DSPM (Data Security Posture Management).

A class of tools that discover, classify, and continuously monitor sensitive data across multi-cloud, SaaS, and data-lake environments, then surface posture risk such as exposed PII or over-permissioned datasets. Es gehört zur Kategorie Cloud-Sicherheit der Cybersicherheit.

A class of tools that discover, classify, and continuously monitor sensitive data across multi-cloud, SaaS, and data-lake environments, then surface posture risk such as exposed PII or over-permissioned datasets.

Data Security Posture Management (DSPM) emerged as a recognized category around 2022 to cover what CSPM and DLP missed: the data itself. A DSPM platform crawls cloud storage (S3, GCS, Azure Blob), databases (RDS, BigQuery, Snowflake, Redshift), data lakes, SaaS apps (Drive, Box, Salesforce), and unstructured stores, then classifies what's there (PII, PHI, payment card, source code, secrets) and links each data store to its access graph — which IAM principals, applications, and humans can reach it, and how. The output is a posture view: 'this Snowflake database contains EU PII, is accessible by a service account whose key is also in a public Lambda environment variable, and has not been read in 14 months.' DSPM features overlap with CSPM (configuration), CIEM (identities), and traditional DLP (egress), and the categories are converging into broader CNAPP and 'data-first' security platforms. Vendors in the space include Cyera, Dig (acquired by Palo Alto Networks), Sentra, BigID, Rubrik (Laminar), Wiz Data Security, and Symmetry.

Schutzmaßnahmen gegen DSPM (Data Security Posture Management) kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.

Übliche alternative Bezeichnungen: Data Security Posture Management, Cloud data security.