Today’s modern enterprise is struggling with three key data challenges.
The first challenge is the immense growth in how much data an organization must manage. Second is the massive migration of data to the cloud. And finally, and most important from a data protection standpoint, is the fact that business-critical data worth protecting now takes a myriad of forms. From intellectual property to financial data to business confidential information to PII, PCI data and more – it all represents a very complex environment.
Protecting this kind of data from risk of data loss has become a very important challenge organizations must address. Traditional methods of cloud security posture management (CSPM) primarily focus on vulnerabilities surrounding the infrastructure layer itself, like an open S3 bucket for example. Just looking at vulnerabilities at this layer isn’t sufficient because you need to have context around the data in order to protect it.
Plus, traditional data protection methods like rule writing to discover what data is worth protecting simply don’t work in today’s cloud-centric environment. Additionally, with cloud it’s very easy for employees to create, modify and share sensitive content with anyone. This places sensitive data at risk from data loss, as organizations cannot rely on their employees to ensure that data is shared with the right people at all times.
All of these factors show why new approaches are needed. Data security posture management (DSPM), as one example, is proving to be a critical tool for effective data security because it squarely focuses on the data layer. DSPM allows organizations to identify all their sensitive data, monitor and identify risks to business-critical data, and also remediate and protect that information.
This article will explore the four critical steps DSPM tools take to mitigate data risk.
1. Discovery of business critical data
The first step is all about the ability to automatically identify all the data sitting in the cloud. And that starts with an approach that identifies data that is both unstructured and structured. While some data is structured, the vast majority of it is unstructured. For any organization, sensitive data spans the gamut — from tax filings, contracts, intellectual property, PII, PCI customer data, trading documents, and operational data are a few examples.
The other key component of discovery is understanding the data with context. This means understanding the data not just by type (like PII, IP etc.) but the context around the data itself, which includes awareness of applications, networks, data classifications, users and identities, and event types.
With all this in mind, one might ask how do you get a good understanding of where all your sensitive data might be without rule writing or placing an effective burden on the security teams to do a manual heavy lift upfront?
This is an important question because in today’s cloud-centric environment where moving data across repositories has become extraordinarily simple, variations of your data may be sitting across all your cloud repositories. For example, users may have shadow data sitting in repositories that security teams didn’t even know existed.
2. Answering “where is the danger?” – Understanding risk
Data security posture management can compare each data element to baseline security practices exhibited by semantically similar data. In doing so, risk is autonomously identified from inappropriate permissioning, risky sharing, unauthorized access, wrong location, and more. DSPM solutions autonomously do this — without placing a huge burden on the security teams.
Discovery and identification also cover critical issues like data lineage. Here’s an example. Let’s say you have 30 versions of a sensitive contract. There are so many questions you need to answer around protecting this data, including:
How do you know which is the oldest version and which is newer?
How do you know where all the variations of that particular contract may be residing across your repositories?
Where are all of these thematically similar?
Who has it been shared with?
Who has access to it?
Where is it located?
Who’s actually accessing it regularly?
Inconsistent permissioning and sharing, and wrong locations across these versions can introduce significant risk to sensitive data and are often a leading cause of a data breach. It can also cost enterprises significant money by keeping redundant data in primary storage when most of the older versions of the contract could have been moved to secondary storage.
As another example, organizations need to know about employees that leave an organization but retain access rights long after moving on or retiring. This is because they could still have access to many confidential files and data, some of which may have been shared to a personal email account. This shows how important tracking variations of data while also ensuring it is appropriately archived is critical for cost and risk management.
3. Remediate the risk – Taking action
Each step in the DSPM process is equally important, since data discovery and data risk monitoring can only take you so far. Taking action based on the discovered risk is crucial.
A robust DSPM solution must investigate and remediate risk, and do so proactively. The investigation stage ties back to your existing investigation workflows, including security incidents, event management platforms, security orchestration and response (SOAR), and security information event management (SIEM) platforms. Then the DSPM tool can remediate any issues by centrally taking action like fixing entitlements, changing permissions, disabling user access, moving data to the right location, or deleting data.
Here’s an example. Let’s say a health organization expects to keep most of their claims documents in an S3 cloud environment. But what happens when they find a significant number of claims records inside their SharePoint environment? With DSPM, the organization can clean up their Office 365 environment by autonomously deleting any SharePoint data that should not be residing there.
4. Deploy easily with low rates of false positives and false negatives
The ability to autonomously discover, monitor and remediate risk makes for an effective tool for organizational security posture. But what if the solution requires a significant amount of deployment resources?
The DSPM solution of choice needs to do everything in a manner that doesn’t require you to place agents everywhere. It should be easy to stand up and allow you to quickly realize benefits by mining meaningful amounts of data, giving you visibility into what’s going on within your environment from a risk perspective.
Finally, all this has to happen with accuracy. A security tool is only practical if it provides a low rate of false positives and a low rate of false negatives. When you have too many, you’ll spend much more in team resources than you will on data security solutions. DSPM solutions are proven to deliver accurate results, and offer significant RoI for organizations.
DSPM can empower the enterprise with actionable insights without requiring you to have large teams to manage or administer the systems. With robust DSPM, small teams can be focused on interpreting the risk findings and taking action, leading to improved data security for organizations.