DSPM (Data Security Posture Management).

A class of tools that discover, classify, and continuously monitor sensitive data across multi-cloud, SaaS, and data-lake environments, then surface posture risk such as exposed PII or over-permissioned datasets. It belongs to the Cloud Security category of cybersecurity.

A class of tools that discover, classify, and continuously monitor sensitive data across multi-cloud, SaaS, and data-lake environments, then surface posture risk such as exposed PII or over-permissioned datasets.

Data Security Posture Management (DSPM) emerged as a recognized category around 2022 to cover what CSPM and DLP missed: the data itself. A DSPM platform crawls cloud storage (S3, GCS, Azure Blob), databases (RDS, BigQuery, Snowflake, Redshift), data lakes, SaaS apps (Drive, Box, Salesforce), and unstructured stores, then classifies what's there (PII, PHI, payment card, source code, secrets) and links each data store to its access graph — which IAM principals, applications, and humans can reach it, and how. The output is a posture view: 'this Snowflake database contains EU PII, is accessible by a service account whose key is also in a public Lambda environment variable, and has not been read in 14 months.' DSPM features overlap with CSPM (configuration), CIEM (identities), and traditional DLP (egress), and the categories are converging into broader CNAPP and 'data-first' security platforms. Vendors in the space include Cyera, Dig (acquired by Palo Alto Networks), Sentra, BigID, Rubrik (Laminar), Wiz Data Security, and Symmetry.

Defences for DSPM (Data Security Posture Management) typically combine technical controls and operational practices, as detailed in the full definition above.

Common alternative names include: Data Security Posture Management, Cloud data security.