DSPM (Data Security Posture Management)
Qu'est-ce que DSPM (Data Security Posture Management) ?
DSPM (Data Security Posture Management)A class of tools that discover, classify, and continuously monitor sensitive data across multi-cloud, SaaS, and data-lake environments, then surface posture risk such as exposed PII or over-permissioned datasets.
Data Security Posture Management (DSPM) emerged as a recognized category around 2022 to cover what CSPM and DLP missed: the data itself. A DSPM platform crawls cloud storage (S3, GCS, Azure Blob), databases (RDS, BigQuery, Snowflake, Redshift), data lakes, SaaS apps (Drive, Box, Salesforce), and unstructured stores, then classifies what's there (PII, PHI, payment card, source code, secrets) and links each data store to its access graph — which IAM principals, applications, and humans can reach it, and how. The output is a posture view: 'this Snowflake database contains EU PII, is accessible by a service account whose key is also in a public Lambda environment variable, and has not been read in 14 months.' DSPM features overlap with CSPM (configuration), CIEM (identities), and traditional DLP (egress), and the categories are converging into broader CNAPP and 'data-first' security platforms. Vendors in the space include Cyera, Dig (acquired by Palo Alto Networks), Sentra, BigID, Rubrik (Laminar), Wiz Data Security, and Symmetry.
● Exemples
- 01
A DSPM scan finds an S3 bucket containing customer payment-card exports, with public read enabled and last-touched four months ago.
- 02
DSPM-driven alerts replace quarterly access reviews by continuously flagging shadow copies of regulated data in non-production environments.
● Questions fréquentes
Qu'est-ce que DSPM (Data Security Posture Management) ?
A class of tools that discover, classify, and continuously monitor sensitive data across multi-cloud, SaaS, and data-lake environments, then surface posture risk such as exposed PII or over-permissioned datasets. Cette notion relève de la catégorie Sécurité du cloud en cybersécurité.
Que signifie DSPM (Data Security Posture Management) ?
A class of tools that discover, classify, and continuously monitor sensitive data across multi-cloud, SaaS, and data-lake environments, then surface posture risk such as exposed PII or over-permissioned datasets.
Comment fonctionne DSPM (Data Security Posture Management) ?
Data Security Posture Management (DSPM) emerged as a recognized category around 2022 to cover what CSPM and DLP missed: the data itself. A DSPM platform crawls cloud storage (S3, GCS, Azure Blob), databases (RDS, BigQuery, Snowflake, Redshift), data lakes, SaaS apps (Drive, Box, Salesforce), and unstructured stores, then classifies what's there (PII, PHI, payment card, source code, secrets) and links each data store to its access graph — which IAM principals, applications, and humans can reach it, and how. The output is a posture view: 'this Snowflake database contains EU PII, is accessible by a service account whose key is also in a public Lambda environment variable, and has not been read in 14 months.' DSPM features overlap with CSPM (configuration), CIEM (identities), and traditional DLP (egress), and the categories are converging into broader CNAPP and 'data-first' security platforms. Vendors in the space include Cyera, Dig (acquired by Palo Alto Networks), Sentra, BigID, Rubrik (Laminar), Wiz Data Security, and Symmetry.
Comment se défendre contre DSPM (Data Security Posture Management) ?
Les défenses contre DSPM (Data Security Posture Management) combinent habituellement des contrôles techniques et des pratiques opérationnelles, comme détaillé dans la définition ci-dessus.
Quels sont les autres noms de DSPM (Data Security Posture Management) ?
Noms alternatifs courants : Data Security Posture Management, Cloud data security.
● Termes liés
- cloud-security№ 280
CSPM (Cloud Security Posture Management)
Catégorie d'outils qui évaluent en continu les comptes cloud par rapport aux bonnes pratiques et référentiels de conformité afin de détecter et corriger les mauvaises configurations.
- cloud-security№ 187
CIEM (Cloud Infrastructure Entitlement Management)
Discipline et catégorie d'outils qui découvrent, analysent et calibrent les identités et permissions présentes dans les environnements cloud.
- privacy№ 306
Classification des données
Processus d'étiquetage des données selon leur sensibilité et leur valeur, afin d'appliquer de manière cohérente les contrôles de protection, de manipulation et de conservation.
- cloud-security№ 214
CNAPP (Cloud-Native Application Protection)
Plateforme de sécurité intégrée combinant CSPM, CWPP, CIEM, scan d'IaC et détection runtime pour protéger les applications cloud-native du build à la production.
- privacy№ 308
Prévention des pertes de données (DLP)
Ensemble de technologies et de politiques qui détectent et bloquent l'exfiltration non autorisée de données sensibles sur les postes, le réseau, la messagerie et le cloud.
- cloud-security№ 204
Exfiltration de donnees cloud
Copie ou transfert non autorise de donnees hors d'un compte cloud, souvent via APIs de stockage, snapshots, replication ou comptes controles par l'attaquant.