Understanding CDSPM: Cloud Data Security Posture Management

Understanding CDSPM: Cloud Data Security Posture Management
Pictured: Visitors attend the CeBIT 2017 technology trade show on March 20, 2017 in Hannover, Germany. Today’s columnist, Liat Hayun of Eureka Security, explains why a focus on cloud data has become essential to an enterprise’s cloud program. (Photo by Alexander Koerner/Getty Images)

Today, “cloud speed” has become the new efficiency standard in modern organizations as implementation, development, and other critical processes are accelerated to meet market needs and competitive pressures.

Business and development teams use cloud data as fuel, leveraging and building data stores faster than security teams can protect them, creating significant cloud data security and compliance risks. Organizations use security posture management tools to automate the identification and remediation of such risks, but the rapid migration of data to the cloud over the past decade has required a new approach to risk. It was in this context that cloud data security posture management was born.

The unique characteristics and behavior of data in the cloud increase organizational risk of breaches, theft, remote execution, and ransomware, as it is now easier to expose this data and make it publicly available. If previously data was segregated within the organizational infrastructure and only managed and used by specifically defined teams, such as database administrators and DevOps, in this new reality it is harnessed to drive the business on a broader scale and is used by a variety of teams and roles, such as data scientists, machine learning engineers, marketers, and product managers. This change makes maintaining an organization’s security posture much more difficult.

Cloud Data Security Posture Management (CDSPM) aims to bridge the gap between an organization’s business goals and a comprehensive security mechanism that will leave no data behind as organizations scale to the cloud. There are four basic requirements for organizations to ensure they are taking advantage of CDSPM:

  • Know where your data resides and what it’s doing: Understand where to look for what the business needs to protect. Obtaining insight into the organization’s overall cloud data footprint are the preliminary and most fundamental steps in creating CDSPM. Although locating organizational assets is a seemingly simple task, many organizations use laborious and time-consuming manual processes to understand their cloud data footprint and manage its posture. Without comprehensive visibility into cloud data stores, a comprehensive understanding of the types of data under the organization’s responsibility, and a comprehensive risk assessment of each data store, organizations are at risk of being compromised.
  • Know what the data is: CDSPM requires context on the types of data stored by the organization. The security mechanisms required for the protection of information that can be shared publicly differ significantly from the security of highly sensitive private or proprietary data.
  • Learn how to protect data: Once the various types of data are mapped and located and specific mechanisms are in place to safeguard them, it is time to implement these mechanisms. As there are more and more stakeholders in the organization, it becomes a challenge to ensure security policy communication and proper implementation across multiple teams. In addition, combining the different types of data storage technologies with custom implementation methods, without security and visibility gaps, and understanding how the business should protect data often becomes a barrier that organizations may not have the expertise to overcome. .
  • Practice continuous supervision: As data grows and data stores expand rapidly, maintaining a strong security posture becomes an ongoing task that requires constant and ongoing monitoring. Comprehensive, real-time views of data warehouses and the risks associated with them are imperative to properly maintaining an organization’s CDSPM.

Achieving a strong security posture presents challenges for all assets in any organization, but data represents a step beyond the rest in terms of its complexity, controls and configurations and requires a much more granular approach. Security professionals find this challenging because data often resides as an entity within an entity: a self-hosted database stored on a compute instance. It is crucial for companies to keep these challenges in mind and constantly mitigate risk while augmenting data as fuel for organizational growth.

Liat Hayun, Co-Founder and CEO, Eureka Security

Leave a Comment