TDWI | Training & Research | Business Intelligence, Analytics, Big Data, Data Warehousing

Understanding Data Security Posture Management for Protecting Cloud Data

Last year’s new trend in data security is laser-focused on the data layer.

• By Karthik Krishnan
• March 9, 2023

Today’s modern enterprise is challenged to protect its data because of the immense growth in the actual data an organization must manage, particularly the data it migrates to the cloud. In addition, business-critical data that needs protecting these days has taken a myriad of forms. From financial data and intellectual property to business confidential information and PII, this growing list represents a very complex environment to secure.

For Further Reading: Threats to Data Security Will Drive Data Management Changes in 2023 Why Data Protection Requires a New Level of Resolution How to Protect Company Data by Managing Shadow IT

To help organizations protect their data from data loss, a new approach emerged in 2022 in the form of data security posture management (DSPM). Today it is proving to be a critical tool for effective data security because of its laser focus on the data layer. DSPM allows organizations to identify all their sensitive data, monitor and identify risks to business-critical data, and remediate and protect that information.

To get a better handle on this new approach and what it does, let’s consider what DSPM is not. Previous methods -- such as cloud security posture management (CSPM) -- primarily focus on risks in the infrastructure layer, such as an open S3 bucket. However, just looking at vulnerabilities in this layer isn't sufficient because you need to have context around the data in order to fully protect it.

In another example, traditional methods such as rule writing to discover what data needs protecting simply don’t work in today’s cloud-centric environment. With the cloud, it’s very easy for employees to create, modify, and share sensitive content with anyone. This places sensitive data at risk because organizations cannot rely on their employees to ensure that data is always shared with the right people.

DSPM Discovers Business-Critical Data DSPM has the unique ability to automatically identify all data sitting in the cloud, including both unstructured and structured data. The overwhelming majority of cloud data is unstructured -- which can include intellectual property, customer data, contracts, tax filings, PII and PCI data, trading documents, and operational data -- and all of it needs protecting.

DSPM’s clear advantage over traditional methods is data discovery with context. This means understanding data not just by the type (such as PII) but also by the context around the data itself, including intelligence around applications, networks, data classifications, users and identities, and event types. This context around your data is the special sauce DSPM brings to data protection.

DSPM Delivers Understanding of Your Risk

DSPM compares each data element to baseline security practices exhibited by semantically similar data. In doing so, risk -- such as risky sharing, unauthorized access, inappropriate permissions, and incorrect location -- is autonomously identified without placing a burden on security teams.

Discovery and risk identification also uncover critical issues such as data lineage. For example, you may have 20 versions of a sensitive contract. There are many questions you need to address around protecting this data, including where are all the variations of that contract reside across your repositories, who has access to it, who it has been shared with, and who is accessing it regularly. Other issues surround organizations not knowing about employees who leave but retain access rights long after moving on or retiring.

Inconsistent sharing and permissions, along with incorrect locations across these versions can introduce significant risk to sensitive data and are a leading cause of data breaches. Keeping redundant data in primary storage when older versions of the contract could have been moved to secondary storage also increases organizational costs. DSPM’s ability to track variations of data while also ensuring it is appropriately archived is critical for cost and risk management.

DSPM Remediates Risk

Taking action based on discovered data and identified risk is crucial. Advanced DSPM solutions investigate and remediate risk proactively. The investigation stage ties back to existing investigation workflows, including security incidents, event management platforms, security orchestration and response (SOAR), and security information event management (SIEM) platforms. DSPM tools can take specific actions, such as disabling user access, changing permissions, fixing entitlements, moving data to the right location, and deleting data.

For example, if a health organization needs to keep claims documents in an S3 cloud environment, what happens if they find claims records inside their SharePoint environment? DSPM can clean up their Office 365 environment by autonomously deleting any SharePoint data that should not be there.

DSPM’s ability to autonomously discover, monitor, and remediate risk creates an effective tool for an organization’s security posture. Beyond that, your DSPM solution of choice needs to operate in a manner that doesn’t require deployment of agents everywhere. Your DSPM should be easy to get up and running and allow you to quickly realize benefits by mining meaningful amounts of data to deliver visibility into what's going on within your environment from a risk perspective. DSPM solutions are proven to deliver accurate results and offer significant ROI for organizations.

DSPM solutions can empower organizations with actionable insights without requiring large teams to manage or administer the systems. With robust DSPM, small teams can focus on interpreting the risk findings and taking action, or they can employ auto remediation, leading to improved data security.