Industry executives and experts share their predictions for 2023.  Read them in this 15th annual VMblog.com series exclusive.

Data Security Posture Management: Poised for a Big Year in 2023

By Claude Mandy, Chief Evangelist at Symmetry Systems

Data security posture management (DSPM) is positioned to take center stage for many organizations in 2023 as they work to reduce liability from future data breaches and lay the groundwork for full adoption of Zero Trust. In the coming year, we expect to see a few key trends emerging in the security industry, including increased and rapid transparency into data breaches, increased enterprise investments in DSPM tools, and increased CISO involvement in DSPM decisions. 

Increased transparency in 2023 data breaches 

Historically, organizations have only disclosed breaches that surpass a certain level of severity. However, in 2023, we expect to see more radical transparency from CISOs when data breaches occur, regardless of the size or the damage. This year has shown security leaders what not to do in light of a breach on a larger scale-take the former Uber CISO's conviction on federal charges for covering up a data breach as an example. The potential for whistleblowing on organizational failures to protect data has also increased - we have seen from the Twitter whistleblower testimony on the company's broken defenses against hackers. Going into 2023, organizations will be more likely to be open and transparent when a breach has occurred. The speed and transparency of the disclosure will be become more important, as it becomes more commonplace. 

Additionally, with regulations in the works, like the SEC Rule 206 (4)-9 that encourage transparency from organizations following a breach and discourage withholding information from affected customers, companies will be more incentivized to disclose a breach and share details about the aftermath. We also expect to see an expansion of privacy laws across U.S. states as well, falling in line with existing international privacy regulations. 

In the years to come, we may also see at least one large organization fined by a corporate regulator for their ongoing poor data governance and inability to demonstrate understanding of where their data is and how it is secured. 

Increased vendor focus on data 

Organizations continue to face a plethora of cloud configuration issues, but in 2023, they will need  to shift  focus on to the growing importance of the data they are collecting and using. This will lead to increased demand for tools that can quantifiably reduce potential data leakage, as opposed to just configuration drift or leak detection.  As a result, we expect to see all or most market-leading identity providers either acquiring or investing in a DSPM solution to augment cloud infrastructure entitlement management solution.  

We'll also see privileged access management and identity governance and administration vendors respond to organizational demand, by considering data security posture in the policy decisions when granting privileged access to users and assessing ongoing permissions needs. This will ensure that only users who need access to data will be granted access, reducing potential leakage risk. 

Increased CISO involvement in DSPM decisions 

Data security is going to demand more attention from CISOs, both in budgets and in strategic decisions. We expect that by December 2023, 20% of CISOs will include a specific line item for data security in their budgets and strategies, including headcount and technology solutions. CISOs who have adopted vendor consolidation approaches will also be looking to layer additional best-of-breed data security solutions into their platforms, as standalone vendors adopt more open interfaces. 

As a result of this, CISOs will hope to increase their organization's trust in their security team's ability to maintain a strong security posture. Business awareness and engagement is increasing, and as CISOs drive more focus on the company's ability to secure data in the cloud, leadership's confidence will grow. 

We also anticipate that internationally recognized security regulatory and compliance requirements will formalize definitions of zero trust for data. This will enable the standardization of measures to ensure that least privilege is continually assessed, and further advance the prevalence of a zero-trust approach within organizations. 

As data breaches become more commonplace, it's not a matter of if an organization will be targeted, it's when. Companies will need to take steps to prepare their data strategies, and that's where a DSPM solution may be able to help. 

##

ABOUT THE AUTHOR

Claude Mandy is Chief Evangelist for Data Security at Symmetry, where he focuses on innovation, industry engagement and leads efforts to evolve how modern data security is viewed and used in the industry. Prior to Symmetry, he spent 3 years at Gartner as a senior director, analyst covering a variety of topics across security, risk management and privacy, focusing primarily on what are the building blocks of successful programs, including strategy, governance, staffing/talent management and organizational design and communication. He brings firsthand experience of building information security, risk management and privacy advisory programs with global scope. Prior to joining Gartner, Mr. Mandy held positions as the global Chief Information Security Officer at QBE Insurance, senior risk and security leadership roles at the Commonwealth Bank of Australia, and at KPMG in Namibia and South Africa.