Data Security Posture Management Gains Traction Amid Consolidation in Cybersecurity Landscape
Recent developments in the cybersecurity realm highlight the growing importance of Data Security Posture Management (DSPM), a critical area for organizations seeking enhanced visibility into their cloud environments. Yet, experts caution that without the integration of security controls and policy enforcement, stand-alone DSPM providers may find themselves at a competitive disadvantage against comprehensive security platforms.
According to Forrester Principal Analyst Heidi Shey, the rise of DSPM during 2020 and 2021 was primarily driven by businesses’ urgent needs to discover, classify, and manage the risks associated with sensitive data across various cloud environments. While initial DSPM solutions focused on visibility—identifying potential security risks—they often lacked mechanisms for directly enforcing security policies. This shortfall has become increasingly problematic as organizations look for more robust solutions that combine both oversight and security enforcement.
In the current landscape, characterized by rapid consolidation, many DSPM startups have found themselves acquired by established security or technology vendors. Notable companies like IBM, Palo Alto Networks, and CrowdStrike have entered the DSPM market, often fortifying their existing control capabilities through these acquisitions. As noted by Shey, organizations are seeking integrated platforms where DSPM aligns seamlessly with Data Loss Prevention (DLP) and access governance technologies.
Since mid-2023, seven DSPM startups have been absorbed by larger entities, a move that underscores the urgency among businesses to adopt solutions that go beyond simple visibility. The acquisition milieu has left Cyera as the foremost standalone DSPM entity, boasting a valuation of $3 billion following significant capital raises. Cyera has positioned itself distinctively by leveraging advanced AI-driven classification capabilities and offering scalable solutions suitable for extensive cloud data environments.
The convergence of DSPM with DLP is particularly noteworthy; both areas are interdependent in enhancing the accuracy of data classification, reducing false positives, and facilitating stricter policy enforcement. Tamar Bar-Ilan, co-founder and CTO of Cyera, emphasizes that understanding data is foundational for any security strategy. Without this clarity, organizations face increased risks, including data breaches due to unmonitored sensitive information.
Central to the DSPM expansion is the challenge organizations face in managing sensitive data spread across diverse cloud storage solutions and applications. The transition to cloud services has made manual data tracking untenable, necessitating automated data discovery and risk evaluation methods. Early DSPM tools primarily addressed this gap, focusing on data discovery and classification to help firms navigate the complexities of their cloud environments.
Despite the trend toward integration, some DSPM companies, such as Cyera, maintain independence, thriving on their specialized offerings. Their ability to analyze intricate data patterns and facilitate rapid deployment across vast amounts of cloud data has granted them a competitive edge.
With companies relying on integrated solutions for a streamlined approach to cybersecurity, software vendors like Rubrik and Netskope have successfully integrated DSPM into their existing offerings. Rubrik’s incorporation of DSPM has enhanced its disaster recovery solutions, allowing organizations to prioritize sensitive data protection during crises. Similarly, Netskope’s embedding of DSPM within its Security Access Service Edge (SASE) framework improves data access governance and simplifies operational workflows.
As the number of cybersecurity incidents rises, organizations face pressing challenges, including inadequate automated remediation and difficulty integrating new tools with existing infrastructure. The potential adoption of generative AI technologies amplifies these concerns, underlining the increasingly critical need for robust monitoring and compliance measures.
In conclusion, while the DSPM market is rapidly evolving, the success of these solutions hinges on the ability to integrate control functionalities that not only identify risks but also actively mitigate them. The MITRE ATT&CK framework, which categorizes tactics such as initial access and privilege escalation, provides a valuable lens through which the complexities of cybersecurity incidents may be understood. Emphasizing data security posture management will be essential for organizations looking to fortify their defenses against increasingly sophisticated cyber threats.
