<aside> 📘 relates:
主要是 CSPM、DSPM,核心点如下:
除此之外还有一些其他的概念:
总的来说,一个大趋势就是跨云、下云,让用户摆脱云的控制。 而且部署方式也从 agent 到 agentless 的演变,提供安全 SaaS 云, 以 API 的形式对多云进行远程扫描。
</aside>
There are plenty of technology acronyms in the alphabet soup of the cybersecurity industry, but DSPM is the latest one leading the charge; its recent buzz has brought scrutiny to various security concepts that have cluttered the meaning behind data security posture management.
DSPM provides visibility into where sensitive data is located, who has access to it, how it's being used, and how the security controls and permissions are configured on the data stores or applications hosting the data. For anybody familiar with Varonis, this should ring a bell.
If we think about all these layers before the data — the firewalls, the endpoints, the gateways, etc. — this is where traditional security efforts have been focused. The firewalls, endpoints, and gateways are an obstacle for attackers to overcome and pass through, on the way to the real target — the data living in traditional data stores, and in SaaS applications.
To maintain a strong data security posture, you must protect the data where it lives. That way, if there is a failure or gap at one of those other layers, security is maintained because the core data is locked down.
So now that we’ve covered what DSPM is, let’s demystify the myths surrounding it.
Do you prefer listening to reading? Hear Mike Thompson, Security Architect Manager at Varonis, and me give the full breakdown of what DSPM is and the myths surrounding it in this recording.
Truth: The concept of DSPM has been around for years.
Although DSPM is a new term, discovering and protecting sensitive data is not a new concept. However, having a name to define the methodology is helpful.
In the past, most organizations were not used to thinking with a data-first approach. DSPM, as a term, has opened new ways of thinking about security for people who maybe haven't used this approach previously.
Many DSPM vendors can show you where you have sensitive data and whether it’s at risk, but they can’t fix that data exposure.
At Varonis, discovering where sensitive data lives, mapping out the access and permissions, auditing who’s accessing the data, and then taking steps to remediate it and lock it down, has been a part of our mission from the very start.
Even if DSPM is a new term for old concepts, it helps frame the conversation and gets everyone working toward the same goal: securing valuable data.
Truth: DSPM is about data, and data is everywhere.
When looking at the current DSPM market, much of the focus is on the data that is attached to infrastructure platforms such as Azure Blob, S3, data lakes, and databases — the core back end where people build different products and solutions.
But DSPM is more than that. Certainly, the infrastructure and development are part of the methodology, but if we think about where data lives, it doesn't just live in infrastructure platforms. Some of the most critical data lives in SaaS, where users are in control, and SaaS also has a wide attack surface.