Defining Data Security Posture Management
If you haven’t heard of data security posture management (DSPM) yet, it’s because it is an emerging security practice. Its aim is to help organizations ensure that their cloud security is as strong as their mainframe security by automatically detecting and protecting data—and doing this in a dynamically changing environment.
What Is Data Security Posture Management?
According to Gartner, data security posture management (DSPM) provides visibility as to where sensitive data is, who has access to that data, how it has been used and what the security posture of the data stored or application is. DSPM products do this by assessing the current state of data security, identifying potential risks and vulnerabilities, implementing security controls to mitigate these risks, and regularly monitoring and updating the security posture to ensure it remains effective. As a result, DSPM helps businesses maintain the confidentiality, integrity and availability of sensitive data. The typical users of DSPM software include information technology (IT) departments, security teams, compliance teams and executive leadership.
According to Balbix, an organization’s security posture is a measure of:
- The level of visibility it has into its asset inventory and attack surface.
- The controls and processes that are in place to protect the enterprise from cyberattacks.
- Its ability to detect and contain attacks.
- Its ability to react to and recover from security events.
- The level of automation in its security program.
Why Is Data Security Posture Management Important?
Some mainframe data and workloads have moved off the mainframe onto the cloud. This increases the chances of a data breach because the usual security strategies used on the mainframe can’t typically be applied to the cloud. It also complicates an organization’s data security strategy.
That’s where DSPM comes in. In a dynamic cloud environment where data can be fragmented across multiple applications, data stores and SaaS providers, DSPM will automatically detect data and protect it. It can supply a detailed picture of an organization’s security posture by connecting data, applications and identities. It does this by regular scanning of the database, so that DSPM knows the location of sensitive data at any time. In addition, it also needs to know how the data has been used and who has access to it. From there, it can build up a picture of the security posture for the data and application.
Regular scanning also helps to identify sensitive data, and knowing who has access to the data in any way can help identify areas that put the business at risk for noncompliance or data loss. Once any risks are identified, they need to be remediated.
It’s worth noting that DSPM is different from cloud security posture management (CSPM), which deals with the cloud infrastructure and cloud assets, providing alerts when it identifies misconfigurations. A stated above, DSPM focuses on the data itself and the applications using the data.
In summary, DSPM deals with data security by identifying where the data is, what data is being used and who has access to it. DSPM can track data movements, recognizing if the data is at risk, and send alerts to the IT team should that occur. It can also remediate any issues that it identifies.
IBM and Data Security Posture Management
IBM has recently announced that it will acquire Polar Security, an Israel-based company specializing in DSPM. According to IBM, the COVID-19 pandemic inundated companies with cloud data, leading to a rapid increase in silos—and with that, an increase in “shadow data,” which can include potentially sensitive data that the IT team doesn’t have control over because they don’t know it exists or where it’s stored in the cloud.
Polar Security is an agentless platform that connects within minutes and finds unknown and sensitive data across the cloud, including structured and unstructured assets within cloud service providers, SaaS properties and data lakes. It then classifies the found data, maps the potential and actual flow of that data and identifies vulnerabilities such as misconfigurations, over-entitlements and behaviours that violate policy or regulations.
IBM plans to integrate Polar Security’s DPSM technology within its Guardium family of data security products in order to expand Guardium into a platform that spans all data types across all storage locations, including SaaS, on-premises and public cloud infrastructure.
IBM Guardium identifies data exposure risks by scanning through the mainframe data infrastructure. By discovering where the data is located, classifying it to determine sensitivity level and providing comprehensive reporting on the scan results, highly regulated or other non-public business-critical data can be adequately protected, and exposure risks can be mitigated.
The acquisition looks like it will be very useful for hybrid cloud environments moving forward. And DSPM looks like an acronym we are going to hear more of in the future.