DSPM – Don’t believe the Hype(cycle)?!

Each year Gartner release their hype cycle for Data Security. The Gartner Hype Cycle is intended as a graphical representation of a market’s appetite for a technology area, in this case specifically technology relating to Data Security. Gartner’s analysts spend their time diligently collating information on things like market adoption, public interest, and maturity of product, to then place them onto the outlandishly named segments of the graph such as the figure 1 below “Trough of Disillusionment”!

Gartner Hype Cycle

Figure 1 Sample Hype Cycle

In 2022, Gartner’s Hype Cycle for Data Security Posture Management (DSPM) was placed firmly at the foot of the Peak of Inflated Expectation. In a Technology Trigger phase with a Gartner best guestimate of 5-10 years before it’d hit the Plateau of no one caring…

Lets start with what DSPM means.  Gartner’s definition is that it provides visibility as to where sensitive data is, who has access to that data, how it has been used, and what the security posture of the data stored or application is. It does that by assessing the current state of data security, identifying potential risks and vulnerabilities, implementing security controls to mitigate these risks, and regularly monitoring and updating the security posture to ensure it remains effective. As a result, it enables businesses in maintaining the confidentiality, integrity, and availability of sensitive data.

If you’re still reading (and haven’t run to the nearest vendor claiming to be a DSPM expert, screaming take my money!) that’s almost exactly what the Hype Cycle would have you believe. That, by handing over your cash in return for software(s) labelled DSPM all your data security problems are immediately solved.

Sadly, I’m about to crush that dream and hit you with a terrible sense of foreboding and marginally worse case of deja vu. Think of the name of the Hype Cycle briefly: Data Security Posture Management, didn’t people care about their Data Security Posture before this neat little Hype Cycle diagram surfaced? Didn’t you care about Data Security Posture as part of GDPR readiness, as part of PCI-DSS or just because it’s an alarmingly great idea to care about the security posture pertaining to the data you hold?

Gartner crafted a definition to support this new acronym, probably to help them identify things to throw into this newly built category. I’ll spare you the gory details, but in a nutshell a DSPM offering provides the following capabilities:

  • Data Discovery
  • Data Classification
  • Access Governance
  • Risk Management
  • Compliance Reporting

Those of you back from the DSPM shop might realise that the above is nothing new.  HANDD have been delivering a framework to achieve the above regardless of data locality since the mid naughties!. What is more, HANDD won’t discriminate if your data isn’t solely in cloud applications which DSPM will.

HANDDs methodology is simple to follow: Discover, Classify, Protect. By doing so customers can protect the entire journey of their data, from creation through to ultimate storage, archival or deletion.

Discover where your data lies, on premise, SaaS, IaaS, PaaS or endpoint. Make decisions on that content to Classify it. What sort of data is it, what legislation might it be governed by, how sensitive is it within your organisation. Protect it by restricting access, applying a Data Loss Prevention policy, encrypting it, deleting it completely. Then analyse and report to understand compliance or lack of.

DPSM then?

Join us for our 30 minute live webinar on Tuesday 16th May at 11am BST where we delve into this DSPM topic further as a problem, a strategy, and now as a product suite. We will explain the history of the problem and what has changed (if anything) to spawn this new technology category, thus exploring DSPM as a vital security approach and identifying its potential pitfalls in comparison to other security propositions and methodologies.

In the meantime, if you would like to discuss how HANDD can help your organisation with its data security strategy, or an upcoming project please contact us today at info@handd.co.uk or 08456 434 063.