The Importance of Managing Your Data Security Posture

Data security itself is being reinvented. As new data security posture management solutions enter the market, organizations increasingly recognize the opportunity to provide evidence-based security that proves how data is protected. But what exactly is a data security posture and how do you manage it?

Data Security Posture Management (DSPM) has gone mainstream following the publication of Gartner® Cool Vendors™’ Data Security—Secure and Accelerate Advanced Use Cases. In this report, Gartner1 seems to have sparked the popular use of the term Data Security Posture Management and the massive investment in this area by all VCs. Since this report, Gartner has identified at least 16 of his DSPM vendors, including Symmetry Systems.

What is a data security posture?

While there are certainly many marketed and published data security posture management solutions per se, we first wanted to dig deeper into what a data security posture is.

Symmetry Systems defines data security posture as “the current state of the capabilities necessary to protect data from unauthorized access, destruction, and/or alteration.” A data security posture is an assessment of an organization’s data stores or individual data objects.

Data attack surface: a mapping of data to identities, vulnerabilities, and other misconfigurations that can be used as entry points to access the data.

Effectiveness of data security controls: Evidence-based assessment of data security and privacy controls against industry best practices and organizational policies.

Data blast radius: A quantifiable assessment of the data at risk or the maximum potential impact of a compromise of a single identity, data store, vulnerability, or misconfiguration. This includes identifying the types and volumes of data that may be impacted, as well as estimated costs and projected consequences based on current management effectiveness.

Overall, a robust organizational data security posture includes a comprehensive approach to managing the security of an organization’s data. This includes ongoing inventory and classification of data, continuous evaluation and improvement of data security controls, proactively enforcing access to data, and ongoing data security efforts. Monitoring and responding to abnormal data usage. “

To maintain a good data security posture, organizations should:

Create an inventory of your data. A data inventory (a comprehensive list of all data stores and the sensitivity of the data in them) is an important first step in determining the current status of a feature.

Monitor data activity and data flow. The next important step is to ensure visibility into activity and data flow. This improves your ability to detect and respond to anomalies and indicators of compromise as you improve your data security posture.

Evaluate data security controls. Being able to visualize and gain insight into your data allows you to make evidence-based assessments of your data security controls. This includes determining the level of encryption of data, the effectiveness of hashing and tokenizing data in a given environment, and most importantly validating cloud configuration and access controls, including the authentication required to access data. must be included.

Reduce the attack surface of your data. Organizations should have processes in place to use the results of this analysis to proactively identify and reduce their data attack surface. This includes ensuring multi-factor authentication is required for all identities accessing sensitive data and data stores containing sensitive data, and removing dormant accounts from the environment.

Minimize blast radius: Organizations should constantly assess the amount of data at risk and take practical steps to minimize the potential impact of a security breach of a single identity, data store, vulnerability, or misconfiguration. steps should be prioritized. This includes removing sensitive data from inappropriate environments, identifying and eliminating misconfigurations, archiving or deleting data, or minimizing data by removing unused permissions from active accounts.

Symmetry DataGuard Solution

Symmetry DataGuard is a purpose-built data security posture management platform. Symmetry DataGuard does more than simply augment existing SaaS platforms with data classification to claim DSPM coverage. Instead, it was designed from the ground up to maximize data protection. Platforms are typically deployed within a customer’s cloud environment as a way to ensure that data never leaves the customer’s control. This deployment model is suitable for working with data regardless of confidentiality or various compliance regulations.

At the core of the Symmetry DataGuard platform is a detailed graph of data objects, identities, and all permissions on a data object and actions taken on that data object. This interconnected graph is used to provide the elements an organization needs to manage its data security posture. We reviewed the Symmetry solution to see how it can help organizations address several key areas.

data inventory

Once installed and configured, Symmetry DataGuard collects information from your cloud environment. This is made easy by installing within the customer’s cloud environment, but as long as Symmetry DataGuard has the proper permissions to query the data, it can aggregate information across cloud environments. To avoid unnecessary data transfer charges, Symmetry Systems recommends deploying Symmetry DataGuard in each cloud environment (AWS, Azure, etc.). Agentless discovery quickly gathers information about:

• cloud environment.
• Identities that have access to the environment, including users, services, roles, and groups.
• A datastore in your environment.

