{"id":5423,"date":"2024-09-23T09:00:00","date_gmt":"2024-09-23T14:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/data-security-posture-management-accelerating-time-value"},"modified":"2024-09-23T09:00:00","modified_gmt":"2024-09-23T14:00:00","slug":"data-security-posture-management-accelerating-time-to-value","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/09\/23\/data-security-posture-management-accelerating-time-to-value\/","title":{"rendered":"Data Security Posture Management: Accelerating Time to Value"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

COMMENTARY<\/span><\/span><\/p>\n

When it comes to your sensitive data, not knowing where your crown jewels are located and ensuring they are adequately secured can have catastrophic consequences. <\/span>Data resilience<\/a><\/span> is the subset of <\/span>cyber resilience<\/a><\/span> focused on an organization’s data assets. Security teams need a strategic approach to data resilience \u2014 understanding where their sensitive data stores are located and what’s inside \u2014 to effectively secure their data. <\/span><\/p>\n

Data discovery and classification are foundational for data security, data governance, and data protection (backup and recovery). You can’t secure what you don’t know exists (discovery), and you need to know what is inside a data store (classification) to take appropriate action to mitigate your risk. <\/span><\/p>\n

My latest <\/span>Enterprise Strategy Group research<\/a><\/span>, conducted with my colleague Jon Brown, explores how enterprises are ensuring data resilience, which is the intersection of data security posture management (DSPM), data security (hardening data with encryption, masking, etc.), data protection (backup and recovery), and data governance. We surveyed 370 IT and cybersecurity professionals from midmarket and enterprise companies about data resilience and DSPM. In the fast-evolving DSPM space, the research found that the first phase of a DSPM deployment to locate, categorize, and establish policies around sensitive data took less than six months for 76% of the respondents, with the largest cluster being four to six months for more than 40% of those responding. <\/span><\/p>\n

DSPM vendors differentiate themselves on the time to value (TTV) for their offerings, and the different technologies probably have a significant impact on TTV. Implementing DSPM is like any other project in combining people, process, and technology. Much of the time required to operationalize a technology deployment comes from the people and process side of the equation. While the TTV varies, in talking to various chief information security officers (CISOs) and vendors, we found that the typical steps in a project are:<\/span><\/p>\n

\n