Data security is reinventing itself. As new data security posture management solutions come to market, organizations are increasingly recognizing opportunities to provide evidence-based security that demonstrates how their data is protected. But what exactly is a data security posture, and how do you manage it?
Data security posture management (DSPM) went mainstream following the publication of Gartner® Cool Vendors™ in Data Security—Secure and Accelerate Advanced Use Cases. Because report, Gartner1 seems to have started the popular use of the term data security posture management and is investing heavily in this space by every VC. Since the report, Gartner has identified at least 16 DSPM vendors, including Symmetry Systems.
What is Data Security Posture?
Of course a lot has been marketed and published about the data security posture management solution itself, but first we want to explore what is a data security posture?
Symmetry Systems defines a data security posture as “…the current state of capabilities required to protect data from unauthorized access, destruction, and/or modification. A data security posture is an assessment of an organization’s data stores or individual data objects:
Data attack surface: The mapping of data to identities, vulnerabilities, and other misconfigurations that can be used as entry points to gain access to them.
Effectiveness of data security controls: Evidence-based assessment of data security and privacy controls against industry best practices and organizational policies.
Data burst radius: Measured assessment of data at risk or maximum potential impact from a single identity security breach, data store, vulnerability, or misconfiguration. This includes identifying the types and volumes of data that could be affected, and estimating the estimated costs and consequences based on the effectiveness of current controls.
Overall, a strong organizational data security posture involves a comprehensive approach to managing the security of an organization’s data, including ongoing data inventory and classification, ongoing assessment and improvement of data security controls, proactive adjustment of access rights to data, and a commitment to continuous monitoring and response. against unusual use of data.”
To maintain a good data security posture, organizations must do the following:
Your data inventory: A data inventory—that is, a complete listing of all data stores and the sensitivity of the data within them—is an important first step in determining the current status of capabilities.
Monitor data activity and data flow: An important next step is to ensure you have visibility into your activities and data flows, as this increases your ability to detect and respond to any anomalies or compromise indicators as you improve your data security posture.
Assess data security controls: Once you have visibility and insight into your data, you can conduct an evidence-based assessment of your data security controls. This should include determining the level of data encryption, validity of hashing and tokenization of data in a given environment, and most importantly validation of cloud configurations and access control, including the authentication required to access data.
Reduce the data attack surface: The organization must have a process in place to use the results of this analysis to proactively identify and reduce the data attack surface. This should include ensuring multi-factor authentication is required for all identities with access to sensitive data and data stores containing sensitive data and removing inactive accounts from the environment.
Minimize the blast radius: Organizations must continually assess the volume of data at risk and prioritize pragmatic steps to minimize the potential impact of a single identity security breach, data store, vulnerability, or misconfiguration. This should include removing sensitive data from inappropriate environments, identifying and eliminating misconfigurations, and minimizing data by archiving or deleting data or by removing unused privileges from active accounts.
Symmetry DataGuard solution
Symmetry DataGuard is a purpose-built data security posture management platform. Symmetry DataGuard doesn’t just augment existing SaaS platforms with data classification to claim DSPM coverage; instead, it was designed from the ground up to maximize data protection. Platforms are typically deployed in a customer’s cloud environment as a way to ensure that data never escapes the customer’s control. This deployment model is well-suited for working with data, regardless of sensitivity and various compliance regulations.
At its core, the Symmetry DataGuard platform has in-depth graphs of data objects, identities, and all the permissions and actions performed on data objects. These interconnected graphs are used to provide the elements an organization needs to manage its data security posture. We reviewed Symmetry Solutions to see how it helps organizations address several key areas.
Once installed and configured, Symmetry DataGuard collects information from the cloud environment. This is made easier by installing within the customer’s cloud environment, but as long as Symmetry DataGuard has the appropriate permissions to query data, it can collect information across your cloud environment. To avoid unnecessary data outages, Symmetry Systems recommends implementing Symmetry DataGuard in every cloud environment (i.e., AWS, Azure, etc.). Agentless discovery quickly gathers information about:
- Cloud environment.
