GigaOm Key Criteria for Evaluating Data Security Posture Management (DSPM) Solutionsv1.0

1. Executive Summary

Data is core to all organizations and should be treated as an essential asset. As the data landscape continues to evolve, data is increasingly dispersed across many locations. No longer limited to on-premises shares and databases, it is stored across many cloud repositories and data platforms.

This changing landscape and business demands for how data is used have increased both its value and the impact of its loss. This has not gone unnoticed by cybercriminals, with data being the ultimate goal for most cyberattacks. Whether it is the theft of this data, denying access to it, or a mix of both, data is a valuable asset for owners and criminals alike. The diligent business must take the security of its data seriously for technical, commercial, and regulatory reasons. Data security cannot go unchecked, as the impact of a data loss incident can be severe.

Addressing this threat is not a technology challenge alone. Businesses must ensure that data management processes are comprehensive and understood. People must be educated about the impact of data security breaches and the part they play in protecting data assets. However, this cannot be achieved without the use of technology. Improving a business’s data security posture has led to the development of data security posture management (DSPM) solutions. DSPM solutions are designed to provide full visibility into data across an entire organization. They provide insight into data use and risks associated with how it is stored, used, and accessed. They provide guidance on how an organization’s handling of data aligns with regulatory demands. They can also provide detailed guidance on how to address these risks and threats and apply controls to mitigate and reduce them.

Business Imperative
Data is too key an asset for any organization to fail to take data security seriously. Data security is not an IT-only issue—it is a broad business issue—and should never be an IT-only project or responsibility. However, those in charge of organizational IT are central to protecting data and ensuring it is well-secured.

DSPM solutions can be a powerful component of addressing the risks to an organization’s data assets. They can provide proactive, detailed insight into all data locations, including shadow, dormant, and redundant data that otherwise goes unnoticed and unsecured. DSPM provides a business with a measurable baseline to understand the current posture, steps to improve it, and ongoing monitoring of data usage, access, and risk. In a world where organizations are compelled to comply with increasingly stringent regulations, these types of tools are critical.

However, those charged with data security must also appreciate that the adoption of DSPM solutions is not trivial. DSPM solutions are likely to show risks in the way data is created, stored, and used, and these identified risks are likely to require changes in process—impacting current workflows—and culture. This is why DSPM adoption must be a business initiative and not just a technical one.

Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of a DSPM solution deployment to the business, this GigaOm Key Criteria report provides a structured assessment of the sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters adoption of a DSPM solution, we provide an overall Sector Adoption Score (Figure 1) of 3.2 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that a DSPM solution is a credible candidate for deployment and worthy of thoughtful consideration.

The factors contributing to the Sector Adoption Score for DSPM are explained in more detail in the Sector Brief section that follows.

Figure 1. Sector Adoption Score for DSPM

This is the first year that GigaOm has reported on the DSPM space in the context of our Key Criteria and Radar reports. This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) for selecting an effective DSPM solution. The companion GigaOm Radar report identifies vendors and products that excel in those decision criteria. Together, these reports provide an overview of the market, identify leading DSPM offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.