According to Gartner, who coined the category, Data Security Posture Management (DSPM) provides visibility into where sensitive data is located, who has access to it, how it's been used, and its security posture.
DSPM addresses several current realities. First, everything runs on data. Everything. Second, cyber criminals, fraudsters, nation-state actors and other threats are committed to stealing data for their nefarious purposes. Third, organizations must comply with an intimidating list of regulations for specific types of data—or face massive penalties. However, regulations don’t do anything to protect data. Protection has to come from costly, sophisticated security controls and infrastructure put in place by the individual organization. Fourth, in spite of all this security, cyber attacks and data breaches continue to escalate with ever-costlier consequences. And finally fifth, 328.77 million terabytes of data are created every day (Statista) and it all goes somewhere—mostly to organizations that deliver goods and services in response. That data never really dies, and organizations holding or using it are responsible for it.
Until recently, the industry roughly divided data technology into data management tools and cybersecurity tools. With terabytes of data to manage, organizations needed ways to find, classify, and understand the data they held—whether IT system and performance data or regulated data. Data governance emerged as a category of solutions for organizing regulated and other business-critical data.
Cybersecurity tools largely focused on limiting access to systems storing, processing, or transporting data. However, as cyber threats have become highly sophisticated, security solutions have branched into numerous classes of solutions designed to detect, respond to, and remediate threats.
Both sets of solutions are concerned with identifying and protecting “the data.” With a common goal in view, data governance solutions appear to be trying to integrate more security capabilities into their products. Cybersecurity solutions need deeper visibility into the data feeding security controls to ensure that they’re delivering the defense levels needed.
Solutions in the new DSPM category provide capabilities for assessing the current state of security for sensitive data, identifying potential risks and vulnerabilities, implementing security controls to mitigate these risks, and regularly monitoring and updating security policy and controls. These solutions have largely come from the data governance arena and are adding—or talking more about—features of their solutions that have some impact on security for the data they manage.
DSPM describes a subset of capabilities that Flying Cloud has developed and patented over the past few years. However, DSPM is an approach. It’s not a specific solution or product. It’s a means by which an organization can get a detailed handle on the data that is created, stored, moved, used, shared, and changed—across its entire enterprise.
We believe that data posture management is really what organizations need. Securing data is part of managing overall data posture. But because data fuels every business process, you need to know a lot more about any given data set or individual data binary than just whether it meets a compliance requirement. For instance, is the data traffic in your IT DMZ being decoded properly by the firewall before it can be consumed by other security controls? The security controls can’t evaluate what they’re fed or know if they’re only receiving a percentage of what is intended. We’ve seen this more than once. How do you know if your security defenses are actually working as expected?
Further, not all data is regulated or even considered “sensitive.” For example, IP is considered sensitive, but where is it being used outside of the PLM environment? Are employee chat streams carrying data about upcoming product launches or corporate acquisitions? What about data in customer support bots? How about internet search results? If you don’t know the data you’re holding, you don’t know if it’s an asset or potential risk.
Data posture management, by our definition, requires the ability to see the complete data lifecycle. Where did it originate? What was its original purpose? Is it original data, a derivative, or purely synthetic? As organizations look to leverage their data for AI development and other internal uses, the outcome of their projects depend entirely on the quality of the data used.
Finally, data posture management serves larger enterprise strategies. Organizations certainly need to know their data cybersecurity risk, but they also need to understand the potential risks associated with poor data quality in an AI model. They need to be aware of the brand reputation risks associated with data in chat bots and social apps. Application development, R&D, forecasting, competitive differentiation, and many other business goals rely on data that can be seen and trusted.
By our definition, DSPM is a start, but organizations need the ability to analyze and assess risk for any—or all—data. No question about your data should ever be answered with “I don’t know.”
DSPM is an approach to managing data posture, including its security posture. Data Loss Prevention (DLP) is a class of cybersecurity solutions that detect and prevent data breaches by blocking extraction of sensitive data across multiple systems and locations. DLP is a required security control for many compliance regulations like GDPR, HIPAA, CCPA, and others. DLP is one enterprise security tool among many. Other common security controls include firewalls, identity and access management (IAM), endpoint detection and response (EDR), security information and event management (SEIM), VPN connections, email security, URL filtering, and many others.
Many vendors in the DSPM category focus on securing data in the cloud. At Flying Cloud, we know that cloud data is just one venue where organizational data lives. We secure and enable companies to manage the posture of all data—whether in the cloud, on premises, on desktops, in data centers, or traveling on the network.
DSPM addresses data posture management for sensitive data—unless you’re us, and we expand that definition to include all or any data.
Application Security Posture Management (ASPM) is a comprehensive approach for building security into as applications as they are developed and deployed. It provides holistic visibility into the application environment, automation, and comprehensive security measures used to implement, measure, and improve application security programs. ASPM aggregates, correlates, and assesses security signals throughout the software development, deployment, and operation lifecycle. Its goal is to enhance visibility, manage vulnerabilities, and control enforcement to improve application security efficacy and risk management.
Cloud Security Posture Management (CSPM) is cybersecurity technology that automates and unifies misconfigurations and security risks across hybrid cloud and multi-cloud environments and services. CSPM looks specifically at cloud infrastructure (such as virtual machines and containers) and PaaS implementations.
External Attack Surface Management (EASM) refers to the services deployed to discover internet-facing enterprise assets and systems and associated exposures—such as misconfigured public cloud services and servers, exposed credentials, and third-party partner software code vulnerabilities that adversaries could exploit. Many leading cybersecurity solutions include some or all of these capabilities.
Cloud Native Application Protection Platform (CNAPP) is a unified, cloud-native software platform that monitors, detects and acts on security vulnerabilities and potential cloud security threats. CNAPPs minimize complexity and facilitate operations for DevOps and DevSecOps teams from development through production and deployment.