Tracking down sensitive data across your cloud estate can be vexing. By their very nature, cloud computing is dynamic and ephemeral. Cloud data is easily created, deleted or moved around. Correspondingly, the cloud attack surface area is equally dynamic, making protection measures more difficult. Over the past few years, a group of tools called data security posture management (DSPM) have been developed to discover both known  and unknown data, provide some structure and manage the security and privacy risks of its potential exposure. In my post for CSOonline today, I look at a dozen different tools from Concentric AI, Cyera, Eureka Security, Normalyze, OneTrust, Palo Alto Networks, IBM, Securiti, Sentra, Symmetry Systems, Varonis and Wiz. (A summary comparison table can be found here.)

These tools will require a significant amount of staffing resources to evaluate because they touch so many different aspects of an enterprise’s IT infrastructure. And that is a good thing, because you want them to seek out and find data no matter under what digital rock they could be hiding. So having a plan that prioritizes which data is most important will help focus your evaluation. Also a good thing is to document how each DSPM creates its data map and how to interpret it and subsequent dashboards. Finally, you should understand the specific cloud services that are covered and which ones are on the vendor’s near-term product roadmap too.