A Data Security Portfolio (DSP) is a category of security products that replaces traditionally disparate security tools.
Many vendors offer multiple data security products as part of their portfolio, but the integration between them is non-existent or loose. Data Security Portfolios that are fully integrated are often called Data Security Platforms.
Get the Free Pen Testing Active Directory Environments EBook
DSPs combine data protection capabilities such as sensitive data discovery, data access governance, user behavior analytics, advanced threat detection, activity monitoring, and compliance reporting, and integrate with adjacent security technologies.
They also provide a single management interface to allow security teams to centrally orchestrate their data security controls and uniformly enforce policies across a variety of data repositories, on-premises and in the cloud.
The Rise of the Data Security Platform
A rapidly evolving threat landscape, rampant data breaches, and increasingly rigorous compliance requirements have made managing and protecting data more difficult than ever. Exponential data growth across multiple silos has created a compound effect that has made the disparate tool approach untenable. Siloed tools often result in inconsistently applied data security policies.
Many organizations are finding that simply increasing IT security spend doesn’t necessarily correlate to better overall data security. How much you spend isn’t as important as what you spend it on and how you use what you buy.
“Expense in depth” hasn’t been working. As a result, CISOs are aiming to consolidate and focus their IT spend on platforms over products to improve their enterprise-wide security posture, simplify manageability, streamline processes, and control costs.
According to Gartner, “By 2020, data-centric audit and protection products will replace disparate siloed data security tools in 40% of large enterprises, up from less than 5% today.”
What are the benefits of a Data Security Platform?
There are clear benefits to consolidation which are generally true in all facets of technology, not just information security:
- Easier to manage and maintain
- Easier to coordinate strategy
- Easier to train new employees
- Fewer components to patch and upgrade
- Fewer vendors to deal with
- Fewer incompatibilities
- Lower costs from retiring multiple point solutions
In information security, context is king. And context is enhanced drastically when products are integrated as part of a unified platform.
As a result, the benefits of a Data Security Platform are pronounced:
- By combining previously disparate functions, DSPs have more context about data sensitivity, access controls, and user behavior, and can therefore paint a more complete picture of a security incident and the risk of potential breaches.
- The total cost of ownership (TCO) is lower for a DSP than for multiple, hard-to-integrate point solutions.
- In general, platform technologies have the flexibility and scalable architecture to accommodate new data stores and add new functionality when required, making the investment more durable
- Maintaining compatibility between multiple data security products can be a massive challenge for security teams.
- DSPs often result in an OpEx reduction because the security teams are dealing with fewer vendors and maintaining, tuning, and upgrading fewer products.
- Capex reduction by retiring point solutions
- CISOs want to be able to apply their data security strategy consistently across data silos and easily measure results.
Why context is essential to threat detection
What happens when your tools lack context?
Let’s take a standalone data loss prevention (DLP) product as an example.
Upon implementing DLP it is not uncommon to have tens of thousands of “alerts” about sensitive files. Where do you begin? How do you prioritize? Which incident in the colossal stack represents a significant risk that warrants your immediate, undivided attention?
The challenge doesn’t stop here. Pick an incident/alert at random – the sensitive files involved may have been auto-encrypted and auto-quarantined, but what comes next? Who has the knowledge and authority to decide the appropriate access controls? Who are we now preventing from doing their jobs? How and why were the files placed here in the first place?
DLP solutions by themselves provide very little context about data usage, permissions, and ownership, making it difficult for IT to proceed with sustainable remediation. IT is not qualified to make decisions about accessibility and acceptable use on its own; even if it were, it is not realistic to make these kinds of decisions for each and every file.
You can see a pattern forming here – with disparate products we often end up with excellent questions, but we urgently need answers that only a DSP can provide.
Which previously standalone technologies does a Data Security Platform include?
- Data Classification & Discovery
- Where is my sensitive data?
- What kind of sensitive, regulated data do we have? (e.g., PCI, PII, GDPR)
- How should I prioritize my remediation and breach detection efforts? Which data is out of scope?
