Virtualization Technology News and Information
Normalyze 2023 Predictions: How the Security Platform Consolidation Trend Will Improve Cloud Data Protection


Industry executives and experts share their predictions for 2023.  Read them in this 15th annual series exclusive.

How the Security Platform Consolidation Trend Will Improve Cloud Data Protection

By Ravi Ithal, CTO and co-founder of Normalyze

The hallmark trait of technology is it constantly gets better. We've seen this for decades in the cybersecurity domain and it's quickly happening again right before our eyes. A wide range of different security tools are merging into a few cohesive platforms and integrating vital functionality which heretofore was siloed, too complex, required too many engineers to manage, and ultimately fell short of respective promises.

Our topic is the emergence of a new consolidated platform for cloud data security and what this means for enterprises of any size. But before plunging in, let's first assess the big picture of security consolidation to see what's propelling these changes for better cybersecurity in your environment.

Portfolio or Platform: Which Will Win?

Portfolio is a legacy marketing term for several "best of breed" products addressing different aspects of a security use case. A portfolio may address securing a vast collection of enterprise endpoints. Another might address various aspects of network and access security. Sometimes a portfolio has different vendors' products; and some vendors sell multiple products as a portfolio. You can assess the value of a portfolio's real-world integration by what degree they all use the same data and control planes - and all managed with a single monitor. (Hint: unlikely a portfolio can do this!)

Given the giant data streams of telemetry and alerts generated by modern cloud environments, legacy portfolios are falling short. Silos are an especially big impediment to multicloud SecOps. Lack of 100% integration means the portfolio approach is more onerous to use, more expensive to operate, and provides less effective security. It's why most organizations are switching to platforms.

Drivers for Consolidation with Platforms

According to a Gartner study, 51% of security and risk management leaders surveyed said in 2020 they were currently planning to pursue a vendor consolidation strategy. Consolidation is achieved by replacing a portfolio of multiple products with a single integrated platform. In simple terms, they want to use fewer products to achieve the same or better security outcomes. In Gartner's 2022 survey, 75% of respondents were currently planning to achieve consolidation - a 47% increase in just two years!

Another incentive for the platform approach is a vast shortage of qualified security professionals. The shortage is severe. According to an overview of studies in Fortune, companies are "desperate" to fill more than 700,000 cybersecurity positions as of June 2022. A platform approach allows an organization to fulfill security operations with fewer hands required.

Budget pressure is yet another driver for consolidation. With looming global recession, CIOs are looking for ways to slow the growth of or reduce IT budgets such as cloud spend. Another tactic is eliminating redundant security tools. For example, a 2021 report by IBM says 30% of survey respondents deploy more than 50 tools and technologies for security. And 45% said they use more than 20 tools when specifically investigating and responding to a cybersecurity incident. Lots of opportunity for tool reduction into a few platforms!

As a security professional, you are likely aware of two such platforms if not already using one or both. The most mature security platform is a Security Service Edge (SSE), which unifies web, cloud services, and private application access for mid-size-to-larger organizations; 80% of enterprises will use an SSE by 2025, according to Gartner. A newer security platform is eXtended Detection and Response (XDR), which consolidates many threat detection and response processes for endpoint, cloud, and identity; Gartner predicts about 50% of the midmarket will use XDR by 2027.

A third security platform mentioned in the Gartner study, but with no related taxonomy, is a Data Security Platform (DSP). The DSP is all about securing sensitive data in the enterprise - especially modern cloud-native environments. Gartner says the DSP will be used by 30% of enterprises as of 2525. Since my article is about predictions, let's now dive into how the DSP is likely to play out for securing cloud data.

DSPM: the New Platform for Cloud Data Security

Data Security Posture Management (DSPM) is quickly emerging as the go-to platform for automating cloud-native data security. DSPM defines a new, data-first approach to securing cloud data. It's based on a premise that data is your organization's most important asset. Platform-based instrumentation of DSPM charts a modern path for understanding everything that affects the security posture of your data. DSPM tells you where sensitive data is anywhere in your cloud environment, who can access these data, and their security posture. With its laser beam focus on your data, DSPM will help your security, IT operations, and DevOps teams to:

  • Discover sensitive data (both structured and unstructured) in your cloud environments, including forgotten databases and shadow data stores.
  • Classify sensitive data and map it to regulatory frameworks for identifying areas of exposure and how much data is exposed, and tracking data lineage to understand where it came from and who had access to the data.
  • Discover attack paths to sensitive data that weigh data sensitivity against identity, access, vulnerabilities, and configurations - thus prioritizing risks based on which are most important.
  • Connect with DevSecOps workflows to remediate risks, particularly as they appear early in the application development lifecycle.

Putting the security spotlight on cloud data makes sense because its proliferation in modern cloud organizations is rapidly increasing risks of sensitive data loss or compromise. Volume and velocity of cloud data is accelerating rapidly - so much so that without a tool like DSPM, organizations find it impossible to know where all sensitive data resides within cloud environments. It's equally impossible to protect sensitive data that's off the radar from legacy security tools.

Data Explosion in the Cloud-Native Era


Five Key Capabilities Will Power DSPM

Posture management for data security addresses two general questions: What are the issues, and how can we fix them? While the security industry is in its early days of creating DSPM solutions, we can point to five domains or capabilities that will be mandatory for a platform to automatically assess the security posture of cloud data, detect and remediate risks, and ensure compliance. These capabilities shall be integrated into a DSPM platform that provides instrumentation via common data and control planes.

