DSPM (Data Security Posture Management)
¿Qué es DSPM (Data Security Posture Management)?
DSPM (Data Security Posture Management)A class of tools that discover, classify, and continuously monitor sensitive data across multi-cloud, SaaS, and data-lake environments, then surface posture risk such as exposed PII or over-permissioned datasets.
Data Security Posture Management (DSPM) emerged as a recognized category around 2022 to cover what CSPM and DLP missed: the data itself. A DSPM platform crawls cloud storage (S3, GCS, Azure Blob), databases (RDS, BigQuery, Snowflake, Redshift), data lakes, SaaS apps (Drive, Box, Salesforce), and unstructured stores, then classifies what's there (PII, PHI, payment card, source code, secrets) and links each data store to its access graph — which IAM principals, applications, and humans can reach it, and how. The output is a posture view: 'this Snowflake database contains EU PII, is accessible by a service account whose key is also in a public Lambda environment variable, and has not been read in 14 months.' DSPM features overlap with CSPM (configuration), CIEM (identities), and traditional DLP (egress), and the categories are converging into broader CNAPP and 'data-first' security platforms. Vendors in the space include Cyera, Dig (acquired by Palo Alto Networks), Sentra, BigID, Rubrik (Laminar), Wiz Data Security, and Symmetry.
● Ejemplos
- 01
A DSPM scan finds an S3 bucket containing customer payment-card exports, with public read enabled and last-touched four months ago.
- 02
DSPM-driven alerts replace quarterly access reviews by continuously flagging shadow copies of regulated data in non-production environments.
● Preguntas frecuentes
¿Qué es DSPM (Data Security Posture Management)?
A class of tools that discover, classify, and continuously monitor sensitive data across multi-cloud, SaaS, and data-lake environments, then surface posture risk such as exposed PII or over-permissioned datasets. Pertenece a la categoría de Seguridad en la nube en ciberseguridad.
¿Qué significa DSPM (Data Security Posture Management)?
A class of tools that discover, classify, and continuously monitor sensitive data across multi-cloud, SaaS, and data-lake environments, then surface posture risk such as exposed PII or over-permissioned datasets.
¿Cómo funciona DSPM (Data Security Posture Management)?
Data Security Posture Management (DSPM) emerged as a recognized category around 2022 to cover what CSPM and DLP missed: the data itself. A DSPM platform crawls cloud storage (S3, GCS, Azure Blob), databases (RDS, BigQuery, Snowflake, Redshift), data lakes, SaaS apps (Drive, Box, Salesforce), and unstructured stores, then classifies what's there (PII, PHI, payment card, source code, secrets) and links each data store to its access graph — which IAM principals, applications, and humans can reach it, and how. The output is a posture view: 'this Snowflake database contains EU PII, is accessible by a service account whose key is also in a public Lambda environment variable, and has not been read in 14 months.' DSPM features overlap with CSPM (configuration), CIEM (identities), and traditional DLP (egress), and the categories are converging into broader CNAPP and 'data-first' security platforms. Vendors in the space include Cyera, Dig (acquired by Palo Alto Networks), Sentra, BigID, Rubrik (Laminar), Wiz Data Security, and Symmetry.
¿Cómo defenderse de DSPM (Data Security Posture Management)?
Las defensas contra DSPM (Data Security Posture Management) combinan habitualmente controles técnicos y prácticas operativas, como se detalla en la definición.
¿Cuáles son otros nombres para DSPM (Data Security Posture Management)?
Nombres alternativos comunes: Data Security Posture Management, Cloud data security.
● Términos relacionados
- cloud-security№ 280
CSPM (Cloud Security Posture Management)
Categoría de herramientas que evalúan continuamente las cuentas de nube frente a buenas prácticas y normativas para detectar y corregir configuraciones incorrectas.
- cloud-security№ 187
CIEM (Cloud Infrastructure Entitlement Management)
Disciplina y categoría de herramientas que descubre, analiza y ajusta las identidades y permisos existentes dentro de los entornos cloud.
- privacy№ 306
Clasificación de datos
Proceso de etiquetar la información según su sensibilidad y valor para aplicar de forma coherente los controles de protección, tratamiento y retención adecuados.
- cloud-security№ 214
CNAPP (Cloud-Native Application Protection)
Plataforma integrada que combina CSPM, CWPP, CIEM, escaneo de IaC y detección en runtime para proteger aplicaciones nativas en la nube de build a producción.
- privacy№ 308
Prevención de Pérdida de Datos (DLP)
Conjunto de tecnologías y políticas que detectan y bloquean la exfiltración no autorizada de datos sensibles en endpoints, redes, correo y servicios en la nube.
- cloud-security№ 204
Exfiltracion de datos en la nube
Copia o transferencia no autorizada de datos fuera de una cuenta cloud, habitualmente mediante APIs de almacenamiento, snapshots, replicacion o cuentas controladas por el atacante.