Data Security Glossary

No matter what your role is within an organization, this data security glossary is intended for anyone from the security leader to the security practitioner.

California Consumer Privacy Act (CCPA)

The CCPA gives California residents the right to know what personal information a business keeps about them, understand how it gets used, and then prevent or delete the collection of their personal information. The California Privacy Rights Act (CPRA) extended CCPA to cover California-based employees, contractors, and emergency contacts. In addition, it introduced new consumer rights and further expanded the definition of personal information.

Cloud data governance

Cloud data governance encompasses all principles, policies, and procedures for managing data in cloud environments. It focuses on managing the privacy of data according to regulatory compliance requirements and industry standards; mitigating data risk; and ensuring data is accurate, available and usable across the organization. Cloud data governance should enable organizations to adhere to privacy standards without interrupting organization-wide access to data. Learn more about cloud data governance.

Cloud security posture management

Cloud security posture management focuses on continuously monitoring and assessing the security posture of cloud infrastructure. CSPM platforms scan for potential cloud infrastructure risks such as misconfigurations, vulnerabilities or overly-permissive access control. Because they focus on the infrastructure of cloud environments, CSPM platforms lack the ability to do robust data discovery and classification, provide only limited context about the data, and do not have any focus on privacy, compliance, or governance requirements. Understand the difference between CSPM vs. DSPM.

Data asset

A data asset is a broader term that encompasses any object or set of objects that contain data. It could refer to a data store (such as Amazon S3 bucket), a data object within that store (such as Apache Parquet file), or a data record (such as a single row in a MySQL table). 

Data classification

Data classification is the practice of categorizing data based on specific characteristics such as its sensitivity, value, volume and criticality to an organization. By classifying their data assets, teams can better understand the owners and uses of data, define and enforce policies appropriate to the level of data sensitivity, and reduce risks such as unauthorized access, data loss, or breaches.

Data democratization

Data democratization is the process of enabling many users across a business to easily access and use data. Previously, only data experts could handle data, making it difficult for other departments to make data-driven decisions. With the rise of data democratization, various users — including non-experts — can use tools and resources to analyze, interpret, and leverage data. Widely-available data enables business innovation, especially as it migrates to the cloud, which also increases data security risk. Learn more about cloud transformation and data democratization.

Data mapping

Data mapping enables teams to understand the location, source and destination of their data, including previously unknown shadow data, its format and type, and which transformations it undergoes. It is used both to ensure compliance with data protection regulations and standards, and governance standards that often require organizations to map data because it provides visibility into potential risk.

Data security in the cloud (cloud data security)

Data security in the cloud, also referred to as cloud data security, protects the data stored and processed in cloud environments. The discipline is focused on empowering organizations to leverage that data to meet business goals while still protecting cloud data from exposure risks, breaches and compromises. To make this approach work, it’s imperative for security teams to understand where the sensitive data is and who has access to it, the overall security posture of that data, and how it is being accessed on an ongoing basis. Learn more about data security in the cloud.

Data security posture management

Data Security Posture Management (DSPM) is the set of processes, policies, and technologies used to protect sensitive data and ensure compliance in cloud environments at scale and with automation. This rapidly evolving security solution category grew out of the need to protect the “innovation attack surface” created by the unintentional risk cloud data users, such as developers and data scientists, create when using data to drive innovation. It provides organizations with a practical approach to securing cloud data by discovery of structured and unstructured data, analyzing access, usage patterns, and security posture, and providing actionable, guided remediation for data security risk. Learn more about data security posture management (DSPM).


General Data Protection Regulation (GDPR) is a law that requires organizations to protect the personal data and privacy of people and companies inside the European Union. The EU recommends seven principles for complying with GDPR:

  • Lawfulness, fairness, and transparency 
  • Purpose limitation
  • Data minimization 
  • Accuracy 
  • Storage limitation 
  • Integrity and confidentiality 
  • Accountability

Innovation attack surface

The innovation attack surface is a massive, non-contiguous patchwork of exposed data and shadow data that creates unintentional risk caused by those that use an organization’s cloud data to propel the business forward. These innovators using data and creating risk as a natural by-product could include developers and data scientists, among others. Most organization’s naturally accept the innovation attack surface as a cost of doing business in the cloud, however this is becoming increasingly untenable as cloud data proliferates and related risks rise. 

Public cloud data security

Public cloud means an organization uses a third-party cloud service provider (CSP) to provide and manage cloud infrastructure, often including data stores in a fashion that is shared with other businesses (as distinguished from private cloud which is not shared). In the cloud, where data can proliferate exponentially, data security is often a shared responsibility and more important and challenging than ever before. Put together, public cloud data security is the practice of securing the data that is present in the public cloud.

Public cloud security

Public cloud security focuses on securing public cloud environments that are managed by cloud service providers (CSPs). It is different from private cloud security that focuses on the security of private cloud environments. Public cloud security follows the “shared responsibility” model, meaning that cloud providers and their customers must jointly take responsibility for security. Learn about public cloud data security.

Security execution gap

The security execution gap refers to a growing divergence between the activities that contribute to innovation and the security activities intended to protect the business. To overcome this gap, organizations must empower their value creators, such as developers and data scientists, to innovate quickly and safely with agile data security.

Semi-structured data

Semi-structured data does not align with pre-defined data models but contains associated information such as metadata. This additional information provides some level of structure by enforcing hierarchies and separating semantic elements. Many spreadsheets are examples of semi-structured data.

Sensitive data

Sensitive data refers to any information that could be harmful to an organization if disclosed or accessed by unauthorized individuals. Examples of sensitive data include everything from customers’ personally identifiable information (PII) such as health records, trade secrets, and financial information to highly confidential trade secrets. To adequately protect this sensitive data, organizations must know where it is, then implement security measures such as enforcing access controls or moving sensitive data out of insecure environments. Learn more about finding and protecting sensitive data in the cloud.

Shadow data

“Shadow data” refers to unknown and unmanaged data that the organization’s IT and security teams do not govern, secure, or update. Because of data democratization, it is common for a data user to copy, move, or modify data without the IT and security team’s knowledge. This has led to the proliferation of shadow data and it presents a very real risk to organizations. Learn more about shadow data.

Structured data

Structured data aligns with a predefined data model. Examples include names, social security numbers, addresses, etc. Because this data is highly organized, users can leverage tools such as a relational database management system (RDBMS) to input and modify structured data. Structured data is often transactional and quantitative in nature (e.g., financial transaction data).

Unstructured data

Unstructured data is usually qualitative and does not fit into a predefined data model. As such, conventional data tools such as relational databases cannot process it. Examples include text, video or audio files, images, etc. Most creative works, designs, IP, and documents consist of unstructured data.


Versioning is a cloud service provider (CSP) feature that keeps multiple versions of an object in the same bucket. Many teams use it to preserve, retrieve, or restore different object versions when needed. However, versioning can become a security risk if there is no policy for permanently deleting or safely archiving previous versions. Otherwise, they may exist indefinitely, usually out of sight of the average user, adding to organizational risks and costs. Learn more about the data security risks of versioning.