Sit up straight! Shoulders back, chest out! We all heard these wise words about the importance of physical posture growing up. For those who did sit up straight and find themselves in positions of influence when it comes to IT, they are still hearing about the importance of posture, but in this case, it’s the importance of security posture.
Data security is an essential part of the day-to-day mission for any diligent business, but it is also a challenge because of the complexity of how we store, access, and use data while continuing to grow. Therefore, finding effective ways to secure it has been a priority, which has led to the development of data security posture management (DSPM) solutions.
What Value Does a DSPM Solution Provide?
DSPM solutions help organizations build a detailed view of their data environment and associated security risks across three key areas:
- Discovery and classification: This is the fundamental first step, as you can’t secure what you don’t know exists. Solutions look across cloud repositories—platform as a service (PaaS), infrastructure as a service (IaaS), and software as a service (SaaS)—as well as on-premises sources to discover and classify data, looking for sensitive information that could be misused.
- Access reviews: Monitoring who is using critical data, what they’re doing with it, and where they’re doing it from is the next step. It’s also important to track the ways in which sensitive data moves through and out of an organization. DSPM solutions review this information looking for misconfigurations, patterns, poorly configured repositories, and over-provisioned rights.
- Risk analysis: Once the above analysis is complete, DSPM solutions present a clear proposed security posture. They highlight risks, report on compliance against security frameworks, and offer guidance on how to lower these risks. Without insight into these areas, it’s impossible to apply robust data security.
This type of analysis can be done with native tools and skilled operations teams, but DSPM solutions bring all of these actions and insights into one tool, automating the effort and providing additional intelligence along the way—often more quickly and more accurately than a human.
How Will AI Impact the DSPM Market?
The original purchase drivers of data security tools were the introduction of GDPR, the European Union regulation, and a flurry of other data privacy legislation. Organizations needed to understand their data and where it presented regulatory risk, driving an increased adoption of discovery, classification, and security tools.
It’s likely that artificial intelligence (AI) will drive a new wave of DSPM adoption. AI learning models present a range of opportunities for businesses to mine their data for new insights, creativity, and efficiency, but they also present risks. Given the wrong access to data or even access to the wrong data, AI tools can introduce a range of security and commercial business risks. For example, if tools surface information to users that they would not normally be able to access or present inaccurate information to customers and partners, this could result in negative commercial and legal impacts.
Therefore, it’s essential for organizations to take steps to ensure that the data models that AI is using are both accurate and appropriate. How do they do that? They need insight into their data and to understand when and what information AI learning models are accessing and whether that data is still valid. AI usage should have us thinking about how to ensure the quality and security of our data. DSPM may just be the answer.
Are DSPM Solutions Worth the Investment?
The reality is “it depends.” It’s useful to realize that while DSPM solutions can definitely deliver value, they are complex and come with a cost that’s more than financial. Fully adopting the technology, as well as an effective DSPM process, requires operational and cultural change. These types of changes do not come easily, so it’s important that a strong use case exists before you begin looking at DSPM.
The most important thing you should consider before adoption is the business case. Data security is fundamentally a business problem, so adopting DSPM cannot be an IT project alone; it must be part of a business process.
The strongest business case for deployment comes from organizations in heavily regulated industries, such as finance, healthcare, critical infrastructure, and pharma. These usually demand compliance with strict regulations, and businesses must demonstrate their compliance to boards, regulators, and customers.
The next most common business case is companies for which data is the business, such as those involved in data exchange and brokering. They demand the most stringent controls because any failures in security could lead to business failure.
If you’re not in one of those types of organizations, it doesn’t mean that you shouldn’t adopt a DSPM solution, but you do need to consider your business case carefully and ensure there’s buy-in from senior management before you begin a DSPM project.
Stand Up Straight, and Get your Data Security Posture Right
A good data security posture is essential to all businesses. A DSPM tool will give you the insight, guidance, and controls you need and do it more quickly and effectively than pulling together information from several different tools and resources, improving your organization’s posture more quickly and saving on costs at the same time.
So, don’t slouch, sit up straight, and improve your data security posture.
Next Steps
To learn more, take a look at GigaOm’s DSPM Key Criteria and Radar reports. These reports provide a comprehensive overview of the market, outline the criteria you’ll want to consider in a purchase decision, and evaluate how a number of vendors perform against those decision criteria.