Advertisement

Data Security Posture Management (DSPM): A Technical Explainer

By on
Read more about author Anas Baig.

Data is growing on a massive scale – it spreads across geographies, systems, networks, SaaS applications, and multi-cloud. Similarly, data security breaches are following suit and increasing in number (and sophistication) every year. Organizations must modernize their approach to cybersecurity and start giving equal attention to data and infrastructure. Here, data security posture management (DSPM) comes into the picture, offering organizations a data-first approach to cybersecurity.

Data security posture gives us detailed insights into an organization’s ability to defend its data against data breaches. That said, DSPM is much more than simply implementing two-factor authentication, data obfuscation, or encryption. In fact, DSPM goes beyond setting up security policies and controls. It helps organizations gain deeper visibility of their data landscape, streamline governance, and meet compliance with privacy laws and compliance standards.

Continue reading as we delve deeper into DSPM and why it matters now more than ever.

What Is Data Security Posture Management (DSPM)?

Data security posture management is commonly known as DSPM in the data security and governance community. It is the new kid in the block that offers a comprehensive or more meticulous approach to data security, governance, and compliance. Gartner introduced DSPM’s definition in its Hype Cycle for Data Security 2022 report.

The report defines DSPM as a set of processes that gives organizations “visibility as to where sensitive data is, who has access to that data, how it has been used, and what the security posture of the data store or application is.”

As a recently emerging trend, DSPM has many myths and assumptions associated with it. For starters, it is often confused with cloud security posture management (CSPM). While DSPM tends to take a data-centric approach, CSPM is more of an infrastructure-focused approach to cybersecurity. CSPM purely focuses on identifying and resolving misconfigurations across an organization’s IaaS, SaaS, or cloud environment, such as data stores, data warehouses, computer instances, etc. But it doesn’t have an understanding of the data at all.

Similarly, some assume that DSPM covers a broad range of environments, especially private clouds and SaaS applications. However, this isn’t the case at all. Traditional cloud-native DSPM solutions do not go beyond public clouds. Hence, it would be a key differentiator if a vendor could offer a solution that goes beyond public clouds and cover all environments.

Now the question remains, “What exactly does DSPM offer?”

As mentioned earlier, DSPM offers a broader scope of data security. It helps organizations assess and analyze every component that could potentially affect the security posture of the data landscape. It does so by helping organizations to answer the top-most important concerns:

  • Where is sensitive data located?
  • What types of sensitive data?
  • Who has access to the data?
  • How has the data been used or transformed?
  • What is the security posture of the data stored, system, or application?

DSPM answers these concerns and helps organizations leverage these insights to establish rules and policies and help establish security, governance, and compliance controls.

Why Does Data Security Posture Management Matter Now?

Data isn’t the only thing that is growing at an unprecedented rate. In fact, as data grows, it also compels organizations to look for a scalable, diverse, and cost-effective way to collect, manage, store, and process data at scale. Hence, more and more organizations are moving to private, hybrid, and multi-clouds. Oracle reports that 98% of organizations working with public clouds are now moving to multi-cloud infrastructures.

Although multi-cloud is indeed a cost-effective solution for working with data at scale, it comes with its own set of intricate complexities and challenges. For starters, there could be dozens of accounts in a single cloud service provider (CSP), and there could be multiple providers in a multi-cloud environment. Organizations with an international footprint may have data across different geographies. Every cloud service offers a distinct set of security configuration settings. Hence, keeping up with a consistent security policy and a set of controls across different cloud services is a huge challenge.

Similarly, data tends to move across different systems, accounts, and departments, be it in local locations or internationally. Keeping track of who can access the data, from which geographies they access it, and how they use it is yet another challenge for organizations. The most important concern is the protection of or the anonymity of sensitive data when a complete dataset – containing both personal and sensitive data – is shared across teams or with business partners. Cloud providers offer cloud-native IAM applications, but they are limited in nature and don’t provide much context around data.

DSPM effectively assists companies in managing and safeguarding their data by offering them complete intelligence into where the sensitive data is located, what sensitive data they have, who is accessing the data, the metadata or classification around it, etc. Companies use this intelligence to set up controls over access to sensitive data, governance frameworks, and security posture.

DSPM further assists companies in identifying and mitigating various security risks associated with cloud data. It does so by assessing various components while taking into account intelligence around data, such as data classification, data sensitivity, access policies, data flow across systems, infrastructure misconfigurations, etc.

