Data Security Posture Management is a strategy that focuses on the security of cloud data, ensuring that sensitive data maintains its proper security posture, regardless of where it is replicated or relocated.
To better understand DSPM, let’s consider a scenario:
Imagine you’ve established an excellent security posture for your cloud data. Your data is in production, safeguarded by a firewall, it’s not publicly accessible, and IAM controls are properly limiting access. Now, a developer duplicates this data into a lower environment.
What happens to your meticulously built security posture? It dissipates, leaving your data only as secure as the posture in this new environment. If this environment is vulnerable or inadequately secured, your sensitive data is exposed.
The problem lies in the fact that security postures don’t travel with their data. Data Security Posture Management (DSPM) aims to address this issue.
How Does Data Security Posture Management Function?# To achieve a data security posture that moves with the data and helps remedy problems, we need a solution that:
- Discovers all data in your public cloud, including ‘shadow data’ that’s created but unmonitored.
- Understands the security posture the data should have.
- Prioritizes alerts based on data sensitivity and provides contextualized remediation plans. While data discovery and classification tools have existed for years, they lack the ability to offer business context. If sensitive data is found, but its business criticality or security posture isn’t known, it provides little assistance to security teams trying to prioritize numerous alerts.
For instance, if a data discovery tool identifies PII data with the correct security posture, there’s no need for an alert. A proficient DSPM solution would not distract you with one.
Why is Data Security Posture Management So Crucial Now?# The answer lies in the adoption of the cloud.
In the pre-cloud era, securing data meant fortifying your data center with a firewall. Regardless of data movement or duplication, it remained within your organization’s data center. There was no distinction between infrastructure security and data security. However, for cloud-first businesses, sensitive data constantly moves across your cloud to different environments with varying security postures. Hence, the need for a product that ensures this constantly moving data maintains the correct security posture.
But, Isn’t Cloud Security Posture Management (CSPM) Already Doing This?# CSPM solutions are designed to secure cloud infrastructure, while DSPM focuses on cloud data, which is a substantial difference. CSPMs are developed to identify vulnerabilities in cloud resources like VMs and VPC networks. They may provide basic insights on data, like identifying PII in text files in VMs and S3 buckets, but generally, they are data agnostic and don’t prioritize remediation based on data sensitivity.
In contrast, DSPM is about the data itself. It identifies data vulnerabilities such as overexposure, access controls, data flows, and anomalies. A DPSM solution creates a connection between data and infrastructure security, enabling security teams to understand what sensitive data is at risk, rather than merely presenting a list of vulnerabilities to fix. Essentially, DSPM overlays data security and context on infrastructure security.
How Does Data Security Posture Management Determine Sensitive Data?# Clearly, some data is sensitive – like social security numbers, credit card details, and health data. These must be safeguarded not just for security reasons but to maintain compliance with regulations like PCI-DSS, HIPAA, and more.
However, a robust DSPM solution needs to go further. It should autonomously determine the type of sensitive data it finds and identify data that isn’t as straightforwardly structured as a credit card number. Through understanding and clustering metadata and leveraging ML technologies, DSPMs can discover intellectual property, customer data, and more.
A critical factor is data ownership. DSPM should integrate with data catalogs to understand who is responsible for the data. Another concern is scale. Traditional data discovery and classification solutions often struggle to scan and classify at the scale of modern cloud infrastructures. DSPM must effectively and efficiently scan petabytes of data to ensure complete discovery without causing your cloud bill to skyrocket.
Conclusion: DSPM = Security that Accompanies Your Data# Data Security Posture Management is a novel concept, and it’s natural to question the need for another security acronym. However, DSPM addresses real security problems arising from the transition to the cloud and can help prevent significant data breaches.
Data leaks involving customer information, company secrets, and source codes aren’t caused by initial failures to protect sensitive data. They occur due to the ease with which data can be duplicated and transferred – without the security posture following suit. Data Security Posture Management seeks to ensure that wherever your data travels in the cloud, your security posture accompanies it, and data risks are minimized.”