- Permissions Management
- Where is my sensitive data overexposed?
- Who has access to sensitive information they don’t need?
- How are permissions applied? Are they standardized? Consistent?
- User Behavior Analytics
- Who is accessing data in abnormal ways?
- What is normal behavior for a given role or account?
- Which accounts typically run automated processes? Which access critical data? Executive files and emails?
- Advanced Threat Detection & Response
- Which data is under attack or potentially being compromised by an insider threat?
- Which user accounts have been compromised?
- Which data was actually taken, if any?
- Who is trying to exfiltrate data?
- Auditing & Reporting
- Which data was accessed? By whom? When?
- Which files and emails were accessed or deleted by a particular user?
- Which files were compromised in a breach, by which accounts, and exactly when were they accessed?
- Which user made this change to a file system, access controls or group policy, and when?
- Data Access Governance
- How do we implement and maintain a least privilege model?
- Who owns the data? Who should be making the access control decisions for each critical dataset?
- How do I manage joiners, movers, and leavers so only the right people maintain access?
- Data Retention & Archiving
- How do we get rid of toxic data that we no longer need?
- How do we ensure personal data rights (right to erasure & to be forgotten)?
A number of analysts firms have taken note of the Data Security Platform market and have released research reports and market guides to help CISOs and other security decision-makers.
Forrester’s “Expense in Depth” Research
In January 2017, Forrester Consulting released a study, commissioned by Varonis, entitled The Data Security Money Pit: Expense in Depth Hinders Maturity that shows a candy-store approach to data security may actually hinder data protection and explores how a unified data security platform could give security professionals the protection capabilities they desire, including security analytics, classification and access control while reducing costs and technical challenges.
The study finds that a fragmented approach to data security exacerbates many vulnerabilities and challenges, and 96% of these respondents believe a unified approach would benefit them, including preventing and more quickly responding to attempted attacks, limiting exposure and reducing complexity and cost.. The study goes on to highlight specific areas where enterprise data security falls short:
- 62% of respondents don’t know where their most sensitive unstructured data resides
- 66% don’t classify this data properly
- 59% don’t enforce a least privilege model for access to this data
- 63% don’t audit use of this data and alert on abuses
- 93% suffer persistent technical challenges with their current data security approach
Point products may mitigate specific threats, but when used tactically, they undermine more comprehensive data security efforts.
According to the study, “It’s time to put a stop to expense in depth and wrestling with cobbling together core capabilities via disparate solutions.”
Almost 90% of respondents desire a unified data security platform. Key criteria to include in such a platform as selected by the survey respondents include:
- Data classification, analytics and reporting (68% of respondents)
- Meeting regulatory compliance (76% of respondents)
- Aggregating key management capabilities (70% of respondents)
- Improving response to anomalous activity (68% of respondents)
Gartner’s DCAP Market Guide
Gartner released the 2017 edition of their Market Guide for Data-Centric Audit and Protection. The guide’s summary concisely describes the need for a platform approach to data security:
Gartner recommends that organizations “implement a DCAP strategy, and ‘shortlist’ products that orchestrate data security controls consistently across all silos that store the sensitive data.” Further, the report advises, “A vendor’s ability to integrate these capabilities across multiple silos will vary between products and also in comparison with vendors in each market subsegment. Below is a summary of some key features to investigate:”
- Data classification and discovery
- Data security policy management
- Monitoring user privileges and data access activity
- Auditing and reporting
- Behavior analysis, alerting and blocking
- Data protection
Demo the Varonis Data Security Platform
The Varonis Data Security Platform (DSP) protects enterprise data against insider threats, data breaches and cyberattacks by analyzing content, accessibility of data and the behavior of the people and machines that access data to alert on misbehavior, enforce a least privilege model and automate data management functions. Learn more about the Varonis Data Security Platform →
What customers are saying about the Varonis Data Security Platform
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.