Data has always been the cornerstone of technological advancements. Take, for instance, generative AI (GenAI) that has made huge waves across the globe since the inception of OpenAI’s ChatGPT.
However, as data becomes more scattered and dispersed across multiple environments, gaining complete visibility and implementing proper security controls has become ever more challenging. For instance, the 2024 DSPM Adoption report states that 83% of IT and security leaders assert that the lack of data visibility plays a significant role in weakening cybersecurity posture.
Traditional tools involve protecting infrastructures, networks, or cloud resources. However, DSPM is a cybersecurity discipline where data comes first. DSPM enables organizations to get visibility of their sensitive data, no matter where it lives, and identify who accesses the data, how it is accessed, and what risks are associated with it.
But implementing a DSPM solution isn’t enough. In fact, enterprises must make continuous efforts to mature the solution for increased data visibility and proactive risk management. Here, the DSPM maturity model comes into the picture.
The following blog discusses the best practices to evaluate and advance an enterprise’s DSPM maturity.
DSPM Maturity Assessment & Advancement
Cybersecurity maturity starts with asking the right questions to internal stakeholders. For instance, security teams can ask incident response teams how breaches are detected and remediated. Similarly, data teams can tell about how ` is typically discovered and classified. Leveraging a structured questionnaire to ask the right questions not only fills a survey sheet but also helps security teams understand the current maturity level of their cybersecurity efforts.
After gathering the valuable input from the internal stakeholders, continue the assessment by focusing on the following core aspects.
Discover Known & Unknown Data Across All Environments
Data discovery plays a crucial role in setting the stage for optimal data protection. However, getting eyes on all the data doesn’t come without challenges. In fact, 82% of cybersecurity professionals struggle to locate and classify data across different environments. The reason could range from the highly complex multicloud environments to AI data pipelines.
Organizations in the initial maturity level may face this struggle due to limited discovery capabilities, such as discovering data only on major systems. A mid-maturity level tool may go a step further by discovering and classifying data across public cloud or on-prem, but may still miss shadow data.
Organizations need to aim for a higher maturity level for robust discovery and classification. It means that the DSPM solution should discover all data, i.e., structured, unstructured, and shadow data, across all environments, including but not limited to on-premise, public cloud, hybrid and multicloud, and SaaS environments.
Leverage Semantic Understanding for Accurate Classification
Data discovery and classification work in tandem to provide a complete understanding of data. A simple string of numbers like “436” could represent anything from an employee ID to a customer’s CVV number. These are two entirely different types of data, with the CVV being the most sensitive.
Classification of petabyte-scale data in hyper-multicloud environments, especially in AI data pipelines, poses a huge challenge to security professionals. To put things into perspective, 59% of security professionals now have an extended responsibility of discovering and classifying AI data. However, as many as 79% report difficulties classifying data in AI/ML systems.
A good data understanding reflects a higher classification accuracy based on sensitivity and compliance requirements. However, one of the biggest challenges that enterprises face with classification is a high rate of false positives. This problem persists in organizations with low to mid-level maturity due to simplistic techniques or pre-defined patterns like regex or keyword matching. These outdated methods lack the semantic context needed to get a better understanding of the data.
Organizations with a high maturity leverage AI-powered classification that provides contextual, semantic understanding of the data, classifying it with high precision and accuracy. Optimal classification helps teams reduce false positives through consistent tagging and labeling of data across the landscape.
Use Knowledge Graph for Toxic Combinations of Risks
Organizations with low-level data security maturity treat risks or security alerts in isolation. This approach fails to take into account the historical context of the risk into consideration. For instance, a misconfigured public storage, a sensitive dataset, and LLM training models with excessive privileges may all be remediated as separate issues
Security teams that lack the ability to see isolated alerts as part of a larger event tend to fail to remediate critical vulnerabilities in a timely manner, ultimately leading to increased cyberattack risks.
As far as mid-level maturity tools are concerned, these tools mostly use rule-based correlation to investigate interconnected risks. However, this method may fail to deliver efficiency and accuracy if the tool limits teams to manual correlation actions.
