What is DSPM? Data-centric Security to Enable Secure Cloud Usage

Table of Contents

• Changing Perspectives on Data Protection
• The Importance of File Visibility
• The Challenges of Detecting Confidential Files
• What is DSPM?

1. Changing Perspectives on Data Protection
With the widespread adoption of cloud services, files are now stored not only within internal IT environments but also in SaaS and IaaS environments. This shift has introduced new challenges for corporate data security measures.

Traditionally, it was possible to prevent data leaks by monitoring the pathways through which files traveled, as organizations had a good grasp of where sensitive files were stored. However, with the proliferation of cloud services, the storage locations of files have diversified, making it difficult to keep track of and monitor confidential files. As a result, the approach to data protection has shifted from "monitoring pathways" to "protecting the data itself," known as data-centric security.

2. The Importance of File Visibility
PDF, Office documents, images, and other files can be easily manipulated or taken out if not properly managed, increasing the risk of data leaks due to human errors or internal misconduct. Therefore, it is essential to visualize and appropriately manage where and how these files are stored. Common causes of data breaches includes "mislabeling/mistransmission", "mistakeable removal/theft," and "loss/misdisposal”

3. The Challenges of Detecting Confidential Files
Methods such as "regular expressions," "keyword searches," and "machine learning" are often used to detect confidential files. However, these methods alone make it extremely difficult to accurately identify all sensitive files.

• Challenges of Regular Expressions and Keyword Searches
  • These techniques detect matches based on patterns without considering the context (confidentiality), which can result in stringent information protection policies being applied to non-confidential files, thus lowering work efficiency. When we tested these methods in-house, we found that the accuracy rate for classifying files as confidential or not was only about 20%.
  • Additionally, using regular expressions requires deep technical knowledge, such as the syntax of regular expressions, special characters (e.g. %, &, .*), nested structures, and negation conditions. Mistakes in the syntax can lead to unintended results. Such knowledge also depends on programming experience, making it challenging for beginners to utilize regular expressions.

 

• Challenges of Machine Learning
  • Machine learning leverages existing data as training data to enhance the detection rate of sensitive information. However, like regular expressions and keyword searches, it also has a tendency to detect data without considering the context. Moreover, it cannot discover new sensitive data that is not included in the training data.

4. What is DSPM?
DSPM (Data Security Posture Management) is a solution that incorporates the data-centric security approach to solve the challenges mentioned above and protect the data itself. The goal of DSPM is to "monitor the data itself and create an environment where data leaks are less likely to occur."

The components of DSPM functionality include:
 
    ① Data Discovery
    Scan storage in SaaS, IaaS, and on-premises environments
 
    ② Data Classification
    Visualize what kind of data is stored where
 
    ③ Data Risk Assessment
    Evaluate whether the data is being handled properly based on discovery and classification results
 
    ④ Leakage Detection and Prevention
    Detect and prevent activities suspected of causing data leaks

For instance, using DSPM solutions like Forcepoint, it is possible to detect confidential files with consideration to context and respond to new sensitive data. If you are interested in more details about the product, please feel free to contact us.

SOURCE

Contact Us