I enjoyed reading this, especially as it's the data (app, business and operational) that really matters. Where do you see AISPMs, starting to emerge now as marketecture, intersecting with DSPM solutions as they evolve? Are AI data security needs sufficiently differentiated to require another *PM beyond DSPM?
Good point Ger, I think there are some unique attributes that AI brings that need something above and beyond what is on offer in most toolsets today, that is the short answer. Longer answer, we will tackle in a post soon, and host a call on this in Novemeber (watch this space!)
Thank you for the post. I agree that there is very much the need for another *PM in this case, but for a different reasons. On-prem Data Loss Prevention (DLP) tools do not work in public cloud. The cloud service providers are now deploying the initial data discovery and classification tools to meet some of the customer demand but the tools are nascent. And there are two other capabilities DLP provided: endpoint protection and 'extrusion detection'. The former may not be necessary depending upon a customers cloud operational model, and 'extrusion detection' or the ability to detect where data is moving, and if it is moving out of your environment. This later aspect is a very hard technical challenge, one which requires more than traditional network approaches to solve, and one which Cloud Access Security Brokers (CASB) cannot tackle. There is need for a full complement of DLP tooling in public cloud (IaaS, PaaS) and DSPM is the closest solution set to address those challenges, the customer need is present _today_, and this is likely where the market heads IMO.
One aspect you did not fully flesh out: The cloud vendors attention stops with the data and applications you bring to cloud. Cloud is a shared security model, yes, but the customer must own all aspects of data protection. This is evident in the lack of security capabilities on applications, workloads and data, which is more the customers responsibility. And customers have on-prem tools that do this today that do not translate to cloud, so they are looking for 3rd party help in the data security and data security management capabilities.
Will CSPM subsume DSPM? Likely over time, yes. It's a much bigger market, has a ten (yes, 10) year head start on DSPM, and CSPM vendors will fold in as a competitive differentiator. And CSPM will continue to offer value above the cloud vendors in terms of -- as you mentioned -- multi-cloud security posture consistency, independent verification a cloud platform is configured as it should be, and filling security gaps when platform vendors have prioritized new features over reducing risks with current capabilities.
"customers have on-prem tools that do this today that do not translate to cloud, so they are looking for 3rd party help in the data security and data security management capabilities" sums it up well, and agree there will be continued interest and investment in this space.
I enjoyed reading this, especially as it's the data (app, business and operational) that really matters. Where do you see AISPMs, starting to emerge now as marketecture, intersecting with DSPM solutions as they evolve? Are AI data security needs sufficiently differentiated to require another *PM beyond DSPM?
Good point Ger, I think there are some unique attributes that AI brings that need something above and beyond what is on offer in most toolsets today, that is the short answer. Longer answer, we will tackle in a post soon, and host a call on this in Novemeber (watch this space!)
Thank you for the post. I agree that there is very much the need for another *PM in this case, but for a different reasons. On-prem Data Loss Prevention (DLP) tools do not work in public cloud. The cloud service providers are now deploying the initial data discovery and classification tools to meet some of the customer demand but the tools are nascent. And there are two other capabilities DLP provided: endpoint protection and 'extrusion detection'. The former may not be necessary depending upon a customers cloud operational model, and 'extrusion detection' or the ability to detect where data is moving, and if it is moving out of your environment. This later aspect is a very hard technical challenge, one which requires more than traditional network approaches to solve, and one which Cloud Access Security Brokers (CASB) cannot tackle. There is need for a full complement of DLP tooling in public cloud (IaaS, PaaS) and DSPM is the closest solution set to address those challenges, the customer need is present _today_, and this is likely where the market heads IMO.
One aspect you did not fully flesh out: The cloud vendors attention stops with the data and applications you bring to cloud. Cloud is a shared security model, yes, but the customer must own all aspects of data protection. This is evident in the lack of security capabilities on applications, workloads and data, which is more the customers responsibility. And customers have on-prem tools that do this today that do not translate to cloud, so they are looking for 3rd party help in the data security and data security management capabilities.
Will CSPM subsume DSPM? Likely over time, yes. It's a much bigger market, has a ten (yes, 10) year head start on DSPM, and CSPM vendors will fold in as a competitive differentiator. And CSPM will continue to offer value above the cloud vendors in terms of -- as you mentioned -- multi-cloud security posture consistency, independent verification a cloud platform is configured as it should be, and filling security gaps when platform vendors have prioritized new features over reducing risks with current capabilities.
Good post!
"customers have on-prem tools that do this today that do not translate to cloud, so they are looking for 3rd party help in the data security and data security management capabilities" sums it up well, and agree there will be continued interest and investment in this space.