Enterprises should strive to understand toxic combinations of risks looming across their data environments. The best way to go about it is through setting up a robust knowledge graph that extracts a variety of metadata across different systems, resources, networks, and applications, providing a complete picture of associated risks that merge to form critical threats.
Security teams may set up out-of-the-box toxic combination rules, and they may also allow the creation of custom rules that take into account business context. This ultimately helps with the identification and prioritization of interconnected risks, allowing teams to prevent breaches and the resulting chaos.
Optimize Access Controls with Access Intelligence & Governance
The multicloud era has turned access management into a major challenge for organizations. For instance, a 2023 State of Cloud Permissions Risks report cites that enterprises manage as many as 40,000 permissions in a multicloud environment, and the concerning aspect is that 50% are at high risk.
In fact, human identities are no longer the only concern for security teams managing enterprise access. Workload identities have now taken over that number by a ratio of 10:1, and with the introduction of AI agents, a new class of LLM identities is the next critical element organizations must worry about securing.
Organizations with low-level maturity aren’t equipped to reduce sensitive data access risks efficiently, primarily due to either limited oversight or partial visibility of privilege use. What organizations really require is comprehensive insights into sensitive data access visibility, the permissions granted, and the administrative controls the identities have. A knowledge graph, driven by the metadata provided by IAM tools, can deliver those insights.
Furthermore, organizations must also monitor access activity through system logs to look for suspicious activities and irregular access patterns. Teams can further right-size any excessive privileges to enforce least privilege data access.
Another critical element that needs to be considered while implementing a zero-trust policy or least privilege access model is the availability of critical data to users. Enterprises going overboard with restricting access may end up denying access to important data, such as BI data for product enhancements. Policy-driven access controls may help teams overcome this challenge by providing a perfect balance between data security and availability. An example of a fine-grained policy-driven access policy is row-level filtering or dynamic masking that allows access to data but redacts the sensitive data elements from it.
Enable Strong AI Security & Governance Controls
The introduction of ChatGPT, or generative AI in general, has catapulted the world into the age of AI. Due to its powerful capabilities, businesses across the globe are now in a race to streamline the technology into their operational functions for increased efficiency, productivity, and growth. However, the adoption of AI is not as accelerated as it was initially expected, and the reason is the lack of data security preparedness, as highlighted in a report by Morgan Stanley.
Unlike traditional environments, LLMs are entirely a different breed, and thus, they experience a unique set of risks as highlighted in the OWASP Top 10 for LLMs. Unsurprisingly, most of those risks are more relevant to data, hinting at the fact that data security plays a critical role in AI adoption and acceleration. However, organizations that are in the initial or emerging stages of maturity either lack visibility into AI models and data exposure entirely or offer limited visibility.
A higher level of maturity or data and AI security demands that organizations must be capable of discovering sanctioned and unsanctioned AIs across their environments, gain complete context into AI usage, data ownership, or access entitlements, classify models or agents based on regulatory context, map models to processing activities, and establish LLM firewalls at different instances of data and LLM agent interaction, to name a few.
At a low-maturity level, remediation efforts in such organizations are usually fragmented, manual, and reactive. For instance, a security analyst may inform a data owner about an issue after receiving alerts from different systems or sources. Once the issue is resolved, he creates a log in a spreadsheet for tracking purposes. Here, the approach lacks a unified, automated workflow to resolve and report an issue. Moreover, the approach is usually reactive as alerts are triggered after an incident occurs.
Instead of an ad-hoc approach, organizations must strive for a remediation framework that is proactive, automated, unified, and policy-driven. To operationalize this framework effectively, cybersecurity tools, such as DSPM, must be integrated with federated systems like Jira. For low-level risks, policies and rules must be established that resolve the issue automatically, i.e., without much human interference. For complex issues that require human input, an automated federated workflow can be leveraged that creates tickets and alerts relevant personnel about risk remediation.
DSPM Maturity Model is a Roadmap To Data Security
Just as plants require occasional watering and care, the data security strategy of any organization also requires continuous enhancements and updates so it can adapt to the growing risks and challenges. DSPM maturity model assessment can help enterprises with that, enabling them to make their cybersecurity more resilient to cybersecurity threats.
Take this 2-minute DSPM maturity assessment to find out how resilient your cybersecurity framework is to cyberattacks.