- Identity (including users, services, roles, and groups) with access to the environment.
- Datastores in the environment.
An example of environmental inventory data collected by Symmetry DataGuard is shown in the image below:
|Figure 1: Environmental inventory data collected by Symmetry DataGuard|
The information obtained here is used to initiate data sampling in the identified data store. The sampling approach is fully customizable. Symmetry DataGuard provides a comprehensive catalog of built-in data identifiers that uses a combination of keywords, regex pattern matching, and machine learning-based matching to identify and classify organizational data in identifiable data stores. Symmetry Systems works with their customers to build, customize, and enhance identifier pools to increase the accuracy of their classification process.
This insight into the classification of data in each data store adds up to deep graphs and gives organizations a searchable view and visualization of their data inventory. This example of data inventory is very beautiful and is shown in the image below:
|Figure 2: Data visualization helps improve the accuracy of the data classification process by mapping identity, access, data type, and data storage.|
Monitor Data Activity and Data Flows
As part of its ongoing environmental discovery and monitoring, Symmetry DataGuard collects telemetry on all data activity or data operations performed on data in your environment. This includes failed and rejected attempts. This telemetry is used to deepen the insights provided about who is accessing organizational data and where the data flows to or from as a result.
This information is cross-correlated with data inventories to help organizations pinpoint external data flows, failed attempts to access sensitive data, and a number of other interesting data center threat detection scenarios. An example of this flow visualization is shown below:
|Figure 3: Data flows help organizations define data-centric threat detection scenarios|
Operations are grouped into four high-level classes: data creation, reading, updating, or deletion. This is helpful when prioritizing unusual or high-risk activity over certain data.
Perform a Data Security Controls Assessment
Symmetry DataGuard also assesses data security and identity configurations and can raise alerts when configurations fail to comply with specified policies or are changed. This configuration includes, but is not limited to, determining whether:
- Data is encrypted. (This includes the original.)
- MFA enabled.
- Monitoring is enabled.
Symmetry DataGuard has an out-of-the-box compliance policy that is used to check compliance with the data center portion of the Center for Internet Security (CIS) benchmarks and other compliance frameworks. An example of a compliance dashboard is shown below:
|Figure 4: Symmetry DataGuard compliance dashboard includes ready-to-use compliance policies that are used to check compliance with the data center portion of the Internet Security Center (CIS) benchmarks and other compliance frameworks|
Each compliance check on the compliance dashboard contains information about the configuration being checked and the corrective steps to resolve it. We extend one of the compliance checks and get the following detailed results:
|Figure 5: The compliance check includes information about configuration and repair steps|
With the compliance dashboard, organizations can check their data for configuration errors and compliance with various regulatory frameworks (PCI DSS, SOC 2, etc.). Compliance checks performed by Symmetry DataGuard are more precise than other compliance configurations performed in the cloud infrastructure and are critical for organizations in highly regulated industries.
Take it home
A good data security posture reduces your organization’s attack surface and data blast radius. Achieving and maintaining a good data security posture requires a detailed understanding of the data itself, the identities that can access it, the controls that protect it, and monitoring the operations performed. Leading platforms such as Symmetry DataGuard are able to maintain data inventories, monitor operations and activities, and check secure data security configurations and compliance, thereby providing evidence-based data security.
If you are interested in learning more about Symmetry Systems and its data security posture management solution, Symmetry DataGuard, you can request a demo at Symmetry-Systems.com.
1Gartner, a Hot Vendor in Data Security — Secure and Accelerate Advanced Use Cases, by Joerg Fritsch, Andrew Bales, Ravisha Chugh, Brian Lowans, Mark Horvath, April 19, 2022
Gartner does not endorse any of the vendors, products or services described in its research publications, and does not advise technology users to select only the highest-rated vendors or other designations. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its US and international affiliates, Hype Cycle and Cool Vendors are registered trademarks of Gartner, Inc. and/or its affiliates and is used here with permission. All rights reserved.