Modern environments will need the DSPM platform to be agentless and deploy natively in any of the major clouds (AWS, Azure, GCP). Easy integration of your existing tools' data will require the platform to provide 100% API access. Naturally, the platform should also use role-based access control to keep the management of data security posture just as secure as the sensitive data should be. All of these will minimize roadblocks and make DSPM quickly productive for your teams.

I predict the five fundamental capabilities of DSPM will include:

1. Data Discovery

Discovery capability answers the question, "Where areare my sensitive data?" DSPM discovers cloud native structured and unstructured data stores. It discovers cloud native block storage, such as EBS volumes. It discovers PaaS data stores such as Snowflake and Databricks. DSPM should continuously monitor and discover new data stores. And it should notify security teams on discovery of new data stores or objects that could be at risk.

2. Data Classification

Classification tells you if your data is sensitive and what kind of data it is. It answers questions like "Who can access my data?" and "Are there shadow data stores?" Examples of classification include:

  • Find sensitive data not just "in a data store," but in specific objects, tables, and column names.
  • Identify regulated data (GDPR, PCI DSS, HIPAA, etc.).
  • Find proprietary or unique sensitive data.
  • Automatically notify stakeholders when new sensitive data is detected.
  • Provide workflow to fix false positives when data is miscategorized.

3. Access Governance

Access governance ensures that only authorized users are allowed to access specific data stores or types of data. DSPM's access governance processes will also discover related issues, such as: "Are there abandoned databases?" or "Are there excessive privileges?" A platform's automated capabilities needs to include identification of all users with access to cloud data stores. It should identify all roles with access to those data stores. DSPM should also identify all resources with access to those data stores. In relation to all of these, the platform also should track the level of privileges associated with each user/role/resource. Finally, DSPM must detect external users/roles with access to the data stores. All this information will inform analytics and help determine the level of risk associated with all your organization's cloud data stores.

4. Detect Risks & Remediate Vulnerabilities and Cloud Misconfigurations

This domain is about functions of vulnerability management. Risk detection is a process of finding potential attack paths that could lead to a breach of sensitive data. DSPM detects vulnerabilities affecting sensitive data and insecure users with access to sensitive data. The main idea is to visually map out relationships across data stores, users, and cloud resources to guide investigation and remediation. The platform should enable building custom risk detection rules that combine sensitive data, access, risk, and configurations. It should support custom queries to detect and find potential data security risks that are unique to your organization and environment. Security teams should be provided with trigger notifications to specific assignees upon detection of risks. Related workflows should automatically trigger third-party products such as ticketing systems. To ease usability, modern graph-powered capabilities will visualize and enable queries to spot attack paths to sensitive data.

5. Compliance

DSPM must be able to automatically detect and classify all data within all your organization's cloud data stores related to any relevant laws and regulations. Examples include the European Union's General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), the Payment Card Industry Data Security Standard (PCI DSS), and the new California Consumer Privacy Act (CCPA) - all of which have mandates for securing specific types of sensitive data.

The platform should automate mappings of your data to compliance benchmarks. Stakeholders in your organization should get a coverage heatmap on data compliance gaps, such as misplaced personally identifiable information (PII), shadow data, or abandoned data stores with sensitive data. Data officers should receive a dashboard and report to track and manage data compliance by region, function, and so forth. In addition to ensuring security of regulated sensitive data, the platform should also simplify and accelerate producing documentation verifying compliance for auditors.

Tools that DSPM Will Integrate or Replace

DSPM is a relatively new concept, designed to meet rapidly evolving requirements for securing cloud data. DSPM has entered On the Rise "first position" in Gartner's Hype Cycle for Data Security, 2022. Gartner assigns DSPM a "transformational" benefit rating due to the critical nature of cloud data.

Subsets of DSPM's general functionality are seen in some current tools for cloud security. Unfortunately, their functionality is mostly siloed, and these standalone tools will be unable to fulfill all five major functions of DSPM required for systematic, comprehensive, and effective security of all cloud data.

The matrix below shows how current cloud security tools are partially addressing the five functions of DSPM in various types of cloud data stores. Essentially, DSPM fulfills all the squares stating "None" and may replace tools in the other squares - especially if an organization's use cases for particular tools are minimal. Alternately, if an organization has significant investment in particular cloud security tools (such as populating a CMDB with hundreds of thousands of assets, owners, business criticality, etc.), the DSPM platform can also ingest operational data, alerts, and other metrics from your existing infrastructure of corresponding tools for security, IT operations, and DevOps. Use case flexibility will go a long way with DSPM!


The Future of DSPM Is Happening Now

The transition by enterprises from a legacy portfolio approach for cloud data security to a modern, consolidated platform approach has already left the gate for most organizations. If your environment is all or mostly cloud native, it's likely this transition will occur quickly. As you inventory your organization's existing tools for cloud data security and weigh their outcomes against what DSPM can provide, it will be useful to start getting some hands-on experience with emerging DSPM platforms. As we've all discovered with technology, it continues to get better every year. DSPM will be the enabling solution for helping enterprises of any size to quickly get control of cloud data security posture and ensure safety and compliance for your organization's most valuable asset: its data.




Ravi Ithal is CTO and co-founder of Normalyze, a leader in cloud-native data security. He also was co-founder and chief architect at Netskope where he built the first cloud-access security broker and next-generation secure web gateway, and founding engineer at Palo Alto Networks where he built the first next-generation firewall. Follow Ravi on LinkedIn.

Published Monday, January 09, 2023 7:35 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2023>