The Importance of Data Security Posture Management (DSPM)

table of contents

Gartner Hype Cycle for Data Security, 2022 Reveals New Category: DSPM

‍
The recent report by Gartner published on Aug 4, 2022 focuses on data security in multi-cloud and hybrid deployments. As data continues to flow from the corp premises to the different cloud deployments, the need for a consistent security posture increases and demands new capabilities. A new set of such capabilities is referred to as Data Security Posture Management (DSPM).

In this blog I will dig into this new set of capabilities, analyze the threats that justify new solutions to emerge and most importantly, explain why DSPM alone is not enough to protect your data assets in the cloud..

‍

The Current State of Cloud Data Security

Data insights company Statista estimates that this year, the amount of enterprise data stored in the cloud will, for the first time, surpass the amount of enterprise data stored on premises. And not by an insignificant margin—60% of enterprise data will be stored in the cloud in 2022.

Data is the fuel In today’s economy and is a critical element of growth as no business decision can be made without supportive data. So while the business is pushing forward, it is often the security teams who are left with the task to ensure that this important asset is secured.

Dig recently worked with a large financial organization in which the security team was struggling to address the many alerts created by an existing cloud security workload solution. While the existing tool provided a view of their entire cloud infrastructure posture, it lacked a “data centric view” to answer questions such as: is there sensitive data involved? When was it last accessed? Who owns the data from a business perspective? Without answering these questions, each alert seemed to weigh the same as the other and the list became endless. Unfortunately, this is not an uncommon scenario.

In addition to internal drivers for data security, there are also external drivers to secure organization data. According to the IBM 2022 cost of data breach report, the cost for financial organizations has reached an all time high of $5.97M. And to add insult to injury, the recent introduction of the FTC Safeguard Rule impacting financial services is at the top of a long list of data privacy and security regulations and surely not the last.
So, what is the premise of DSPM and does it protect cloud data security from the inevitable breach?

‍

What is Data Security Posture Management (DSPM)?

Data Security Posture Management focuses on reducing the risk that relates to data residing in multi-cloud deployments. It includes the following capabilities to get there:

Multi cloud Data Discovery and Classification: gaining visibility into your cloud data inventory means identifying the different types of data assets on IaaS/Paas, and using data classification techniques to label sensitive data as well as organization’s crown jewels
Identifying static risk related to data: covers general security posture practices to show context of the data, who are the people accessing the data, where is the data located, where is it going, is it encrypted? and more

Remember the aforementioned organization lost in a heap of security alerts ? Following a quick onboarding to Dig Security, a severe misconfiguration was discovered in a sensitive asset that was buried with issues carrying the same level of severity. Inspecting the “active identities” view clearly led to the conclusion that a user who mistakenly was granted privileged access was repeatedly accessing confidential data in an S3 bucket. This violation was immediately highlighted and later resolved following a note to the designated data owner.

This data driven approach to securing cloud assets is now provided with Data Security Posture Management tools. DSPM significantly reduces the “noise” that eventually leads to “alert fatigue” and helps the team focus on what matters most.

Having a centralized solution that looks over all sensitive data assets and highlights posture related risks in an aggregated way is a big step towards reducing the impact of a breach. But, is that enough?

‍

Cloud Data Security Beyond DSPM

No organization can afford to skip the capabilities mentioned above. When hit with a breach, one needs to be certain that their most valuable assets are kept secured. But that is not enough. As data moves throughout the organization, it relies on the controls of the systems that host it and which can expose it to new risks. When data is exposed or is handled by bad-intentioned actors, it is imperative that it is dealt with in real time. Therefore, Dig believes that the new DSPM category can only be inclusive with the following capability:

Real Time Data Detection and Response: monitor all types of data-interactions that could potentially lead to a breach. Many times, a unique combination of events might lead to an attack. Instead of creating “fatigue alert”, only issue alerts when it’s time to take a remediation action. Provide the remediation action along with the incident detected to close the loop.

In the last chapter of our customer story, Dig Security pointed to a programmatic data flow which repeatedly issued a financial report and sent it to a foreign account. This was recognized as an attack by Dig Security and alerted-on in under 3 minutes.

‍

Summary

The maturity of cloud adopting companies is dictating new security practices that focus on the data itself. This is a step in the right direction.
As you search for a solution that can help you close the gap on your cloud data security, how do you make sure you are not creating yet another siloed team that needs to deal with new threats? For this, stay tuned for our next dig.