“A data breach has just occurred”, is a phrase no security professional wants to hear. From the CISO on down to the SOC analysts, a data breach is the definition of a very bad day. It can cause serious brand damage and financial loss for enterprises, lead to abrupt career changes among security professionals, and instill fear of financial or privacy loss for businesses and consumers.
According to an ESG report, 55% of data and workloads currently run or operate in the cloud and 43% of current on-premises apps will likely move to the cloud in the next 5 years. That means that data generation and movement within the cloud is increasing at an even more impressive rate. This has and will continue to increase the attack surface against cloud assets, especially sensitive data. If cloud data isn’t adequately secure, it’s a massive liability for any organization.
Is data security in the cloud actually a problem?
Yes, it is. It’s a BIG problem. According to Gartner, Inc., “Through 2025, 90% of the organizations that fail to control public cloud use will inappropriately share sensitive data. Cloud strategies usually lag behind cloud use. This leaves most organizations with a large amount of unsanctioned, and even unrecognized, public cloud use, creating unnecessary risk exposure. CIOs must develop a comprehensive enterprise strategy before cloud is implemented or risk the aftermath of an uncontrolled public cloud.”
You may then ask, “Well, what about encryption?” It protects the data. Doesn’t it?
Yes, it does, when it’s vigorously and thoroughly applied to all data assets. But according to Statista.com, “In 2021, approximately 55 percent of respondents who experienced data encryption issues reported that unencrypted cloud services are a problem.”
Encryption also comes with a cost, and it’s often always easy to implement, especially within the cloud. Many companies fail to build encryption into internal security processes or employ digital rights management to help control file access. Without this protection, data that is exfiltrated can and is used to steal identities and money, misappropriate secrets, and other negative effects.
What about the public cloud providers – Don’t they provide protection?
Yes and no. The best definition of what public cloud providers provide is the Shared Responsibility Model of Amazon Web Services (AWS). It specifies “While AWS manages security of the cloud, security in the cloud is the responsibility of the customer.
That means for cloud data security, YOU bear the responsibility for protecting your data and for application, network, access and other security.
To accommodate some of these security requirements, cloud security posture management (CSPM) has emerged to address security issues created by public cloud infrastructure.
According to Gartner, Inc., cloud security posture management consists of offerings that continuously manage IaaS and PaaS security posture through prevention, detection and response to cloud infrastructure risks. The core of CSPM applies common frameworks, regulatory requirements and enterprise policies to proactively and reactively discover and assess risk/trust of cloud services configuration and security settings. If an issue is identified, remediation options (automated or human-driven) are provided.
You may have noticed that missing from that definition is any consideration for data. That could be because the general assumption is that data is protected by encryption and doesn’t need further protection. But the reality of data protection is more complex.
According to the analyst information above, not all the information traversing public cloud, multi-cloud and hybrid cloud environments is unencrypted. That, unto itself, is a serious security deficit. But, other actions, such as exfiltrating encrypted data and holding it for ransom can be equally problematic. In the cloud, data interception can be more difficult to track because of the ephemeral nature of microservices-based applications.
To address these issues, which are not handled by CSPM platforms. That’s why data security posture management (DSPM) has emerged as a rapidly growing component of enterprise security focus. Why? Because it’s focused on keeping data secure. Although other security posture platforms, such as CSPM have done a solid job in detecting and providing ways to alleviate security vulnerabilities, cyber thieves have still found ways to circumvent those vulnerability measures to instigate data breaches.
What are the differences?
CSPM Attributes
|
DSPM Attributes
|
Detect and automatically remediate cloud misconfigurations.
|
Provide unified data security with a single view of data security and compliance posture.
|
Maintain an inventory of best practices for different cloud configurations and services.
|
Generate data security and audit reports in seconds and customize reports to meet specific needs.
|
Map current configuration statuses to a security control framework or regulatory standard.
|
Understand risk by providing risk-scoring to show where high-risk activities occur and focus the investigation on high-risk areas first.
|
Work with IaaS, SaaS and PaaS in containerized, hybrid cloud and multi-cloud environments.
|
Understand threats by rating anomalies with a risk-scoring engine and give each a high-, medium-, or low-risk score. Show data source and risk information and show high-risk anomalies.
|
Monitor storage buckets, encryption and account permissions for misconfigurations and compliance risks.
|
Provide analytics for Investigating issues, detecting threats, finding anomalies and the specifics for each issue.
|
|
Share insights about an anomaly across multi-cloud infrastructure with compliance teams
|
|
Block suspicious users, prevent access to on-premises or in-cloud data sources and automatically trigger incident remediation.
|
Scroll to view full table
DSPM has evolved to provide additional security protections for structured and unstructured data, whether it’s encrypted or not. DSPM tracks data wherever it’s located in a public cloud, multi-cloud or hybrid cloud environment. A comparison of CSPM versus DSPM is summarized in the table above.
DSPM and CSPM are two separate yet vital components of cloud security. They provide different types of security for cloud environments which are complimentary capabilities.
Organizations shouldn’t choose one over the other, if possible. It’s crucial to deploy CSPM and DSPM simultaneously for a holistic approach to protecting your cloud and hybrid cloud environments. After all, it is better to have all your bases covered to help ensure your sensitive data is secure. But if you must choose, DSPM is the platform that protects your most crucial resource, your data.
Address data security posture management with IBM Security® Guardium® Insights SaaS DSPM. Provide compliance and security teams with essential visibility and insights to help ensure your company’s sensitive data is secure and compliant.
If you’re interested in learning more about DSPM v. CSPM, please check out this video on the @IBMTechnology YouTube channel. Ready to enhance your data security strategy? Start with IBM Security Guardium Insights SaaS DSPM.
Product Marketing Manager, IBM Security Guardium