Data security is reinventing itself. As new data security posture management solutions come to market, organizations are increasingly recognizing the opportunity to provide evidence-based security that proves how their data is being protected. But what exactly is data security posture, and how do you manage it?
Data security posture management (DSPM) became mainstream following the publication of Gartner® Cool Vendors™ in Data Security—Secure and Accelerate Advanced Use Cases. In that report, Gartner1 seems to have kicked off the popular use of the data security posture management term and massive investment in this space by every VC. Since that report, Gartner has identified at least 16 DSPM vendors, including Symmetry Systems.
What is Data Security Posture?
There certainly is a lot being marketed and published about data security posture management solutions themselves, but we first wanted to dig into what is data security posture?
Symmetry Systems defines data security posture as "...the current status of the capabilities required to protect data from unauthorized access, destruction, and/or alteration. Data security posture is an assessment of an organization's data store or individual data objects:
Data attack surface: A mapping of the data to the identities, vulnerabilities, and other misconfigurations that can be used as entry points to gain access to it.
Data security control effectiveness: An evidence-based assessment of the data security and privacy controls against industry best practices and organizational policy.
Data blast radius: A quantifiable assessment of the data at risk or the maximum potential impact of a security breach of a single identity, data store, vulnerability, or misconfiguration. This includes identifying the types and volumes of data that could be affected, as well as the estimated costs and predicted consequences based on current control effectiveness.
Overall, a robust organizational data security posture involves a comprehensive approach to managing the security of an organization's data, including continuous inventory and classification of data, ongoing assessment and improvement of data security controls, proactive rightsizing of access to data, and a commitment to continuous monitoring and response to unusual usage of data."
To maintain a good data security posture, organizations should do the following:
Inventory your data: A data inventory—that is a comprehensive list of all data stores and the sensitivity of the data within them—is an essential first step in determining the current status of capabilities.
Monitor data activity and data flows: An important next step is to ensure you have visibility into activity and the flow of your data, because it improves your ability to detect and respond to any anomalies or indicators of compromise as you improve your data security posture.
Assess data security controls: Once you have this visibility and insight into your data, you can conduct an evidence-based assessment of your data security controls. This should include determining the level of encryption of the data, the validity of hashing and tokenization of data in certain environments, and most importantly the validation of cloud configurations and access controls, including authentication required to access data.
Reduce data attack surface: Organizations should have processes in place to use the results of this analysis to proactively identify and reduce the data attack surface. This should include ensuring multi-factor authentication is required for all identities with access to sensitive data and data stores that contain sensitive data and removing dormant accounts from the environment.
Minimize blast radius: Organizations must constantly assess the volume of data at risk and prioritize pragmatic steps to minimize the potential impact of a security breach of a single identity, data store, vulnerability, or misconfiguration. This should include removing sensitive data from inappropriate environments, identifying, and eliminating misconfigurations, and data minimization by archiving or deleting data or by deleting unused privileges from active accounts.
The Symmetry DataGuard Solution
Symmetry DataGuard is a purpose-built data security posture management platform. Symmetry DataGuard doesn't simply augment existing SaaS platforms with data classification to claim DSPM coverage; instead, it was designed from the ground up to maximize the protection of data. The platform is typically deployed within the customer's cloud environment as a way to ensure that data never leaves the customer's control. This deployment model is well suited for dealing with data, regardless of sensitivity and various compliance regulations.
At its core, the Symmetry DataGuard platform has a deep graph of data objects, identities, and all permissions to and actions that are performed on the data objects. This interconnected graph is used to provide the elements needed for organizations to manage their data security posture. We reviewed the Symmetry Solution to see how it helps organizations address a few key areas.
Data Inventory
Once installed and configured, Symmetry DataGuard gathers information from the cloud environments. This is made easier by installing within the customer's cloud environment, but as long as Symmetry DataGuard has appropriate permissions to query the data, it can aggregate information across your cloud environments. To avoid unnecessary data egress fees, Symmetry Systems recommends deploying Symmetry DataGuard in each cloud environment (i.e., AWS, Azure, etc.). Agentless discovery quickly collects information about:
- The cloud environment.
- The identities (including users, services, roles, and groups) with access to the environment.
- The datastores within the environment.
Examples of the environment inventory data collected by Symmetry DataGuard are shown in the image below:
Figure 1: Data environment inventory data collected by Symmetry DataGuard |
Information obtained here is used to kickstart sampling of the data within the identified datastores. The sampling approach is fully customizable. Symmetry DataGuard provides a robust catalog of prebuilt data identifiers that use a combination of keywords, regex pattern matching, and machine learning-based matching to identify and classify an organization's data within the identified datastores. Symmetry Systems works with their customers to build, customize, and improve the set of identifiers to increase the accuracy of their classification process.
This insight into the classification of data within each data store is added to the deep graph and provides organizations with searchable views and visualizations of their data inventory. Examples of this data inventory are surprisingly beautiful and shown in the image below:
Figure 2: Data visualizations help increase the accuracy of the data classification process by mapping identities, access, data types, and where the data is stored. |
Monitor Data Activity and Data Flows
As part of the discovery and ongoing monitoring of the environment, Symmetry DataGuard collects telemetry on all the data activity or data operations being performed on data within your environment. This includes failed and denied attempts. This telemetry is used to deepen the insight provided on who is accessing an organization's data and where that data is flowing to or from as a result.
This information is cross-correlated with the data inventory to help organizations pinpoint external data flows, failed attempts to access sensitive data, and a number of other interesting data-centric threat detection scenarios. An example visualization of these flows is shown below:
Figure 3: Data flows help organizations pinpoint data-centric threat detection scenarios |
Operations are grouped into four high-level classes: creation, read, update, or deletion of data. This helps when prioritizing unusual or high-risk activity against specific data.
Perform Assessment of Data Security Controls
Symmetry DataGuard also assesses the data security and identity configurations and can raise alerts when configurations fail to meet defined policies or are changed. These configurations include, but are not limited to, determining whether:
- Data is encrypted. (This includes native.)
- MFA is enabled.
- Monitoring is enabled.
Symmetry DataGuard has out-of-the-box compliance policies that are used to check for compliance with data-centric portions of the Center of Internet Security (CIS) benchmarks and other compliance frameworks. Examples of the compliance dashboard are shown below:
Each compliance check on the compliance dashboard contains information about the configuration that was checked and the remediation steps to address it. We expand one of the compliance checks and get the following detailed result:
Figure 5: Compliance checks include information on the configuration and remediation steps |
With the compliance dashboard, organizations are able to check their data for misconfigurations and compliance with various regulatory frameworks (PCI DSS, SOC 2 etc.). The compliance checks done by Symmetry DataGuard are more precise than other compliance configurations performed at the cloud infrastructure and are crucial for organizations in heavily regulated industries.
The Takeaway
A good data security posture reduces the attack surface and blast radius of your organization's data. Achieving and maintaining a good data security posture requires a detailed understanding of the data itself, the identities that can access it, the controls that protect it and monitoring of the operations being performed. A leading platform like Symmetry DataGuard is able to maintain data inventory, monitor operations and activity and check for secure data security configuration and compliance, and thereby provide evidence-based data security.
If you are interested in finding out more about Symmetry Systems and their data security posture management solution, Symmetry DataGuard, You can request a demo at Symmetry-Systems.com.
Gartner1, Cool Vendors in Data Security — Secure and Accelerate Advanced Use Cases, by Joerg Fritsch, Andrew Bales, Ravisha Chugh, Brian Lowans, Mark Horvath, 19 April 2022
Gartner Disclaimer
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, Hype Cycle and Cool Vendors are registered trademarks of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved.