Exploring The Growing Popularity Of Data Security Posture Management

Uploaded on 2025-03-19 in TECHNOLOGY--Resilience, TECHNOLOGY--Developments, FREE TO VIEW

promotion

A recent study by Edge Delta revealed that about 89% of organizations use a multi-cloud approach. About three years ago (in 2022), only 61% were using the cloud—34% used one, while 27% used two.

Clearly, more businesses are turning to the cloud, and the numbers are expected to increase exponentially in the coming days.

However, as much as this shift offers a lot of flexibility and freedom, ensuring data security is always challenging. And surprisingly, studies show that cloud security is a crucial concern for about 83% of companies. That’s why DSPM and other more advanced security approaches are receiving a broad welcome across several organizations.

But before we examine the reasons behind this trend and other issues, let’s first understand the infrastructure.

Decoding DSPM

This cybersecurity approach works by focusing on sensitive data across multiple cloud environments. First, it identifies sensitive data, assesses its vulnerability to attacks, and examines the risk of not complying with regulations. By providing insight and automation, DSPM allows security teams to address security issues more promptly.

Well, as much as it has become increasingly popular, DSPM was first introduced and defined in 2022 in Gartner’s Hype Cycle for Data Security report. Since it focuses on securing data regardless of location and storage medium, most individuals refer to DSPM as a ‘data-first’ security approach.

It inverts the protection models used in other cybersecurity technologies so that data is protected directly instead of securing the environment in which data is housed, moved or processed.

Understanding The Popularity Of DSPM

We have already hinted at how many businesses opt for the cloud to optimize their operations. For instance, a recent study by Oracle revealed that moving to the cloud could help businesses reduce energy consumption and carbon footprint by up to 90%. But just as we said, these benefits come with the challenge of ensuring data security and compliance on these platforms.

Since data is scattered across multiple stores, security teams need consistent knowledge about where sensitive data is stored, its vulnerability and those who can access it. While this may sound simple, it can really be a complex process. In fact, a study by Sync that goes along these lines found that as much as cloud-native approaches can improve speed and agility, they can add complexity, a concern of about 41% of respondents.

Some of these complexities are fuelled by the need for new, specialized approaches like automated security assessment, explaining the growing appeal of more advanced approaches like DSPM. Protecting sensitive data by just avoiding unauthorized access or identifying and blocking suspicious actions is not enough for cybercriminals who have become more advanced.

Of course, if they don’t address all the vulnerabilities, they leave companies at risk of security attacks. One of the gravest risks is shadow data, where companies aren’t able to manage or govern backed-up information with the same security teams as the original data.

Let’s consider when DevOps teams are developing and testing new environments, for example. Since they handle lots of data daily, a single misconfiguration could make all or most of it susceptible to attacks. And mark you: Recovering from security incidents is not a walk in the park.

According to IBM, you can spend up to $4.88 million just recovering from such incidents. And given that this figure is expected to increase in the coming days, you don’t want to turn a blind eye to cloud security. And besides just incurring financial costs, cyberattacks can affect your brand reputation.

We live in a time when consumers have become more discerning, and encountering a security incident can affect their perception of your brand. In fact, according to cxscoop.com, 83% may take several months after the incident before they can transact with you again. 21% may never return. In response to such statistics, you’d better adopt more advanced solutions like DSPM to get ahead of cybercriminals and ensure long-term business performance.

How, Then, Does DSPM Work?

With the promise of improving cloud security that DSPM offers, you want to know how it works. It’s usually ‘agentless’ and doesn’t need you to deploy separate software apps to each resource you’re monitoring. And while there might not really be a consensus on its details, it mainly has four components:

Data Discovery
DSPM solutions scan different parts, including on-premises and in-cloud environments, to identify where sensitive data exists. Other sections could include all cloud providers and services, data types, data stores, etc.

Data Classification
As you may know, classification basically organizes data into various ‘classes’ depending on a given criterion. In DSPM, this process classifies data according to sensitivity based on several factors:

  • Sensitivity Level
  • Those authorized to access data
  • Data storage, handling and use

Risk Asessment & Prioritization
At this point, DSPM helps to identify:

  • Misconfigurations: Missing or incomplete security settings that may expose you to unauthorized access
  • Overentitlements: When some users have more access privileges that is needed to accomplish their work
  • Data flow and data lineage issues: Monitors all places that data gets to and those that have access to each of those places
  • Security policy and regulatory frameworks

Remediation & prevention
Once security teams have identified vulnerabilities according to severity, they can begin remediating the most critical ones. Good enough, several DSPM solutions offer procedural instructions to help with that. Others automate modifications to improve protection against data exposure.

It’s true that as more people turn to the cloud, the need to combat threats also increases. Thankfully, infrastructures like DSPM can help with that, explaining their growing appeal.

Image:

You Might Also Read:

The Urgency Of AI Governance:

If you like this website and use the comprehensive7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Protecting Business From The Infostealer Threat
Quantum Computing: A New Technological Era Brings New Cybersecurity Threats »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Zivver

Zivver

Zivver is the effortless, secure email platform, powering the next generation of secure communications.

Lynx Technology Partners

Lynx Technology Partners

Lynx Technology Partners is a full service, full life-cycle risk-based security consulting firm.

CryptoTec

CryptoTec

CryptoTec is a provider of security concepts and encryption solutions for secure communication between decentralized computerized systems.

CERT-PH

CERT-PH

CERT-PH is the National Computer Emergency Response Team and the highest body for cybersecurity related activities in the Philippines.

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP) is a 501(c)(3) non-profit organization dedicated to promoting cybersecurity awareness and education.

Fiserv

Fiserv

Fiserv offers a wide array of Risk & Compliance solutions to help you prevent losses from fraud and ensure adherence to regulatory and compliance mandates.

Defendify

Defendify

We built Defendify to help small businesses navigate the cybersecurity landscape with cybersecurity that is dead simple, affordable, and works around the clock.

Elemental Cyber Security

Elemental Cyber Security

Elemental is a game changing cyber security compliance automation and enforcement technology provider.

DeepView

DeepView

DeepView delivers a unified platform for managing risk on digital platforms. One interactive secure portal allowing employees to engage their networks securely and compliantly.

US Digital Corps

US Digital Corps

The U.S. Digital Corps is a new two-year fellowship for early-career technologists where you will work every day to make a difference in critical impact areas including cybersecurity.

Noerr

Noerr

Noerr is one of the top European law firms with 500 professionals in Germany, Europe and the USA. We provide solutions to complex and sophisticated legal matters including cyber risks.

SE Ventures

SE Ventures

SE Ventures provides capital to big ideas and bold entrepreneurs who can benefit from Schneider Electric's deep domain expertise, R&D assets, and global customer base.

AirDroid Business

AirDroid Business

AirDroid Business is an efficient mobile device management solution for Android devices, helping businesses to remotely control and access devices in large quantities using a centralized approach.

Anzen Technology Systems

Anzen Technology Systems

Anzen create software solutions which allows organisations to utilize the public cloud for sensitive or classified information, whilst increasing data security and retaining data sovereignty.

Anetac

Anetac

Developed by seasoned cybersecurity experts, the Anetac Identity and Security Platform protects threat surface exploited via service accounts.

Unified Infotech

Unified Infotech

Unified Infotech is a trusted partner for IT and software solutions dedicated to empowering businesses.