What is DSPM? Why do you need it?
Digital transformation marches on, and with it, the volume of data generated by businesses grows exponentially. As organization embrace more cloud, container, and ephemeral services, their ability to maintain control of data security becomes strained. Traditional methods of access control and perimeter-based security cannot keep up with the pace. Additionally, international compliance regulations and data-use standards complicate the move toward a “global cloud.”
DSPM not only grants deep visibility into the security posture of the data layer, it enables
the management of the data permission structure to resolve gaps and identify lapses in
access, allowing human analysts and leadership to focus on more pressing issues.
Why is DSPM important to data security?
DSPM directly addresses the issues security, data, and IT teams have related to understanding the details associated with sensitive data—who has access, how it is being used, where it’s located, and whether it’s safe. DSPM is about data visibility—first by identifying data at the data object level, mapping which identities have access to what data, and then exploring how the data flows across environments.
Unlike traditional or legacy tools that focus on securing just the perimeter and the identities, DSPM solutions take a data-centric focus—regardless of the cloud or data store environment—providing a full and holistic view across platforms.
For our 2023 Insights Report, we outline The 8 Most Common Data Security Challenges that DSPM Solves.
Eight Data Problems Addressed by DSPM
#1 Lack of Data Inventory
Organizations simply don’t know what data they hae, where it is, or why it is important.
These are old, unused, and ripe for an attack because no one’s paying attention.
#3 Over-Privileged Data Stores
Just like over-privileged identities, an over-privileged data store has widespread access enabled, inviting trouble.
The single most common data security issue found and one of the overlooked paths to breaches and attacks, dormant identities should be eliminated.
#5 Over-Privileged Identities
It’s common for organizations to overestimate the level of access and privilege an identity needs. But this leads to potential for misuse or other data security incidents.
#6 Delayed or Incomplete Employee and Vendor Offboarding
Departed vendors or employees often retain admin-level access to sensitive systems and data, which must be found and cleaned up.
#7 Inadequate Segregation of Duties between Development, Test and Production Environments
Companies often fail to enforce segregation of duties between development, test, and production environments, leading to data leaks or misconfigurations.
#8 Application and Backup Misconfiguration
There are a lot of ways applications, systems, or backups can be misconfigured. Symmetry often sees things like inadequate access controls, unprotected files and directories, and access to unnecessary or unused features.
All of these data security issues can be addressed by the automatic data discovery and classification enabled by emerging DSPM solutions. Download the E-Book to see how.
How can DSPM help you?
Security and compliance teams realize massive benefits from the capabilities provided by DSPM. Tasks that would be nearly impossible to perform manually, even in traditional infrastructure, become automated and integrated into critical operations. DSPM enables business to:
Several key capability elements are required for a true DSPM solution. These provide cloud data security visibility and enable secure data strategies.
Visualize and Secure Data Across Environments
DSPM enables a holistic view of data, regardless of the data store. This breaks down traditional, siloed solution views and lets organizations understand the security of data, not it’s container.
Zero-Trust, Proactive Security Enablement
DSPM solutions enable the identification of excessive, unused or anomalous data, including access and usage patterns. Plus, it enumerates paths to sensitive data, allowing security and privacy teams to quantify the data blast radius of potentially-compromised accounts before abuse. This permits them to proactively enforce least privilege IAM permissions before compromise.
Achieving data operations at scale requires understanding data at the smallest degree,
at the data-object level, and visualizing it through the lens of industry standards and regulations to understand how the data posture complies. DSPM solutions permit this fine-grained data view, without burdening the team.
Anomalous Behavior Detection and Reporting
DSPM provides real-time observability of data, keeping pace with the speed of modern data operations. Additionally, it enables alerting and reporting on violations and potential misuse necessary to launch incident response and investigations quickly.
DSPM Is All About Continuous Oversight
A key component of ”management,” especially in security, is continuous improvement. A DSPM must provide real-time, meaningful guidance and even automate the improvement of an organization’s data security posture over time.
How does DSPM work?
DSPM and Data Discovery
DSPM solutions assist in collecting holistic data information about all cloud and on-premises data. Typically, DSPM solutions perform agentless scans of all data across AWS, Azure, GCP, and on-premises cloud for real-time snapshots or historical comparisons. This enables the platform to Identify sensitive data and where it resides, and demonstrate compliance with standards and regulations like SOC2, GDPR, CCPA, HIPAA, PCI, etc.
DSPM and Data Classification
DSPM platforms then permit deep data-level classification—allowing organizations to understand the nature of their data and which policies, controls, and compliance mandates they need to apply. Understanding the interplay between what the data is and where it is stored or used eliminates data compliance and security blind spots.
Gartner & DSPM
In its 2022 Cool Vendors™ in Data Security—Secure and Accelerate Advanced Use Cases, Gartner identified Symmetry Systems as a Cool Vendor in the data security space.
