Key Points: 

• While DLP has traditionally focused on preventing data loss, stopping unauthorised access and transmission of sensitive information, DSPM offers a broader approach to data security by providing holistic visibility and control over sensitive information across the organisation.
• Both DLP and DSPM involve identifying and classifying sensitive data, but DLP goes a step further by actively preventing unauthorised data disclosure.
• The shift to cloud-based services has made it more challenging to control data, as it's spread across multiple platforms. This highlights the need for a holistic approach like DSPM  
• Organisations should prioritise setting access controls and regularly reviewing permissions to prevent data breaches. A reactive approach, such as responding to a data breach, is often more costly and time-consuming.  
• To effectively manage and protect data in today's complex environment, organisations need DSPM solutions that offer data discovery, access control, and visibility into sensitive information.

For decades, security professionals have been managing the security of their data leveraging Data Loss Prevention (DLP) tools. However, contemporary teams are embracing a more holistic approach through the adoption of Data Security Posture Management (DSPM).

As new cyber security threats emerge on an almost daily basis, companies are understanding the significance of a comprehensive strategy for safeguarding sensitive data with holistic DSPM solutions.

Whereas traditional DLP stops unauthorised access and transmission of sensitive information, sometimes acting as a blocker to productivity, DSPM tools, such as Metomic, focus on detecting and protecting data without getting in the way of employees doing their jobs.

💻Webinar: Watch Metomic CEO, Rich Vibert, chat with Christopher Reed, CISO at SunFire & Mackenzie Jackson, Developer Advocate at GitGuardian about the differences between DLP and DSPM. Together, they shed light on DSPM’s fundamental principles, its practical implications, the latest trends and innovations, and its pivotal role in modern cybersecurity.

How can Metomic help your DSPM?

Take control of your sensitive data with Metomic, your #1 DSPM tool for SaaS, Cloud and GenAI. Metomic is a DSPM vendor that continuously monitors your ecosystem to detect sensitive data on autopilot, alerting your team to critical risks created across the business.

Book a personalised demo to uncover how Metomic can help you navigate comprehensive security and safeguard your data integrity effectively.

Our 5 key takeaways from the webinar

1. DLP is not dead

There has been talk of DSPM replacing DLP completely, and the trio talked about the downfalls of using DLP tools, such as the blocker they can put on productivity. However, it turns out it’s best not to write it off just yet. 

Mackenzie said, "I know we've been bashing DLP a little bit, but there still needs to be that component of actually preventing that data from leaving as well. It's less about trying to change or remove it, it's more about adding layers of security to that - that's really what DSPM is about.

“DLP has been all about focusing on outside the wall and DSPM is including inside the wall security as well. We still need both. DLP absolutely has its place, but it's just not enough anymore. We need to add components to it."

2. Having multiple layers of security is crucial 

With a multiplicity of new application services available for employees to use, it’s not just about having a wall of defence anymore; it’s about having multiple layers in place to control the many different avenues a threat can originate from. 

Mackenzie said, “It’s not just about having this wall - it’s about increasing your posture. It’s about having multiple layers of defence, and having lots of different types of controls and access.” 

DSPM answers that call, bringing a more holistic approach to data security. However, Chris added that organisations are a little behind the times with using it. 

“It’s a paradigm shift we’ve needed for a while,” he said, “because data is spreading across your organisation, and having that visibility of where it is across all your services and technologies, that’s the hard thing to do. We definitely need more of a governance posture with it.” 

3. It’s difficult to control data in the cloud

When employees were working in offices five days a week, the network perimeter was easier to quantify. But now that there’s so much more data in the cloud, it can be difficult to control data that sprawls across many different platforms and SaaS applications. 

"We used to have much more control over our data,” explained Mackenzie. “And now we've put everything into the cloud. What's interesting is if we look at the cloud, it’s still a data server - it's just managed by someone else. So we've lost that wall. We've lost control over that now. I'm not here to say that's necessarily a bad thing because we all know the benefits, but we have to be aware of the security challenges that this massive transition into the cloud or into other people's data servers has actually created for us."

Chris added that the impact of the pandemic meant the cloud was the go-to solution for most businesses. “It's almost like there's been a veil of trust added in there with the pandemic,” he said. “That was a huge boom of, ‘everyone has to go remote. We have to do this to keep business running.’ And with that, people forget that it's still a shared responsibility when you're putting that data within a public or private cloud."

4. Being proactive when it comes to access controls is key 

While it may be easier to allow everyone access to everything in the name of productivity, this might be a lot more difficult to tidy up after a data breach has taken place. 

"We forego some control to be able to move faster,” Mackenzie said. “And so it's much easier to produce some admin credentials or admin keys and give them to everyone. Then, you don't have to manage multiple keys, but that's a terrible security posture. Having these different levels in understanding who should have access to what, making sure that's well documented and mapped out - there's a way to actually audit and enforce that. 

“That's going to be a really important step in actually starting to reduce some of these more high valued leaks that are coming from it. I feel like that's a step that's often overlooked, especially when people get into panic mode."

Being proactive in setting access controls is essential to prevent data leaks.

5. What you should be looking for in a DSPM tool

It all depends on what your priorities are as a business, but according to Christopher Reed, you should be looking at the key components of a DSPM solution, which incorporates data discovery and access controls. 

“You still want to be looking for all those key components of the DSPM solution - the type of controls that you want, those preventative, corrective, detective controls to ensure that you can actually do a full holistic posture,” he said. “And that's the whole idea of having a posture. You have a stance to say, ‘I know we might have a gap. It might not be the most prioritised one at this point in time, but we know where it is. We know what to do. We're aware of it."

And focusing on what’s right for your business is crucial, as Mackenzie explains: "The type of information that you really want to secure is going to be different for a healthcare company than it is for a cloud service provider. I think you really need to look at the type of data that you're securing. Is this the right tool for me? Is it going to create too many false positives? And then the last thing you need to look at is from a cost perspective as well. I don’t always go with the cheapest tool."

Book a personalised demo of Metomic

Metomic's DSPM solution detects and protects your most sensitive data wherever it lives across your SaaS, cloud and GenAI ecosystem.

Book a personalised demo to uncover how Metomic can help you navigate comprehensive security and safeguard your data integrity effectively.