Data security posture management (DSPM)

What is data security posture management (DSPM)?

DSPM is a way to protect data with technologies and processes used to identify sensitive data, monitor, and reduce risk of unauthorized access to critical data. By focusing on the data itself and using intelligent automation to constantly test and improve the security mechanisms that guard it, DSPM prevents data from being exposed, exploited, compromised, or stolen.

This emerging security trend was named by Gartner in its 2022 Hype Cycle for Data Security. According to that research, DSPM technologies can identify and classify unknown data—both structured and unstructured—as well as any security risks, anywhere in an organization’s environment. By detecting and alerting whenever a security policy is trespassed upon, and prioritizing alerts based on data importance and sensitivity, DSPM solutions can speedily stop and remediate attacks such as ransomware while they’re still in progress.

Why is DSPM important?

Traditional enterprise data security safeguarded data stored on-prem, and, in early cloud installments, the same monolithic data storage and three-tiered access frameworks were imposed on cloud data. It was a relatively simple model to deploy but over the past few years, as hybrid cloud and multicloud architectures became more common, this approach exposed too many vulnerabilities.

Hybrid and multicloud data in dynamic environments require significantly more robust controls related to access, services, distributed infrastructure, and general risk to thwart modern, savvy cybercriminals, both internal and external threats.

Today’s organizations require DSPM to protect their most sensitive data from cyberattacks such as ransomware attacks and breaches.

What are the benefits of DSPM?

A leading DSPM solution can benefit organizations in several ways, including:

• Identify critical data to inform resilience strategies — DSPM solutions automate the tasks of identifying and managing data—everything from correctly classifying its sensitivity (also known as data classification) to flagging outdated security policies or overly generous access permissions.
• Streamline and safeguard compliance — By doing rigorous audits of security policies that enable compliance with data protection regulations such as HIPAA, GDPR, and CCPA, DSPM technologies minimize the possibility of fines and legal action while protecting organizations’ reputations.
• Minimize attack surfaces — Since enterprises have a transparent view into where sensitive data is located—even across hybrid, multicloud, and SaaS environments—they can more precisely hone their security policies to fit the particular requirements of their data.
• Lower cost — By harnessing automation to continuously monitor and bolster their security postures, DSPM frees up security professionals to focus on higher-value work and to do more with less. Additionally, storing data in the cloud costs more money over time. DSPM can identify redundant, obsolete, and trivial data in cloud infrastructure that can be deleted to reduce cloud costs.

How does DSPM work?

DSPM solutions help keep organizational data secure and compliant by answering two questions: What are the data security issues and how can the team address them?

DSPM works in three basic stages:

Stage 1: Discover and classify data automatically. DSPM continuously finds and labels sensitive, proprietary, or regulated data across all environments, whether on-prem, hybrid, or multicloud.

Stage 2: Detect which data is at risk and prioritize fixing the problem area(s). DSPM does this by automatically and continuously monitoring for any violations of an organization’s security policies.

Stage 3: Remediate data risks and prevent them from occurring again. When a DSPM solution detects a problem, it fixes it. It also adjusts the organization’s security posture and policies based on current best practices, relevant laws, and the particular needs of an organization.

Cohesity and data security posture management (DSPM)

Organizations need to minimize the impact of cyberattacks and ransomware to keep business operations running smoothly. This requires identifying where in an organization’s environment sensitive data lives; classifying the data that matters most to the organization; quickly identifying and prioritizing attack risks; and rapidly restoring apps and workloads so business-as-usual can resume.

Along with immutable backup, Zero Trust data security principles, and near instant recovery of data and processes, organizations need solutions that can detect cyber threats, provide impact analysis of sensitive data exposure, securely isolate data, and seamlessly integrate with security operations.

Cohesity believes that organizations should consider modernizing security and boosting cyber resilience with a cloud-based service that does the following:

• Identify sensitive and regulated data with artificial intelligence (AI)-based data classification, including personally identifiable information (PII), PCI, and protected health information (PHI)
• Rapidly assess and understand the impact of a ransomware attack or cyber incident on this data
• Leverage AI for threat detection
• Perform cyber vaulting for secure data isolation from threats
• Integrate security and data management with security operations to automatically adjust cyber defenses and responses in case of future attacks

Cohesity DataHawk provides multiple cloud service offerings that deliver comprehensive data security and restoration capabilities to withstand and recover from cyber incidents. DataHawk works with Cohesity DataProtect to extend the security and threat detection of the Cohesity Data Cloud platform.

Cohesity partners with the broadest and most comprehensive selection of DSPM solutions so that organizations can discover of all data workloads, while also providing assessments of which data workloads have sensitive data that are often targeted by bad actors. These capabilities enable enterprises to be even more proactive in the fight against cyberattacks and provide the following cyber resilience benefits:

• Backup admins know upfront which objects have sensitive data.
• Instantly identify protection gaps for critical workloads.
• Actionable cyber recovery risk reports go directly to compliance teams.