In the good old days, the most sensitive data was protected on-premises, but as of last year, 94 percent of enterprises are using cloud services. Artificial intelligence and machine learning (AI/ML) is fueling the need for more data and more access to it for modeling. Microservices send data everywhere. That makes it imperative that you master cloud data security.
Analysts and other consultants play a major role in consolidation and most of them speak in abbreviations without a second thought. But when, according to a Gartner study, 78% of CISOs say they have 16 or more cybersecurity tools, and 12% have 46 or more. If they ever hope to make these effective ir, better yet, consolidate them, getting a handle on the acronyms is a good place to start. Especially when the same study reported 80% of CISOs are considering or executing a consolidation strategy.
The DHS/NCCIC Acronyms List currently includes 609 industry acronyms making it difficult for even experts to read analyst reports without a glossary. But that doesn’t even cover cloud data security, which has its own list of acronyms that aren’t even on DHS’s list yet. You can be sure they are #1 on an attacker’s list, however.
Getting organized
Acronyms are often used to organize our thoughts, consider our options, and guide the tactical execution of security strategy. Here’s our cheat sheet of common acronyms for cloud data security:
DSPM – Data Security Posture Management shows everything affecting security posture including where sensitive data is in your cloud environment, who can access it, and risks to sensitive data.
CSPM – Cloud Security Posture Management is focused on infrastructure security and checking for misconfigured resources. While a CSPM is helpful for discovering resources that store data, it is similar to network security/endpoint security frameworks where data security is not the core purpose.
DLP – Data Loss Prevention protects sensitive data from unauthorized or nefarious use or theft by identifying and classifying the data, and performing other protective actions based on policy. There are several tools that can help with this. However, many experts consider DLP useful for on-premises data but hard to implement in hybrid multi-cloud environments.
DDR – Data Detection and Response is the cloud version of DLP. It provides dynamic monitoring of log analytics to detect data risks as they occur and generate alerts to guide response and remediation. Proponents say it supplements “static” features of CSPM and DSPM but some claim DSPM is dynamic making DDR redundant.
DAM – Database Activity Monitoring uses behavior analytics and other tools to detect and identify unauthorized and potentially fraudulent behavior with sensitive data. Unfortunately for DAM, cloud-resident sensitive data resides in more virtual places than a structured database.
CWPP — Cloud Workload Protection Platform is a security mechanism to protect the attack surface. Its goal is to protect the processes and resources that support an application. Securing workload in the cloud can be difficult with workloads being passed between multiple hosts and vendors.
CASB — Cloud Access Security Broker secures offsite hosted applications including traffic between the on-premises infrastructure and the offsite infrastructure. Some of the challenges with managing traffic include accidental data exposure and malicious intent to steal information. A CASB helps solve these problems by instituting a broker that sits between end-users and cloud systems.
CIEM — Cloud Infrastructure Entitlement Management manages threats caused by application services with excessive permissions. These services might leak access to sensitive data, execute a malicious attack, reconfigure network settings or gain access to other identities. Also referred to as Cloud Entitlements Management or Cloud Permissions Management, CIEM solutions help organizations defend against risks posed by excessive cloud permissions.
CNAPP — Cloud-Native Application Protection Platform is the convergence of methodologies from CSPM and CWPP. According to Gartner, “There is synergy in combining CWPP and CSPM capabilities, and multiple vendors are pursuing this strategy. The combination will create a new category of Cloud-Native Application Protection (CNAPs) that scan workloads and configurations in development and protect workloads and configurations at runtime.” Gartner recognized the expanding needs that go into securing applications in the cloud. CNAPP solutions aim to address workload and configuration security by scanning them in development and protecting them at runtime.
CIAM — Cloud Identity Access Management helps organizations manage human identities. It is how companies give users access to applications. The proliferation of web-based apps means users have multiple channels for interacting with a company’s systems. Common channels include mobile devices, partner applications, and IoT devices.
IAM — Identity and access management ensures end users have access to data and systems with the appropriate permissions. The complexity of distributed applications makes implementing IAM a challenging task but the right tools can ease that task.
The right tools
It’s perfectly reasonable to lean on cloud data security acronyms and data security vendors encourage this behavior. But as you consider your organization’s cloud data security posture and its improvement, focus on the outcomes, not the tools. Let the acronyms help, not determine what your organization needs to continuously secure cloud-resident sensitive data.
Gautam Kanaparthi, vice president and head of product at Normalyze, helped put this article together.