What Are the Key Capabilities of Data Security Posture Management?

1. Discovery, Categorization, and Cataloging of Data

Information is dispersed across hybrid or multi-cloud systems, encompassing various SaaS applications, IaaS systems, data lakes, data warehouses, and additional microservices across multiple cloud service providers. Moreover, data volumes are rapidly increasing in both structured and unstructured forms.

Recognizing the colossal nature of multi-cloud environments and their inherent complexities, DSPM commences by identifying sensitive data across the business ecosystem in both structured and unstructured forms. Subsequently, it classifies this data, providing accurate context about its sensitivity level.

The act of data classification or categorization allows security teams to concentrate on protecting highly sensitive data, such as confidential information, especially within the framework of data protection regulations like GDPR or HIPAA. After the data is classified, DSPM constructs a reliable data catalog, essentially a comprehensive inventory. This catalog offers a holistic view of every data element existing across the ecosystem, complete with its business context, intended usage, and a glossary. Furthermore, the data is mapped according to relevant industry standards and jurisdictions.

2. Insights on Data Access Governance

In comparison to multi-cloud environments, managing access to sensitive data was relatively straightforward in on-premise infrastructures. Multi-cloud settings have numerous data stores containing thousands of data objects. This vast amount of data is then distributed across various cloud services, with each data store and object potentially having multiple users, roles, and permissions.

Every cloud provider provides native identity and access management (IAM) capabilities. However, these tools have a limited scope and often lack the necessary context for sensitive data, complicating data protection. The absence of insights into sensitive data access is not the only issue; other dominant access governance challenges in the cloud include excessive privileged access, idle users, publicly accessible storage with sensitive data, and more.

DSPM oversees and tracks insights into sensitive data access based on users, roles, and locations. Utilizing sensitive data intelligence, DSPM configures access policies specifying what levels of access certain users or roles can have to specific data, systems, or applications. By monitoring certain access parameters, such as inactive users or overtime access usage, governance teams can effectively implement a least privileged access model.

3. Data Lineage

Data undergoes transformations from its creation, analysis, to retention. For example, customer transaction data transforms from the point of purchase when the customer shares their details, through various processing stages, storage in a multi-cloud database, and subsequent extraction for analysis, possibly even being shared with external business partners for advertising. The data is then retained for business or legal purposes.

Considering that large-scale businesses experience hundreds or thousands of such transactions daily, and all such data might be stored and accessed in the multi-cloud, tracking the transformation of that data can present a security challenge.

One of DSPM’s main features is data lineage, enabling data and security teams to trace data changes over time, thus providing a better understanding of its processing and handlers. This capability allows security teams to pinpoint gaps, detect unauthorized access, and formulate appropriate security policies.

4.Configuration Risk Management

Multi-cloud environments include services from different providers, such as AWS, Google Cloud, Azure, or Oracle Cloud Infrastructure (OCI), each having its unique system settings and configurations. While each service provider may offer a CSPM tool, it may have a narrow scope. A single cloud can contain numerous misconfigurations or errors, and this can multiply across multiple clouds, making a centralized view impossible.

An optimal DSPM would actively integrate with a variety of IaaS and SaaS services, like Azure, AWS, GCP, Snowflake, Workday, or Office 365. It would use custom policies or in-built rules from standard security frameworks, like CIS, NIST, or PCI DSS, to identify misconfigurations related to identity access controls, encryption, network, publicly accessible storages, and more. 

Once the rules and policies are established, the tool can be configured for automatic correction or mitigation. For instance, if the tool detects a publicly accessible GCP Cloud Storage containing sensitive data, it would trigger the policy to update access card settings, blocking public access automatically.

Also, the significance of having a robust DSPM solution isn’t limited to data governance and security. DSPM also extends to supporting an organization’s compliance efforts. For instance, the visibility of sensitive data that DSPM provides can be mapped to the regulatory requirements. With properly tagged, labeled, and classified data, privacy teams can set up proper controls around DSR requests, cross-border transfers, access policies, etc.

Conclusion

Data security posture management is a rapidly growing trend. Data security and governance events across the globe are now buzzing with the term DSPM, and more and more organizations are jumping on the bandwagon to streamline their cloud data management and security. However, it is impossible to have the needed insights into data or the security risks associated with it if we keep looking at different controls through separate lenses. Hence, it is critical to unify these controls for increased cost efficiency and ease.