If you are thinking about cloud data security, you should know the term Data Security Posture Management (DSPM), coined by Gartner in 2022. DSPM is a new and improved approach to securing information in the cloud.
Building your DSPM comprises several steps: Discovery, Risk Assessment, Usage Analysis, and Remediation.
Discovery means cataloging data across your environments—including both known sensitive and regulated data (customer information, personal data, intellectual property, etc.) and so-called “dark data”: data that is collected, but not necessarily used for anything. This is the 90% of the data iceberg that lurks beneath the surface. It exists for myriad reasons: some is collected “just in case”, such as log files and CCTV footage; some is from planned uses that did not pan out, or projects that were cancelled or completed; some is unused simply because the volume is too great for realistic analysis.
Whatever the source or reason, dark data exists in every enterprise. And as the term “dark” implies, it is not readily visible, and unlikely to be under tight control—resulting in it frequently being shared overly broadly internally, and possibly even externally. Some of it inevitably migrates to cloud storage, where it presents additional risk.
Voltage Fusion offers powerful discovery tools that can scan any repository, any service, helping to classify data—dark or otherwise, on premises or in the cloud—and connect discovery to protection.
Risk assessment means understanding the financial exposure various data represents. A simplistic approach assigns a simple risk score based on limited, generic classifications. Voltage takes a different approach, building a robust and flexible financial risk model that shows the financial impact to the organization should various data end up in the wrong hands. Since every data breach is unique, and not all data has the same value, this model provides probabilities and a range of possible impacts. Voltage Fusion treats discovery and classification as a foundation for data security. Deep context-sensitive analysis and classification delivers well-classified data according to sensitivity and enables organizations to truly know their data value and risk.
Usage analysis comes next: understanding who has access to what data. Beyond expected, approved access, it is not uncommon to discover that people have unexpected access to sensitive information. Unaware that they have this access, they are ill-equipped to take proper care to protect it. Voltage Fusion provides information and data access governance capabilities that map access rights, providing further insight into data value and risk and allowing intelligent application of access controls with minimal disruption.
Remediation means ensuring that only those with legitimate need for sensitive data are granted access to it, by protecting the data itself—not only at rest, but also in motion and in use. We help secure cloud workloads with privacy-enhancing technologies that enable data analytics without exposing sensitive data even to the analysts who use it. Regulated, high-value data can be shared and used broadly and even externally in its protected state, while retaining its business value. Voltage brings to DSPM a heritage of innovation with data-centric, Privacy-enhancing technologies including format-preserving encryption, tokenization, hashing, and data masking. Defensible deletion of data is also informed by the insights from discovery and classification. Data minimization reduces risks of holding unnecessary data, helps organizations reduce data sprawl, and enables compliance with global privacy regulations.
Data Security Posture Management
The above steps allow you to build your DSPM, and could be performed independently, but provide increased value through an integrated approach. The business owners of the data of course have strong vested interests in it and are thus understandably nervous about changing access rights and adding data protection, asking how it will impact their operations, and whether it is worth the hassle. The insights Voltage provides into the value of the data and the financial impact of a data breach can help answer this, elaborating the potential risks to the organization of not applying appropriate controls and monitoring to sensitive data.
Many believe that data discovery is a simple, one-time project, but this is incorrect: every organization’s data footprint is continually expanding due to application and data sprawl and the endless appetite for data. Global privacy regulations have forced organizations to improve their data security postures to protect their brands and corporate reputation. Cloud migration also means more of that data is being copied off-site, where new and different security exposures and attack vectors are present. Security teams must stay in control of what is being accessed, edited, created, and deleted. Voltage Fusion supports all aspects of DSPM as an ongoing process, validating whether findings from yesterday still hold true today and enabling proper management now and in the future.
Voltage Fusion is the data security platform that drives strong data security posture management. It discovers and classifies data anywhere—across cloud repositories, databases, collaboration applications and file shares—with classification tagging, data sensitivity and financial risk modeling, monitoring, and data protection. Voltage solutions extend beyond security, supporting corporate financial, operational, and ESG/sustainability goals.
Voltage is part of OpenText Cybersecurity. OpenText is the global market leader for Information Management.