According to Gartner, who coined the category, Data Security Posture Management (DSPM) provides visibility into where sensitive data is located, who has access to it, how it's used, and its security posture. However, DSPM is a set of solutions that address just one piece of a larger problem—the need for a data strategy.
DSPM addresses several current realities. First, everything runs on data. Everything. Second, cyber criminals, fraudsters, nation-state actors and other threats are committed to stealing data for their nefarious purposes. Third, organizations must comply with an intimidating list of regulations for specific types of data—or face massive penalties. However, regulations don’t do anything to protect data. Protection has to come from costly, sophisticated security controls and infrastructure put in place by the individual organization. Fourth, in spite of all this security, cyber attacks and data breaches continue to escalate with ever-costlier consequences. And finally fifth, 328.77 million terabytes of data are created every day (Statista) and it all goes somewhere—mostly to organizations that deliver goods and services in response. That data never really dies, and organizations holding or using it are responsible for it.
Until recently, the industry roughly divided data technology into data management tools and cybersecurity tools. With terabytes of data to manage, organizations needed ways to find, classify, and understand the data they held—whether IT system and performance data or regulated data. Data governance emerged as a category of solutions for organizing regulated and other business-critical data.
Cybersecurity tools largely focused on limiting access to systems storing, processing, or transporting data. However, as cyber threats have become highly sophisticated, security solutions have branched into numerous classes of solutions designed to detect, respond to, and remediate threats.
Both sets of solutions are concerned with identifying and protecting “the data.” With a common goal in view, data governance solutions appear to be trying to integrate more security capabilities into their products. Cybersecurity solutions need deeper visibility into the data feeding security controls to ensure that they’re delivering the defense levels needed.
Solutions in the new DSPM category provide capabilities for assessing the current state of security for sensitive data, identifying potential risks and vulnerabilities, implementing security controls to mitigate these risks, and regularly monitoring and updating security policy and controls. These solutions have largely come from the data governance arena and are adding—or talking more about—features of their solutions that have some impact on security for the data they manage.
DSPM describes a subset of capabilities that Flying Cloud has developed and patented. However, DSPM solves one piece of a larger problem.
Data fuels every business process. Because everything depends on data and data environments have become overwhelmingly complex, organizations need a foundational data strategy. A strategy enables them to assess the value of their data and set standards for its use.
You need to know more about a file, data set, or individual data binary than if it’s in a secure system or on a secure network. For instance, is the data traffic in your IT DMZ being decoded properly by the firewall before it can be consumed by other security controls? The security controls can’t evaluate what they’re fed or know if they’re only receiving a percentage of what is intended. We’ve seen this more than once. How do you know if your security defenses are actually working as expected?
Further, not all data is regulated. For example, IP data in a PLM environment is considered sensitive, but where is it being used outside of that system? Are employee chat streams carrying data about upcoming product launches or corporate acquisitions? What about data in customer support bots? How about internet search results? If you don’t know the data traveling your network, you don’t know if it’s an asset or risk.
Many of the organizations we work with don’t fully realize that >90% of data traveling over their wire is app-to-app and API-to-API data. After everyone goes home, systems are communicating—data is still moving. Systems are being backed up, they’re calling outside the organization for updates, they’re detecting threats, they’re monitoring systems, they’re updating applications, running analysis…you name it. This is critical data too, because if it becomes unavailable or compromised, everything attached to it is too.
A foundational data strategy gives you the ability to see the complete data lifecycle—for cybersecurity purposes and every other enterprise initiative. Where did it originate? What was its original purpose? Is it original data, a derivative, or purely synthetic? As organizations look to leverage their data for AI development and other internal uses, the outcome of their projects depends entirely on the quality of the data used. No question about your data should ever be answered with “I don’t know.”
DSPM is an approach to managing data security posture. Data Loss Prevention (DLP) is a cybersecurity tool that detects and prevents data breaches by blocking extraction of sensitive data across multiple systems and locations. DLP is a required security control for many compliance regulations like GDPR, HIPAA, CCPA, and others. Other common security tools include firewalls, identity and access management (IAM), endpoint detection and response (EDR), security information and event management (SEIM), VPN connections, email security, URL filtering, and many others.
Many vendors in the DSPM category focus on securing data in the cloud. At Flying Cloud, we know that cloud data is just one venue where organizational data lives. We secure and enable companies to manage the posture of all data—whether in the cloud, on premises, on desktops, in data centers, or traveling on the network.
DSPM addresses security for sensitive data. There are other posture management solutions.
Application Security Posture Management (ASPM) is a comprehensive approach for building security into as applications as they are developed and deployed. It provides holistic visibility into the application environment, automation, and comprehensive security measures used to implement, measure, and improve application security programs. ASPM aggregates, correlates, and assesses security signals throughout the software development, deployment, and operation lifecycle. Its goal is to enhance visibility, manage vulnerabilities, and control enforcement to improve application security efficacy and risk management.
Cloud Security Posture Management (CSPM) is cybersecurity technology that automates and unifies the detection and remediation of misconfiguration and security risks across hybrid cloud and multi-cloud environments and services. CSPM looks specifically at cloud infrastructure (such as virtual machines and containers) and PaaS implementations.
External Attack Surface Management (EASM) refers to the services deployed to discover internet-facing enterprise assets and systems and associated exposures—such as misconfigured public cloud services and servers, exposed credentials, and third-party partner software code vulnerabilities that adversaries could exploit. Many leading cybersecurity solutions include some or all of these capabilities.
Cloud Native Application Protection Platform (CNAPP) is a unified, cloud-native software platform that monitors, detects and acts on security vulnerabilities and potential cloud security threats. CNAPPs minimize complexity and facilitate operations for DevOps and DevSecOps teams from development through production and deployment.