Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

“Ahhh, So That’s Why Everyone’s Talking About DSPM”

Published 12/06/2022

“Ahhh, So That’s Why Everyone’s Talking About DSPM”

Originally published by Sentra.

Written by Galia Nedvedovich, VP Marketing, Sentra.

The most satisfying part of working at a startup in the hottest space in cybersecurity - cloud data security - is when I get to witness cloud security pros realize how Data Security Posture Management solves one of the most complex issues in modern infrastructures - knowing where all of your data is, and how it’s secured.

If you’re unfamiliar with DSPM, that’s understandable - it’s a new category recently recognized by Gartner’s 2022 Data Security Hype Cycle report that refers to the approach to securing cloud data by ensuring that sensitive data always has the correct security posture - regardless of where it’s been duplicated or moved.

After all, if the most significant security risk for any organization is a data breach, why not focus on securing the sensitive data at all times? The honest answer to this is that it’s very complex. The way data travels in the cloud is very different from how security tools were built to protect the data. Mostly they’re built to keep unauthorized users and products out of their infrastructure, but they’re not looking at the actual data.

As a result, we have a mismatch of how organizations build and use their data and their approach to securing these assets. Security teams and tools do what they do best, hoping that by combining different approaches, the most sensitive data never leaves their environment and is always protected.

So it’s no surprise that when DSPM tools came with a new data-centric approach and granted full visibility to their cloud environments and offered cloud data classification, security teams were curious.

“It will make my job as a product security leader a lot easier. I’ll be able to show [our engineers] where their compliance requirements are and what needs to be done there.”
- Product Security Director at a Large SaaS Company on DSPM

But let’s be honest, in the cyber world, this is not the first time that a new category has come in and promised to solve a complex problem, and security teams are justified in their skepticism. Compounding the challenge is the lack of human resources, the never-ending growth of the security stack, and a fear of being burned by a tool that says it will solve your problems and then underdelivers.

Nevertheless, I’m noticing a few ‘aha’ moments in our DSPM conversations with security leaders that keep recurring. And I think their reaction is a strong indication that they feel like someone has finally designed an approach that puts the data first. So far I’ve seen this reaction around these 3 areas of DSPM:

1. Shadow data:

So many cloud first organizations have data that’s been duplicated or moved and then forgotten. This shadow data is the ‘unknown unknown’ for security leaders - they don’t know what data is out there, and they don’t know whether it has the proper security posture. For security leaders, knowing where all their cloud data is immediately brings control back into their hands.

2. Too many users and 3rd parties to access sensitive data:

We all know that this happens, but once companies know who and which 3rd party integrations have overprivileged access to sensitive data, they’re well on their way to remediating the data vulnerability. (We once found source code that HR teams had access to. That came as a surprise to everyone!)

3. Quick Deployment:

The standard for a new security tool is to have a dedicated team assigned to test out a new vendor. One of the greatest advantages of DSPM is the fact that it needs zero implementation effort - “I don’t have the resources from my team to test out your solution” is simply not an objection.

DSPMs are different from other cloud security tools, which are built around building walls around your cloud. The problems of course, are (a) the cloud doesn’t have a perimeter and (b) employees need to move and manipulate the data to do their jobs. That’s one of the business reasons the cloud is adopted in the first place. Instead of defending non-existent perimeters and hurting productivity, DSPM makes sure that wherever your sensitive data goes, you know where it is and that it has the right security posture.

Of course, there’s only one way to actually tell if DSPM can find and secure your sensitive data - and that’s to try it yourself.

Share this content on your favorite social network today!