The Gartner® Hype Cycle™ for Data Security, 2022 also included the Data Security Posture Management (DSPM) category for the first time. It is no surprise to us that Gartner recognizes that the urgency of the problem around data security in the cloud is “encouraging rapid growth in the availability and maturation of this technology.”
Ultimately, the goal of DSPM is to enable organizations to quickly identify risks and mature their security posture over time—to protect the data—which is what most organizations care about most.
Is DSPM the same as CSPM?
In a word, no. But they are getting closer together. Traditional Cloud Security Posture Management (CSPM) solutions still place their focus on the configuration and management of cloud infrastructure, rather than the data on the infrastructure. At the end of the day, CSPMs provide broad security that is easily circumvented by a single compromised credential or even misplaced data. As such, CSPM continues to silo visibility and lacks the ability to “follow the data” from instance to instance or across technologies. But as more organizations demand high-resolution, data-object visibility, CSPM and DSPM platforms are headed for a convergence. Read more in our 2023 predictions.
What is DSPM used for?
Organizations adopt DSPM because they understand the importance of protecting expanding data stores in a multitude of environments, with an endless number of users, devices, and identities, against a backdrop of increasing governance and compliance concerns.
DSPM Use Cases
Data Inventory and Data Flow Mapping
Understanding where data is and who (or what) can access it requires an end-to-end overview of all your data across your on-prem, cloud, and hybrid data architectures.
Investigation & Detection
The complexity of the cloud and on-demand computing means that data often moves faster than security teams can respond. Leading DSPM solutions provide automated and continuous anomaly detection, track the security posture improvements needed to respond quickly, and offer actionable insights for remediation.
Effective Zero-Trust implementation demands continuous validation so only authorized users can access data and systems. But too many solutions focus on only the access component. Real-time monitoring with DSPM simplifies Zero-Trust strategies, extending them beyond the user and technology, to the data itself.
Compliance & Governance
Geographic and regulatory differences create challenges in ensuring data is protected where it’s stored, where it’s touched, and where it flows in between. DSPMs allow for robust, real-time data compliance and governance, regardless of data residency.
Maintaining a unified view of data security posture becomes more important as companies modernize and move to new compute models. Tracing and analyzing data to avoid shadow data or dangerous data access combinations can only be accomplished with a data-level perspective.
DSPM and Compliance, Privacy, and Governance
As jurisdictions turn an eye toward cloud service providers and companies that use cloud architectures, they recognize that taking a data-first approach to securing their customers’ data is crucial. This is why states and industries continue to make data security and privacy compliance a requirement for many organizations.
DSPM offers comprehensive solutions for complying with regulations in the United States, like the California Privacy Rights Act (CPRA) and California Consumer Privacy Act of 2018 (CCPA); and with European Union regulations like the General Data Protection Regulation (GDPR). They also meet the requirements of industry-led standards, like the healthcare industry’s HIPAA or the Payment Card Industry Data Security Standard (PCI DSS).
Get Started with DSPM
Curious how DSPM can provide the fine-grained data observability necessary to improve your compliance and data security posture? Speak with a Symmetry systems data security expert and explore our GataGuard DSPM platform. You’ll quickly discover how our unique approach to data asset inventory and data flow discovery, visualization, and alerting brings your data into focus.
Other DSPM Topics
DSPM and Zero Trust Architecture
Zero Trust principles—whether applied to identities, networks, or data objects—help organizations systematically and continuously reduce implicit trust and minimize risk through a combination of visibility, detection, response, and protection approaches. DSPM is key to implementing Zero Trust for data and enables application of the full Identify, Protect, Detect, Respond, and Recover process.
DSPM vs. DAM
Data Activity Monitoring (DAM) allows organizations to store, share, and organize data and documents, but only those that have been cataloged and added to the system. This creates blind spots for uncovered data stores or “shadow data” that is created and used outside the DAM platform. DSPM solutions perform continual active discovery of data, data flows, and identifies previously unknown data across on-premises and cloud data stores.
DSPM vs. DLP
Data Loss Prevention (DLP) solutions attempt to classify and stop data leaks at perimeters by identifying sensitive data as it traverses boundaries. As organizations move to more cloud-based or hybrid environments, the movement and scale of data quickly exceeds the ability of these perimeter-focused solutions. DSPM solutions take a data perspective approach, regardless of the data location, and look across the enterprise at scale, to permit proactive identity and access management strategies.
DSPM and Data Visibility
As organizations grow, their data tends toward “data sprawl”—the creation, collection, storage, and sharing of duplicate data or unmanaged data stores. DSPM mitigates this by providing enterprise-wide observability and discovery of data and data flows. This can be used proactively to limit access for Zero-Trust data architectures or to simply eliminate unnecessary data and cut costs.
DSPM & NIST
To be effective, any DSPM solution must support the full range of NIST security activities.