An example of environmental inventory data collected by Symmetry DataGuard is shown in the figure below.

Figure 1: Data environment inventory data collected by Symmetry DataGuard

The information obtained here is used to initiate sampling of data in the identified datastores. Sampling techniques are fully customizable. Symmetry DataGuard is a robust catalog of pre-built data identifiers that uses a combination of keywords, regular expression pattern matching, and machine learning-based matching to identify and classify an organization’s data within identified datastores. provide. Symmetry Systems works with customers to build, customize, and refine sets of identifiers to improve the accuracy of the classification process.

This insight into the classification of data within each data store is added to the Deep Graph, giving organizations a searchable view and visualization of their data inventory. This data inventory example is stunningly beautiful and is shown in the image below.

Figure 2: Data visualization helps improve the accuracy of the data classification process by mapping identity, access, data type, and where data is stored.

Monitor data activity and data flow

As part of the discovery and continuous monitoring of your environment, Symmetry DataGuard collects telemetry about all data activity or operations performed on data in your environment. This includes failed attempts and rejected attempts. This telemetry is used to gain greater insight into who is accessing your organization’s data and, as a result, where the data is going in and out.

This information is cross-correlated with their data inventory to help organizations pinpoint external data flows, failures to access sensitive data, and many other interesting data-centric threat detection scenarios. An example visualization of these flows is shown below.

Figure 3: Data flows help organizations pinpoint data-centric threat detection scenarios

Operations are grouped into four high-level classes: creating, reading, updating, or deleting data. This is useful for prioritizing unusual or risky activity for specific data.

perform an assessment of data security controls

Symmetry DataGuard can also assess data security and identity configurations and generate alerts when configurations do not meet defined policies or change. These configurations include, but are not limited to, determining:

• Data is encrypted. (Including native speakers.)
• MFA is enabled.
• Monitoring is enabled.

Symmetry DataGuard has out-of-the-box compliance policies used to check compliance to the Center of Internet Security (CIS) Benchmark Data Core and other compliance frameworks. Below is an example of a compliance dashboard.

Figure 4: The Symmetry DataGuard Compliance Dashboard includes out-of-the-box compliance policies used to check compliance to the Center of Internet Security (CIS) Benchmark Data Core and other compliance frameworks. increase

Each compliance check in the compliance dashboard includes information about the configuration checked and remediation steps to address it. Expanding one of the compliance checks gives the following detailed results:

Figure 5: Compliance check includes information on configuration and remediation steps

Compliance dashboards allow organizations to check for data misconfigurations and compliance with various regulatory frameworks (PCI DSS, SOC 2, etc.). The compliance checks performed by Symmetry DataGuard are more accurate than other compliance configurations running on cloud infrastructure, which is important for organizations in highly regulated industries.

Take-out

A good data security posture reduces the attack surface and explosion radius of an organization’s data. Achieving and maintaining a good data security posture requires a detailed understanding of the data itself, the identities that have access to it, the controls that protect it, and the oversight of operations performed. Leading platforms like Symmetry DataGuard can maintain data inventories, monitor operations and activities, and check secure data security configurations and compliance so you can provide evidence-based data security.

If you would like to learn more about Symmetry Systems and its data security posture management solution, Symmetry DataGuard, you can request a demo at Symmetry-Systems.com.

Did you enjoy this article? Follow Hacker News twitter Visit LinkedIn for more exclusive content.

1Gartner, “Cool Vendors in Data Security — Secure and Accelerate Advanced Use Cases” (Joerg Fritsch, Andrew Bales, Ravisha Chugh, Brian Lowans, Mark Horvath, 19 Apr 2022).

Gartner Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, either express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the United States and abroad. Hype Cycle and Cool Vendors are registered trademarks of Gartner, Inc. and/or its affiliates and are used herein with permission. all rights reserved.