Simplifying the complexity of data security
Over the course of my career, I have seen cybersecurity shift from securing the perimeter to protecting applications and endpoints to adopting zero trust principles and creating a security service edge. This maturation was necessary as companies pursued digital transformation initiatives that leveraged cloud technologies and made it easier and more fluid to generate and consume information.
The attack surface has been continuously expanding, something we know but are tired of hearing about. There are only two certainties in cyber: incidents will always occur, and the target will be a company’s data - the crown jewels. Given that, why has it taken until now for the market to prioritize data security in the form of data security posture management (DSPM)? Short answer: it’s hard.
In the short time I have been with Cyera, I have come to understand that the conditions are finally right to make this a priority. Artificial intelligence and machine learning (AI and ML), something that many of us dismissed as marketing jargon, have advanced to the point where they offer a path to overcoming the architectural limitations that made data loss prevention (DLP) and other siloed data security approaches fail. As I engage with early adopters from the forefront of this budding DSPM industry, data security is finally getting the attention it deserves. To quote Roland Cloutier, former TikTok CISO, “In the next 3 years, more than 30% of security budgets will be focused on the DSPM space or data security platforms.”
DSPM is gaining momentum because it finally provides a means of breaking down the silos that have made data security not just hard but impossible. Impossible because, until now, every attempt has been siloed. Security teams have been attempting to respond to a multitude of masters, all asking for controls from their vantage point - IT teams have sanctioned apps and architectures, privacy teams request controls to comply with regulations, governance teams try to implement risk-mitigation policies, and modern business users and teams actively (but innocently!) subvert all of these because they need to move fast and innovate to remain competitive. DSPM finally provides a means of holistically addressing a company’s data to answer three fundamental questions:
- What data do we have?
- How is it exposing us to risk?
- How do we remediate that risk?
Building this foundation requires a holistic approach to data. Businesses need the ability to continuously and automatically discover, classify, and identify the value and risk data represents and apply remediations for security, privacy, and governance exposures with confidence. AI and ML allow a cloud-native solution like Cyera to do this at a massive scale and with 99% accuracy. If you have been looking for a way to put data security at the center of your zero trust or SSE architecture, look no further. Ask me for a free Data Risk Assessment, and let’s start building the foundation of holistic data security.