Blogs & Resources

DSPM vs CSPM or DLP, Unravel the differences

Nagraj Seshadri

The cloud data security challenge

As enterprises further integrate the cloud into their business, they need to move more data that is sensitive and critical to the business, into the cloud. As a result, there is an increased urgency to secure data and reduce the risk of data breaches.

To mitigate security risks in the cloud, organizations have turned to several types of security solutions which include:

  • Cloud Security Posture Management (CSPM): CSPM solutions focus on remediating misconfigurations in IaaS, PaaS and SaaS. Securing the infrastructure, platform and software is important but not enough as evidenced by continued data breaches and concerns about risks to data. There needs to be a focus on cloud data. 
  • Data loss prevention (DLP): DLP solutions have focused on preventing data leaks from the perimeter of the cloud or endpoints through controlled egress points. The proliferation of data store technologies in the cloud and the accompanying data sprawl exceed the ability of DLP solutions to secure all data in the cloud.
  • Access control best practices: With exploited credentials being a common vector for attacks, controlling access is key. However, access controls lack the visibility and context into data being accessed. Furthermore, because access that is initially granted is rarely revoked, organizations end up with significantly over-provisioned access to data over time. Consequently, the risks to data continue to grow.

Given the limitations and gaps in existing cloud security solutions, there is a need for a solution that focuses on the risk to data in the cloud. This unmet need has given rise to a new solution – data security posture management (DSPM).

DSPM solution requirements

The DSPM solution must put data front and center to approach cloud security from a data perspective. The requirements for a DSPM solution can be categorized into five areas:

  • Gain visibility into data: You cannot protect what you cannot see. An inventory of data stores along with the understanding of sensitivity of the data is important
  • Know who is accessing the data: Knowledge of the users and roles accessing the data is important to assess the security posture of the data
  • Pinpoint the risks to the data: An informed risk assessment of data requires an understanding of the criticality of the data to the business, the security context of the stores holding the data and how the data is being accessed. The risks to the data have to be also understood from a compliance perspective, e.g., HITRUST, NIST, OWASP, etc.
  • Protect data at risk: The risks to data stores must be prioritized and remediated including data store misconfigurations and enforcing least-privilege access. Security controls must be aligned to the risks to data to ensure gap-free protection. Data security must be enforced consistently regardless of the underlying data store technology.
  • Monitor risks to data over time: As more data moves into the cloud, and as access permissions change, the data security posture must be monitored to ensure no gaps in security emerge.

Theom DSPM solution

Theom is built from the ground up as a data-centric security solution for effective data security posture management. Theom can be described as a data bodyguard in the cloud for enterprises. It provides intelligence on the risks to the data and then ensures that controls follow the data whether the data is at rest or in motion. Specific capabilities include:

  • Data discovery and classification to provide visibility into data stores, establish the criticality of data and to assess the financial value of data potentially at risk.
  • Data-access relationship mapping which brings together an understanding of data and the users and roles accessing the data into a single view.
  • Continuous data risk register which prioritizes the top risks to the data based on criticality, anomalous access patterns and other security attributes that contribute to data risk.
  • Controls that follow the data – Theom works like a bodyguard, following the data in the cloud through data stores, shadow copy locations, APIs and message queues. Regardless of the underlying data store technology, Theom ensures controls are aligned to mitigate risks to the data. Theom integrates with SIEM/SOAR solutions to drive remediation.
  • Data rules engine to prevent breaches – after ensuring the initial data security posture is appropriate, Theom data security guardrails technology to continuously monitor for new risks and helps ensure they are mitigated immediately.
  • Data Access Governance engine which extends attack detection signals so that enterprises can ensure that their governance program can stop data attacks.

Visit our product page to learn more.