Proofpoint completes acquisition of Normalyze. Read more.
What is DSPM?

FEATURED

Gartner® Innovation Insight: Data Security Posture Management
Get Report
PLATFORM
The Normalyze Platform
Supported Environments
Platform Benefits
Solution Differentiators
Data Handling for DSPM
USE CASES

Reduce Data Access Risks

Enforce Data Governance
Eliminate Abandoned Data

Secure PaaS Data

Enable Use of AI

DSPM for Snowflake

MARKETS

Healthcare
Retail
Technology
Media
M&A

FEATURED

DSPM Buyer's Guide: Report
DSPM Buyer's Guide

A toolkit to help gather internal DSPM requirements and evaluate vendors

Get Your Copy

FEATURED

CYBER 60: The fastest-growing startups in cybersecurity
Get Report

CSPM vs. DSPM

What is the difference between CSPM and DSPM?

CSPM seeks to improve the security of cloud infrastructure.

DSPM uses context-aware strategies to provide visibility and security to your data across all your environments.

Cloud Security Posture Management (CSPM) is designed to secure multi-cloud infrastructure by managing identity and access, network security, and configuration settings across cloud platforms. While CSPM provides essential protection for the cloud infrastructure, its focus on configuration means it often falls short of fully safeguarding sensitive data, especially in complex, hybrid environments. 

This is where Data Security Posture Management (DSPM) comes in, adding an additional layer focused specifically on identifying, classifying, and protecting sensitive data across all locations—ensuring comprehensive visibility and security for data wherever it resides.

YouTube video

Differences:

CSPM vs DSPM

  • CSPM is all about finding misconfigurations in cloud resources.
  • DSPM is all about protecting what matters and what attackers target – data. 

1

Technical Challenges
CSPM tackles a well-known problem. Not only are there multiple proprietary solutions but open-source projects as well. DSPM puts data first with an understanding that data is inherently diverse and is hard to understand.

2

Gaps
  A key difference between DSPM and CSPM is context. CSPM does not include context, while DSPM is all about what’s important (data) and all the context around it. Example: if a datastore contains sensitive data and access is restricted, it’s relatively safe. If an open S3 bucket contains cached images, it’s perfectly safe. DSPM can tell the difference, while CSPM cannot.

3

Operational Challenge
CSPM produces hundreds of thousands of alerts for a medium-sized organization. DSPM produces all these findings, connects the dots, and bubbles up only those risks that involve high impact and high likelihood of data breach within your org. This functionality significantly reduces the distracting alert noise.

4

Data
CSPM solutions do not discover data while DSPM starts with data, expands into access, and identifies all risks. 

5

Coverage
  CSPM handles IaaS but does not address on-premises data stores, private clouds, PaaS, and SaaS. DSPM can protect data that is spread across all these environments. Importantly, the data itself does not leave its native environment.

6

Access Governance

CUSTOMER FAVORITE

A CSPM solution does not uncover who has access to which resource or specific permissions. On the other hand, DSPM understands various access relationships and permission levels to protect data and enforce the principle of least privilege.
Resources
esg-cloud-data-security-2023
YouTube video

DSPM Focuses on
the Data

A key component of understanding the difference between DSPM and CSPM is seeing the unique process of how DSPM finds and secures sensitive data. The DSPM approach addresses data security by integrating five broad dimensions: data discovery, data classification, access management, risk and vulnerability management, and compliance.

For example, where CSPM controls the posture of data stored in Snowflake (such as in an S3 bucket on AWS), it does not provide visibility on who can or has queried that data. Instead, DSPM works from the left by providing visibility into the Snowflake instance and from the right to maintain the security posture of the data within the cloud datastore.

Such a holistic picture of data security eludes the infrastructure focus of CSPM.

The Future of CSPM

The controls for CSPM have conceptual roots in traditional on-premises IT security architecture. So, it’s a comfortable model for cloud security architects. But organizations are understanding the essential distinctions between CSPM and DPSM and the need to shift their priority to focus on sensitive data first quickly – identifying everywhere it is, who is accessing the data, and where it’s being moved, processed, and stored.

DSPM’s integrated dimensions of security and compliance are essential for this process and will become the primary approach with CSPM’s subset of supporting elements.