For decades, security professionals have been managing the security of their data leveraging Data Loss Prevention (DLP) tools. However, contemporary teams are embracing a more holistic approach through the adoption of Data Security Posture Management (DSPM).
Metomic CEO Richard Vibert, virtually sat down with Christopher Reed, CISO at SunFire, and Mackenzie Jackson, Developer Advocate at GitGuardian on our webinar, ‘From DLP to DSPM: Where Are We Headed With Data Security Posture Management?’
Together, they shed light on DSPM’s fundamental principles, its practical implications, and its pivotal role in modern cybersecurity.
Here are the five key takeaways we took from the webinar:
There has been talk of DSPM replacing DLP completely, and the trio talked about the downfalls of using DLP tools, such as the blocker they can put on productivity. However, it turns out it’s best not to write it off just yet.
Mackenzie said, "I know we've been bashing DLP a little bit, but there still needs to be that component of actually preventing that data from leaving as well. It's less about trying to change or remove it, it's more about adding layers of security to that - that's really what DSPM is about.
“DLP has been all about focusing on outside the wall and DSPM is including inside the wall security as well. We still need both. DLP absolutely has its place, but it's just not enough anymore. We need to add components to it."
With a multiplicity of new application services available for employees to use, it’s not just about having a wall of defence anymore; it’s about having multiple layers in place to control the many different avenues a threat can originate from.
Mackenzie said, “It’s not just about having this wall - it’s about increasing your posture. It’s about having multiple layers of defence, and having lots of different types of controls and access.”
DSPM answers that call, bringing a more holistic approach to data security. However, Chris added that organisations are a little behind the times with using it.
“It’s a paradigm shift we’ve needed for a while,” he said, “because data is spreading across your organisation, and having that visibility of where it is across all your services and technologies, that’s the hard thing to do. We definitely need more of a governance posture with it.”
When employees were working in offices five days a week, the network perimeter was easier to quantify. But now that there’s so much more data in the cloud, it can be difficult to control data that sprawls across many different platforms and SaaS applications.
"We used to have much more control over our data,” explained Mackenzie. “And now we've put everything into the cloud. What's interesting is if we look at the cloud, it’s still a data server - it's just managed by someone else. So we've lost that wall. We've lost control over that now. I'm not here to say that's necessarily a bad thing because we all know the benefits, but we have to be aware of the security challenges that this massive transition into the cloud or into other people's data servers has actually created for us."
Chris added that the impact of the pandemic meant the cloud was the go-to solution for most businesses. “It's almost like there's been a veil of trust added in there with the pandemic,” he said. “That was a huge boom of, ‘everyone has to go remote. We have to do this to keep business running.’ And with that, people forget that it's still a shared responsibility when you're putting that data within a public or private cloud."
While it may be easier to allow everyone access to everything in the name of productivity, this might be a lot more difficult to tidy up after a data breach has taken place.
"We forego some control to be able to move faster,” Mackenzie said. “And so it's much easier to produce some admin credentials or admin keys and give them to everyone. Then, you don't have to manage multiple keys, but that's a terrible security posture. Having these different levels in understanding who should have access to what, making sure that's well documented and mapped out - there's a way to actually audit and enforce that.
“That's going to be a really important step in actually starting to reduce some of these more high valued leaks that are coming from it. I feel like that's a step that's often overlooked, especially when people get into panic mode."
Being proactive in setting access controls is essential to prevent data leaks.
“You still want to be looking for all those key components of the DSPM solution - the type of controls that you want, those preventative, corrective, detective controls to ensure that you can actually do a full holistic posture,” he said. “And that's the whole idea of having a posture. You have a stance to say, ‘I know we might have a gap. It might not be the most prioritised one at this point in time, but we know where it is. We know what to do. We're aware of it."
And focusing on what’s right for your business is crucial, as Mackenzie explains: "The type of information that you really want to secure is going to be different for a healthcare company than it is for a cloud service provider. I think you really need to look at the type of data that you're securing. Is this the right tool for me? Is it going to create too many false positives? And then the last thing you need to look at is from a cost perspective as well. I don’t always go with the cheapest tool."
Whilst these were our 5 takeaways from the webinar, there were many more great insights shared during this insightful discussion. If you haven’t tuned in, you can access this recording now here.
Keep an eye on our ‘events page’ to see when our next webinar is scheduled.