Cloud Security

Understanding CDSPM: cloud data security posture management

Visitors attend the CeBIT 2017 Technology Trade Fair on March 20, 2017, in Hanover, Germany. Today’s columnist, Liat Hayun of Eureka Security offers five ways security teams can leverage cloud data. (Photo by Alexander Koerner/Getty Images)

Today, “cloud-speed” has become the new standard for efficiency in modern organizations, as deployment, development and other important processes are expedited to suit market needs and competitive pressures.

Development and business teams use cloud data as their fuel, leveraging and creating data stores faster than security teams can secure them, resulting in significant cloud data security and compliance risks. Organizations use security posture management tools to automate the identification and remediation of such risks, but the rapid migration of data into the cloud over the past decade has necessitated a new approach to risks. It was in this backdrop that cloud data security posture management was born.

The unique characteristics and behavior of data in the cloud increase organizational risk of breaches, theft, remote execution and ransomware as it’s now easier to expose this data and make it publicly available. If data was previously segregated within organizational infrastructure and only managed and used by specifically defined teams such as database administrators and DevOps, in this new reality it gets leveraged to drive business on a wider scale and used by a variety of teams and roles, such as data scientists, machine learning engineers, marketing professionals, and product managers. This shift makes maintaining an organization's security posture much more difficult.

Cloud data security posture management (CDSPM) aims to bridge the gap between organizational business goals and a comprehensive security mechanism that will leave no piece of data behind as organizations scale in the cloud. There are four basic requirements for organizations to ensure that they are leveraging CDSPM:

  • Know where the data resides and what it’s doing: Understand where to look for what the company needs to protect. Gaining insight into the organization’s overall cloud data footprint are the preliminary and most fundamental steps in building CDSPM. Although locating organizational assets is a seemingly simple task, many organizations use laborious and time-intensive manual processes to understand their cloud data footprint and manage its posture. Without comprehensive visibility into cloud data stores, a comprehensive understanding of the types of data under the organization’s responsibility and a thorough evaluation of each data store’s risk,  organizations risk compromise.
  • Know what the data is: CDSPM requires context into the types of data stored by the organization. The security mechanisms needed for the protection of publicly shareable information significantly differ from those security highly sensitive proprietary or private data.
  • Know how to secure the data: Once the varying types of data are mapped and located and specific mechanisms are in place to safeguard them, it’s time to implement these mechanisms. As more and more stakeholders exist in the organization, it becomes challenging to ensure communication of security policies and adequate implementation across multiple teams. Additionally, matching the different types of data storage technologies with tailored implementation methods, without security and visibility gaps and understanding how the company should protect data often becomes a barrier that organizations may not have the expertise to overcome.
  • Practice continuous oversight: As data grows and data stores expand rapidly, maintaining a strong security posture becomes an ongoing task that requires constant and continuous oversight. Comprehensive and real-time views of data stores and the risks associated with them are imperative to adequately maintain the organization’s CDSPM.

Achieving a sound security posture presents challenges for all assets in any organization, but data represents one step beyond the rest in terms of its complexity, controls and configurations and requires a much more detailed approach. Security pros find it challenging because data often resides as an entity within an entity – a self-hosted database stored in a compute instance. It’s crucial for companies to account for these challenges and constantly mitigate risk while growing data as fuel for the organization’s growth.

Liat Hayun, co-founder and CEO, Eureka Security

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.