GigaOm Key Criteria for Evaluating Data Security Platforms (DSPs)v1.0

1. Executive Summary

Poorly managed and inadequately secured data leaves organizations at risk for a data breach and increases the costs of storage and protection. Organizations have traditionally tackled this issue via point solutions–individual applications or solutions–for data loss prevention (DLP), governance, data protection, encryption, and threat detection. However, as data size and complexity continues to grow, so does the complexity of managing multiple solutions, further increasing costs and risks to a business’s data assets.

Data security platforms (DSPs) have emerged to combat this challenge. DSP providers include mature vendors with a strong reputation for data security alongside new vendors who have built DSP solutions from the ground up. This includes DSP vendors offering cloud-based SaaS solutions to improve adoption options and accessibility.

DSPs aggregate the data protection requirements of an organization into a single solution offering capabilities such as:

• Discovery and classification: The ability to find data, understand its content and sensitivity, and apply classifications where necessary.
• Access security: The ability to monitor and control who has access to data, ensuring it is protected appropriately.
• Auditing: Insight into data usage, who accessed it, when, and with whom it was shared.
• Usage and risk analysis: An understanding of data usage and identification of situations when usage and usage patterns present a risk to data security.
• Secure sharing: When data is shared, it must be done so appropriately. This may include encryption, rights management, anonymization, and masking techniques to ensure data is protected.

Implementing a DSP solution is not a trivial task. While DSPs are available for organizations of all sizes, it should be noted that these are not IT department tools. Successful adoption of a DSP solution will require an organization to carry out a sizable project. Such a project demands recognizing data responsibility, identifying data owners, and building policies around data classification, usage, and governance.

Effective DSPs provide comprehensive tools that ease the burden of data security and improve data governance and access management. On the other hand, the risks presented by poorly implemented or overly complex data security solutions are significant. The impact of a data security incident can have financial, reputational, and legal ramifications. Addressing data security challenges must be an organization-wide priority, so adoption of a single DSP solution that covers everyone’s data protection needs can provide significant benefit to the organization.

Business Imperative
The risks posed by insecure and ineffectively managed data are considerable. The impact of a breach or the loss of access to data (such as from a ransomware attack) can result in severe implications for an organization, from loss of productivity to financial penalties to reputational damage that can lead to loss of future business. All these risks can be lowered by a robust data security platform.

Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of deploying a DSP solution, this GigaOm Key Criteria report provides a structured assessment of the DSP sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters adoption of DSP, we provide an overall Sector Adoption Score for the category of 3.8 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that DSP is a credible candidate for deployment and worth thoughtful consideration.

The factors contributing to the Sector Adoption Score for DSP are explained in more detail in the Sector Brief section that follows.

Figure 1. Sector Adoption score for DSPs

This is the first year that GigaOm has reported on the DSP space in the context of our Key Criteria and Radar reports.

This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and non-functional requirements (business criteria) for selecting an effective DSP. The companion GigaOm Radar report identifies vendors and products that excel in those capabilities and metrics. Together, these reports provide an overview of the category and its underlying technology, identify leading DSPs, and help decision-makers evaluate these solutions so they can make a more informed investment decision.