Cyber security defenses have logically focused on perimeter controls. Firewalls and DMZs, closely followed by platform security measures, such as configuration hardening, vulnerability management and AV. There is also plenty of money and time spent on Identity and Access Management, running everything on a least-privilege basis, and forcing regular password renewals and purges of user accounts. But if it’s our data that we are really trying to protect, shouldn’t we start here instead? Would we build walls around a house without first locking up the valuables inside?
With data security, the tendency has long been to focus on implementing protective technologies such as data leakage protection/data loss prevention and Network Detection and Response, coupled with perimeter defenses such as intrusion protection and next gen firewalls. When it comes to protecting the human body, removal of the appendix is not uncommon because it’s an organ we can live without, so rather than treating appendix-related ailments, it’s removed completely. Similarly, the approach to configuration hardening is similar - when we harden a system, we remove unnecessary function based on the role of the platform.
So maybe we should be treating our confidential data a little more like an appendix? If we remove our confidential data, we can’t lose it!
Except things aren’t as simple as that. The more data we can securely archive or permanently delete, the better, but in today’s digitally-transformed world, companies are collecting and storing more data than ever before—customer details, financial records, health info, research materials and more. So, if we have no choice but to store confidential data, we are going to need to know what it is, and where it is, before we can work out the best way to protect it.
The industry term for this area of cybersecurity is Data Security Posture Management or DSPM. The key procedures cover the finding, understanding, and securing of your data, specifically gaining answers to questions such as:
- What sensitive data do we have? You can’t protect what you don’t know exists, so a major aspect of DSPM is the discovery and classification of data. Standard data confidentiality levels include public, internal, confidential, and restricted
- Where is it stored? Cloud and remote work have changed the game. Data isn’t just behind company walls anymore. It’s in the cloud, on personal devices, and shared across tools like Slack, Google Drive, or Microsoft Teams. DSPM needs to follow the data wherever it goes and many organizations initiating a new DSPM project are often shocked to find out they have sensitive data stored in places they didn’t even realize—archived data, legacy systems, shadow data being used for new AI projects, or on user laptops and email inboxes
- Who can access it? Perimeter defenses don’t help if the threat is coming from inside the organization, and indeed, many information security threats originate from within, either by accident or malicious intent. Someone might misconfigure a system or share sensitive data without meaning to do so. DSPM overlaps with IAM (Identity and Access Management) in that user activities and permissions need to be carefully controlled to preempt the insider threat
- Is it properly protected? For example, DLP (Data Leakage Prevention) can’t work well without context. While DLP tools can prevent sensitive data from leaking out, without knowing exactly what’s sensitive, they can either block too much (and annoy employees) or miss the real threats. DSPM ensures data is stored and protected according to your policies, assigning appropriate risk-levels to data classes. While storing the most sensitive data in an encrypted form makes sense, the risk/cost balance may not be justifiable for less precious data. DSPM technology means you can at least make informed decisions once you have a true picture of what you have, and where.
In summary, DSPM asks us to take a data-centric view of what our cyber security priorities need to be and how we can best protect our most precious asset, our data. SecureX7 aims to elevate the state-of-the-art by not just simply providing information about our data - what it is, how sensitive it is, where it resides and how it is protected – but instead giving us what we really need, which is actionable guidance to keep our data secure. After all, its all about the data!
Start seeing the full picture with SecureX7