The way we protect data today is not how it used to be. Perimeter aside, until a few years ago, we focused mainly on the receptacle where the data was stored—not the data itself. To an extent, this is still a beneficial strategy today. However, it is incomplete.
Data Security Posture Management (DSPM) assigns specific protections to the actual data points wherever they go and leaves the business of securing the “box” to other solutions. Both approaches are needed for a comprehensive, defense-in-depth approach. Still, the main takeaway should be that one is not enough, especially when you’re dealing with a very complex cloud environment, and that “one” is not DSPM.
Here’s why.
Data Protection: The Traditional Approach
It might almost be too soon to call this “traditional” as it is the way many, if not most, organizations today still protect their information. And that’s okay, but again – it is incomplete.
Typically, we draw a line around our assets and say to attackers, “You shall not pass.” So long as everything is configured properly and all the “i’s” have been dotted, that should work just fine. However, we all know misconfigurations are rampant, and aside from that, even if everything was done impeccably, that data will inevitably move, entering another location. And what happens then?
Why That Doesn’t Work
Can an enterprise possibly follow its data around everywhere, anticipating where it will go next, and protect all those boxes as well? Probably not, especially when those places could be obscure links in the supply chain, a Slack message, a private USB, an email to a personal account, or an email to a perfectly clean workplace account (that’s been compromised). The best we can do in those cases is to secure the repository, database, cloud storage system, or application in which we know the data is stored and hope that all the best happens once someone removes it.
There’s no accounting for inside attacks, and there’s no accounting for people with escalated permissions doing exactly what they are allowed to do with said sensitive information (for example, retrieve it from the highly secured database) and then doing something nefarious with it (that we also can’t track). As it stands, Gurucul’s 2024 Insider Threat Report notes that as many as 83% of organizations have experienced an insider attack in the past twelve months.
Unfortunately, in this era of remote work, hybrid architecture, multi-cloud environments, and everything in between (let’s throw in AI and all its implications just for kicks), there are too many places for data to hide and too many digital, cloud-based cracks for it to fall through.
And when data gets lost, bad things happen. Think of shadow APIs, shadow SaaS, shadow data, shadow IoT, and on and on. It is predicted that by 2027, 75% of employees will be contributing to shadow IT within their organizations, up from 41% in 2022. Those hidden parts are all ticking time bombs waiting to be detonated by some enterprising threat actor, and those threat actors know what falls on the ground, so to speak, and where to look. All too often, modern enterprises don’t.
At this point, it might be asking too much to tell all organizations everywhere to go back and cover their tracks, find every last scrap of loose data and where it’s gone, and draw an even bigger protective wall around it. And even if they did, as soon as some nefarious insider decided to use their granted privileges to do something devious, there would be little stopping them.
That’s the traditional way, and yes – it leans largely on hope.
How DSPM Solves It
As data security firm Cyberhaven notes, “DSPM tools provide visibility into data assets, identify risks related to data residency, privacy, and security vulnerabilities, and also help companies protect PII and maintain regulatory compliance with data protection regulations.”
In essence, DSPM comes in and says, “We need to have visibility of all data, at all times, wherever it goes.” In other words, wherever sensitive information goes, DSPM goes with it. Now, there’s no getting lost. Now, there’s no “unaccounted for.” Now, if a malicious insider used their permissions to remove a customer list from a protected company repository in the cloud and tried sending it via WhatsApp to a competitor, DSPM would flag that action (as an anomaly, if nothing else) and in some cases (depending on how you’ve set it up) even run interference to stop it.
This is largely thanks to data lineage, the foundational feature that underpins all DSPM performance. Data lineage is the ability to track, from inception to ultimate end, where each piece of data goes at all times and the hands it has passed through. It also told you what those hands were doing, so if something went awry, you could pinpoint where.
Once you have that map in front of you, your data’s journey becomes transparent. This means no more shadow data. If it’s missing, consult the map and find, delete, or protect it. This means an end to information falling through the cracks.
Why DSPM is Needed Now
In the simpler past, protecting the perimeter was a quaint possibility, and securing data stores was equally believable. Then, digitization exploded (spurred by the COVID-19 pandemic and its demands), and complexity became the norm. There were more than a few factors at play.
- First, public and private clouds took off with a vengeance and started to mingle.
- Second, on-premises security experts tried to transfer their knowledge directly to the cloud, and that didn’t work – they are two different beasts requiring specialized sets of expertise.
- Third, many businesses that were not IT-savvy (much less cyber-savvy) were quickly forced to digitize. Many moved to public clouds without a complete understanding of the shared responsibility model (the agreement between cloud security providers and customers that only some security features come in stock, and the rest will be provided by the organization’s own cybersecurity team).
- Fourth, many of these newly digitized entities were running in the cloud but didn’t have a designated cybersecurity team (or even a single practitioner, at times).
- Fifth, when everyone looked to find one, they were reminded that the world was still in the middle of a global cyber talent shortage, making any available experts (and cloud security experts, especially) a rare and expensive breed. Sorry.
- Also, sixth— “SaaS for all” seemed to become the watchword of the last half-decade, as everyone dove headfirst into the pile of new and shiny solutions designed to optimize “all that data” these fully digitized companies were now collecting. While those tools delivered as promised, they never promised to secure the data (or make it human-readable, but that’s another story).
So, you have someone from nearly every department purchasing whatever applications they need to make things run just a little bit smoother, and IT is all too often left out of the loop (hence so much shadow IT). On top of that, most employees didn’t come into the digital game with a stock of cybersecurity knowledge, so as organizations are trying to invest in Security Awareness Training, unwitting employees are still doing things like emailing sensitive documents, sending unencrypted files, and all manner of unsafe practices simply because of lack of knowing. We think.
Needless to say, this perfect storm came together, leaving many unfortunate companies and their data in the crosshairs. The industry spent a long time trying to plug all the holes and provide ways for companies to notice behavioral changes that would indicate bad behavior. To be fair, those tools work well and should still be part of a comprehensive data protection plan.
But now is the moment for DSPM because we still need to do something more than “protect the box,” especially as that box has become a moving target (from cloud to cloud, platform to platform, and site to site). DSPM does several valuable things (besides data lineage) that make it ideal for finding, accounting for, and protecting data in a hyper-complex world. Those things include:
- Discovering shadow data repositories.
- Mapping data flows and pipelines.
- Transparency in data residency and access controls.
- Automating not only data discovery but data classification and risk assessment.
- Integrating with your current security offerings across both cloud and on-premises environments.
And, of course, more. DSPM’s popularity is rising to the point that a recent Gartner report predicted that by 2026, over one in five businesses will be using it to discover and secure their data repositories (both known and unknown). Several years ago, the market saturation was less than 1% (per the Gartner Hype Cycle for Data Security, 2022). This spike, and the attention it’s receiving in the industry today, indicates that in today’s complicated digital environment, a tool like DSPM may just be the new tradition, possibly sooner than we think.