Five Most Important Things to Evaluate When Considering DSPM
DSPM (Data Security Posture Management) is a new category that was coined by Gartner a few months ago, intended to follow the steps of its predecessor – the CSPM, with a focus on sensitive data.
As this is an important step forward in increasing awareness of where is our sensitive data and who is accessing it, it is even more important that you do not end up with feature-based tools that would incur high implementation costs with minor benefits.
When moving your attention to sensitive data – you should increase your viewpoint.
Discovering your sensitive data will entail a fiduciary responsibility to govern and protect it.
Here are few of the legal and contractual obligations you must consider when deploying DSPM:
- Are you required to comply with CPRA, GDPR or other ever-new state-level privacy regulations that impose retention based deletion and access on a “need-to-know” basis?
- Are you required to address Data-sharing agreements with your business partners?
- Do you have sensitive data flowing from Europe or APAC that need to address Sovereignty laws?
As you start to discover your sensitive data siloes across Cloud data stores, your DSPM must include the ability to address the following capabilities:
- Classification of your sensitive data cross operational, analytical data sources and file shares
- Continuous monitoring of business users, analysts and privileged users
- The ability to enforce Attribute-Based Access Control (ABAC) – taking into consideration not only the role of the user but location, device, purpose, data-subject consent, contractual and geo-filtering (protect data in-use)
- Minimize “attack surface” using FPE encryption and tokenization (protect data at-rest).
Download the full DSPM Questionnaire: