Getting Ready for Cloud Data Security Posture Management

  1. Discover where your data is
  2. Detect which data is at risk
  3. Remediate to secure data

Discover where your data is

Discovery of data location is a huge issue because of the nature of agile. In DevOps and model-driven organizations, there is a vastly larger and expanding amount of structured and unstructured data that could be located almost anywhere.

Detect which data is at risk

The second phase of the DSPM is detecting which cloud native data are at risk. A precursor is identifying all systems and related operations running in your organization’s cloud environment. Detecting all infrastructure helps determine what all the access paths are to your data and which paths may require access permission changes or new controls for protection.

Remediate to secure data

Securing the cloud data at risk entails remediating the associated vulnerabilities discovered during the Discovery and Detection phases of DSPM. In legacy scenarios, data security often focused on securing the classic perimeter. But since data has moved vastly beyond this quaint antiquity, it requires addressing a different scope of issues. As mentioned, remediation will frequently need collaboration by a cross-discipline team. Depending on scenarios, the team will need help with network and infrastructure operations, cloud configuration management, identity management, databases, DevOps, and more.

  • Identify where workloads are running
  • Chart relationships between the data and cloud infrastructure and related business processes to discover exploitable paths
  • Verify user and administrator account privileges to find people with over privileged access rights and roles
  • Inspect all public IP addresses related to your cloud accounts for potential hijacking

Getting Started

In reviewing how to prepare for DSPM, alert readers may have already reacted in exasperation: “There’s no way we could do all that with manual processes!” And this would be a correct response! The very essence of agile is spinning up (or down) virtual assets on demand to fulfill functions on the fly. DSPM takes a similar approach by applying automation to processes within each phase.

  • Catalog assets and attributes: Configuration Management Databases (CMDB)
  • Data classification: Data Loss Prevention (DLP) and some PrivacyOps solutions
  • Access management: Software-as-a-Service Security Posture Management (SSPM), Cloud Infrastructure Entitlement Management (CIEM), Database Access Monitoring and file analysis software
  • Risk and vulnerability management: CASB and CNAPP
  • Compliance: PrivacyOps solutions



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



Normalyze is a pioneering provider of cloud data security solutions