging AI-driven insights and cloud-based analytics. Additionally, because it is a cloud-native approach, DSPM is perfect for organizations prioritizing flexibility, scalability, and ease of deployment.
DSPM Discovers Shadow Data
Keeping in mind the maze that is much of modern digital architecture today, DSPM tools across the board have the flagship feature of being able to discover data in its many forms. By scanning your cloud and on-premises environments (databases, cloud storage, file systems, etc.), DSPM solutions leverage machine learning and behavioral analysis to find:
- Personal data
- Financial records
- Health information
- Compliance-sensitive files and assets
- Intellectual property
Most importantly, it can find and catalog instances of shadow data (shadow APIs, shadow IoT, shadow IT, etc.). These pieces of forgotten information exist outside of your official IT systems, whether in personal devices, unauthorized cloud services, third-party applications, messaging applications, and more.
DSPM Gives You Data Lineage
One central feature of DSPM is its ability to tell organizations how their data moves and changes as it flows through their systems. This is known as data lineage and helps teams pinpoint where data could have gotten lost, stolen, or left. As noted by IBM, “Data lineage tools provide a record of data throughout its lifecycle, including source information and any data transformations that have been applied during any ETL [extract, transform, load] or ELT [extract, load, transform] processes.”
By recording any source information or transformations across the data lifecycle, data lineage tools like DSPM help teams vet their data for quality and consistency. This precludes not only shadow data but data corruption and ultimate compromise.
Although cloud service providers (CSPs) offer some basic level of protection (some more than others), customers are still accountable for (perhaps) more security features than they know. This is known as the Shared Responsibility Model, and all major CSPs follow it. By tracking your data lineage across SaaS solutions and on-premises networks, you can know where it’s being sent, where it’s being saved – and whether that’s safe.
DSPM Benefits Vary by Vendor
One thing to consider is that the scope and specialty of each DSPM tool will vary by vendor, especially as it’s still early on in the DSPM game and the market has yet to standardize.
While the object of protecting data anywhere across your enterprise is one that can benefit every organization, and the benefits outlined above can be expected from most any DSPM tools if you want specifics – like the ability to detect threats in real-time or a Monetary Value Assignment included with your risks – it’s best to do your research and identify which provider best aligns with your needs.
Conclusion
Ten years ago, it was all about data, data everywhere. Well, we got what we asked for, and now we need to reign it back in. Environments are becoming increasingly distributed and are becoming too complex to handle in the traditional sense. All the storage-specific, app-specific, and network-specific tools in the world still create a soup of confusion when unintegrated and easily lose track of data when it’s taken out of bounds (rightfully or wrongfully).
DSPM lets organizations track data no matter where it goes, understand the risk it presents to the enterprise, and begin to mitigate the circumstances that make it a liability.
