Data Security Posture Management is a tool that helps organizations gain visibility into their data estate, which is the underlying infrastructure that houses all corporate data. The scale at which organizations are producing data is on the rise, with an estimated 402 million terabytes of data being created every day in 2024 (Statista [1] [2]). To keep pace with this massive scale of data, DSPM solutions discover, classify, and categorize all data no matter where it sits.
Key Components of DSPM:
Discovery
The first step of DSPM is the discovery of datastores followed by the scanning and discovery of the data assets within those datastores. Today’s fast-paced world drives the creation of datastores for ad-hoc purposes, resulting in forgotten datastores. DSPM can use account and organization-wide discovery to identify these “shadow” datastores. Once on-prem, cloud and SaaS datastores are onboarded, sensitivity scans run, also called classification scans.
Classification
Now that discovery is complete, datastore scans run to classify and categorize the data within. Solutions vary with their scanning approach, typically offering a combination of the following options:
- On-Premises scanners (e.g., virtual machines or containers)
- Private Cloud Scanners (e.g., virtual machines, containers, or other serverless functions)
- SaaS Scanning (sending data to the vendor’s cloud directly or via proxy)
Classifiers are bits of sensitive data like a passport number, social security number, or full name. In the past regular expressions (regex) were relied on to classify data, but this tactic requires testing, tuning, and can result in false positive results. DSPM solutions have evolved, now offering AI and ML-based classification that utilizes complex patterns and context to scan for classifiers, which is more accurate and faster than regex-based classification.
Categorization
While identifying sensitive classifiers is crucial, it doesn’t fully answer the question of “what kind of data is this?” Categorization addresses this by grouping data based on keywords, classifiers and context using AI. Example categories could be HR, Financial, Sales or Legal. Some platforms allow you to drill down into categories, offering more nuanced sub-categories (e.g., background checks, offer letters, policies, job descriptions within the HR category). Having this granular level of categorization allows the organization to create policies and workflows to ensure data is in the appropriate datastore, while also checking the configuration and security of the datastore.
Compliance and Remediation
Organizations must adhere to compliance frameworks and industry regulations, and DSPM can help identify misconfigurations and risks that would cause them to fail an audit or face penalties. Built-in compliance frameworks paired with custom policy creation enables compliance teams to get visibility to the organization’s current posture, without having to be a technical user of the platform.
Although DSPM solutions focus on data-at-rest, remediation actions are still possible. Identifying risks is helpful, but having a pile of identified risks is useless if you can’t address them at scale. DSPM platforms offer varying capabilities for remediation including changing file permissions, moving or deleting data, removing organization-wide or external sharing links, attaching Microsoft Information Protection (MIP) labels, and offering remediation guidance wherever automation is not currently available.
How DSPM differs from CSPM and DLP
DSPM solutions can identify datastore misconfigurations, but can fall short of remediating these risks, which is where CSPM can be a complementary solution. Cloud Security Posture Management (CSPM) solutions scan and secure all cloud infrastructure, which includes but is not limited to datastores. DSPM solutions scan and secure data directly, focusing only on cloud infrastructure that houses data, as well as other datastores such as on-prem file shares and SaaS applications.
DSPM solutions differ from Data Loss Prevention (DLP) tools because they focus on data at rest, while DLP tools address data in motion. DSPM can be a complementary tool to DLP because DSPM solutions can scan and identify sensitive data at rest, applying labels that mark that data as sensitive. DLP tools can utilize these labels to enforce policies that prohibit unauthorized data movement. Without consistent data labels, DLP would be ineffective.
Why DSPM is gaining traction
All departments within an organization create data, have data owners, and have best practices to follow. Incorporating data security practices into daily workflows is not always the easiest and enforcement of company policies can vary as a result. Data sprawl is usually the result of working around policies to “get work done.” This sprawl can create difficulties for CISOs that don’t know where their sensitive data is, which in turn prohibits them from securing it. DSPM eliminates data silos and provides visibility into data sprawl and misconfigurations. DLP also benefits from DSPM findings, because the sensitivity labels and categories help with DLP policy enforcement. DSPM solutions help identify and prioritize risk while mapping to compliance frameworks to allow organizations to take a focused approach when addressing these identified risks. Ultimately, DSPM helps organizations answer this critical question of “where is my sensitive data?” while enabling them to respond to these findings in impactful ways.
Interested in learning more about K logix's DSPM services? https://www.klogixsecurity.com/dspm
Subscribe
Stay up to date with cyber security trends and more