Proofpoint completes acquisition of Normalyze. Read more.
What is DSPM?

FEATURED

Gartner® Innovation Insight: Data Security Posture Management
Get Report
PLATFORM
The Normalyze Platform
Supported Environments
Platform Benefits
Solution Differentiators
Data Handling for DSPM
USE CASES

Reduce Data Access Risks

Enforce Data Governance
Eliminate Abandoned Data

Secure PaaS Data

Enable Use of AI

DSPM for Snowflake

MARKETS

Healthcare
Retail
Technology
Media
M&A

FEATURED

DSPM Buyer's Guide: Report
DSPM Buyer's Guide

A toolkit to help gather internal DSPM requirements and evaluate vendors

Get Your Copy

FEATURED

CYBER 60: The fastest-growing startups in cybersecurity
Get Report

Scaling Data Security Efficiently: A CISO’s Perspective on DSPM

Renee Guttmann

October 14, 2024

As the CISO for globally recognized brands like Coca-Cola, Royal Caribbean, and Campbell’s, many assumed I led large, robust security teams. However, the reality was quite different. My largest internal team consisted of around 50 full-time employees, with third-party collaborations pushing the total closer to 75. But in most cases, my internal teams were fewer than 30 members. This lean approach allowed us to operate with agility, focusing on maximizing efficiency and outcomes, always mindful of how we used our time and resources.

During the hiring process, I prioritized candidates who demonstrated a deep understanding of network efficiency—not just within their home systems but across the organization. I looked for individuals who avoided duplication, optimized processes, and knew how to leverage both their time and the company’s resources wisely. This expectation extended to our third-party partners as well, who had to be equally committed to efficiency and effectiveness.

Managing Storage Costs and Access Controls

At one organization, I spearheaded a major initiative to evaluate our internal and cloud-based data storage. In the wake of significant personnel changes and rising cloud storage costs, we faced several challenges. The organization had limited visibility into its data landscape, struggled with access controls, and exhibited hesitance around data deletion, fearing that something might be needed later. The problem was compounded by soaring monthly cloud storage costs, which central IT struggled to manage.

We brought in a third-party consulting firm to help define our requirements—a costly but necessary move at the time. This was before solutions like Data Security Posture Management (DSPM) were widely available. Today, DSPM provides the insights and controls needed to manage these kinds of risks much more effectively. Solutions like DSPM help organizations understand their data landscape, track sensitive data across environments, and enforce access controls without the need to rely solely on external resources. Many of the risks we encountered—uncontrolled storage growth, unclear data ownership, and access vulnerabilities—are exactly what DSPM addresses today.

Data Security Informed by Research

Now, organizations have access to research and guidance from industry leaders and solution providers, which can inform their approach to DSPM. While third-party consultation can be valuable, I believe starting with the right resources can help shape the direction before bringing in external help. There are plenty of comprehensive guides available—many of which I’ve reviewed—that provide clear direction for implementing DSPM solutions.

Evaluation Tools

One such resource is the DSPM Buyer’s Guide produced by Normalyze, which is vendor-neutral. Even though it was created by Normalyze, it incorporates the combined insights from every RFP they received over the last 12 months. This comprehensive approach makes it a highly valuable tool for any organization looking to evaluate their data security posture management needs, regardless of which vendor they ultimately choose.

In full transparency, I consult with Normalyze, ensuring their go-to-market is aligned with real-world needs of CISOs. Take a look at the Buyer’s Guide and share your feedback!

 

Renee Guttmann

Renee Guttmann is an accomplished global information security and privacy executive. With extensive information security and privacy expertise spanning a 30-year career, she was the first CISO at Coca-Cola, Royal Caribbean, and Time Warner Inc. She has received several awards for leadership and support for Women in Cybersecurity and is a serial early-stage adopter of cybertechnology solutions. In April 2022, she founded CisoHive to provide guidance on how CISOs and solution providers can better address the cybersecurity challenges of the future.