Last year, data security posture management appeared in the Gartner Hype Cycle for the first time. And the hype has only grown bigger since then. But why is DSPM at the forefront of today’s security conversations? Because cloud transformation and data democratization have changed the world that we live and work in.
To keep up with growing customer demands, competitive organizations focus on breaking down internal silos and democratizing processes that once belonged to only one department. When we look at data management, this means that more data is stored in the cloud, then made accessible to more team members.
And by design, it’s easy to copy, move, use, and share this data with little to no gatekeeping. While this helps promote data democratization and cloud transformation, it also creates a new risk landscape. It’s an “innovation attack surface” — massive, decentralized, and creates accidental risk across your entire organization.
As a result, cloud data security requires a radically different approach from clunky, old, legacy on-premises data security. That’s how DSPM solutions come into the picture. They provide five main benefits to organizations:
1. Sensitive data exposure prevention
A company’s data is its most important asset. If it’s left unprotected, a data breach is all too likely, which can cost millions of dollars, loss of trust, and customer attrition. Exposed data also violates compliance requirements around regulated sensitive data such as Personally Identifiable Information (PII), Personal Health Information (PHI), and Payment Card Industry (PCI). This racks up fines, negatively impacts organizational credibility, and can result in heightened regulatory scrutiny.
The cloud makes it far more difficult for organizations to protect sensitive data. In many cases, sensitive data gets overexposed during the day-to-day of working with cloud storage (e.g., accidentally put into public S3 buckets, copied out of development environments, etc.). And thanks to the massive amount of data in the cloud, an overwhelmed security team can miss an important database or file, leaving it unprotected. In some cases, hidden data remains completely unknown to any key stakeholders in the organization. This type of data, known as shadow data, creates unprecedented risk since you simply can’t protect what you don’t know about.
DSPM solutions solve the problem of overexposed, unprotected, and shadow data by discovering both known and unknown data. Then, it classifies and monitors the security posture of this data continuously, even as it proliferates. And once you can see and keep track of all of your most sensitive data, you can protect it and prevent exposure.
2. A smaller, more manageable data attack surface
Unused copies or outdated versions of data often exist within an organization. Maybe a developer made a copy for a quick test. Maybe someone accidentally saved two different versions of the same file. Maybe a third-party application made a backup copy without anyone’s knowledge. The list goes on. When protecting sensitive cloud data, it’s important to eliminate the data you don’t need.
A DSPM solution automatically monitors the copies and versions of all sensitive data. It discovers/classifies sensitive data as it moves across the cloud environment, verifies policies to protect it, and then provides remediation guidance. Identifying and remediating data security violations across your entire cloud ecosystem leads to a much smaller data attack surface. This exponentially lightens the load for your security team.
3. Empowerment of value creators.
In past years, the security team protected data by keeping it inside a walled perimeter. This was easier when everything got stored in on-prem environments with strong perimeter controls. Plus, organizations used to position their security teams as gatekeepers — empowered to restrict access and prevent unauthorized use of data for the good of the entire organization.
But nowadays, gatekeeping has become a hindrance to innovation and value creation. More and more organizations are seeking to democratize their data by enabling everybody to work with it, regardless of their technical know-how. If security teams attempt to restrict access in any way, the rest of the company sees them as the “team of no.” Instead, security teams must actively enable the work happening across the “Innovation Attack Surface,” what we call the attack surface created by the company’s developers and data scientists as they use, move, and share data in service of creating new products, streamlining business processes and keeping their organizations ahead of the competition, while still maintaining organizational data security and compliance.
A DSPM solution empowers security teams to support data democratization efforts by continuously monitoring for exposed sensitive data without impacting cloud performance.
4. Faster, more assured compliance.
Today’s security teams also face the challenge of keeping up with the “acronym soup” of cloud compliance regulations (a “bowl” that’s far larger than on-prem compliance regulations). But if you break down these regulations to their core, almost all of them focus on knowing where all the data is, then understanding security posture against an acceptable amount of risk.
Keeping your cloud compliance up-to-date requires automated and continuous cloud data security. You have to keep tabs on the comings and goings of cloud data in a centralized location. Or, something will slip through the cracks — sometimes something sensitive and important.
DSPM solves this challenge by detecting and creating alerts whenever sensitive and regulated data violates data residency requirements. DSPM also segments the environment based on data privacy requirements (e.g., PCI DSS, HIPAA) and business needs. Plus, DSPM turns other data security efforts, such as data inventory and classification, into tangible reports (by data type or mandate), proving compliance to third parties such as auditors.
5. Reduced cloud costs.
Cloud providers base their users’ costs on consumption. As Amazon Web Services puts it, “AWS pricing is similar to how you pay for utilities like water and electricity. You only pay for the services you consume.”
Because of this pricing model, unused data in the cloud racks up unnecessary costs. When data scientists, developers, or other users copy/move data once and never use it again, the company still pays for this forgotten, unused data to sit in storage. Almost all organizations have this unused data lurking in their cloud storage. In fact, the Laminar team has found shadow data at 100% of our customer engagements.
DSPM identifies duplicate, redundant, and abandoned data that provides unnecessary cost and risk, then spells out clear and actionable remediation steps to make the removal easy.
Laminar’s DSPM Solution
Laminar offers a DSPM solution that provides cloud-native data security in four stages:
- Discover– finding and classifying all cloud-resident data, moving beyond just known or manually tagged assets.
- Prioritize– triaging discovered and classified data by pre-established policies, overall context, and other organization-specific factors
- Secure– providing posture improvement recommendations and data context to guide best next steps for remediation.
- Monitor– monitoring data as it moves in the cloud to continuously notify on violations to security policies.
Our cloud data security solution performs all of these steps agentlessly and autonomously, all while securely keeping your data within its original environment, providing all of the benefits of a leading DSPM. Want to find out more about how Laminar works? Visit our data security platform page.
Subscribe to our blog
Get notified when a new piece is out