5 Key Takeaways from the Gartner® Hype Cycle™ For Data Security, 2023
Introduction
Last month, Gartner released the new “Hype Cycle for Data Security, 2023”, written by Brian Lowans.
This year, even more than the last, data security has become a significant concern for security leaders around the globe, especially with the introduction of GenAI.
In this year’s Hype Cycle, Gartner continues to cover DSPM and to analyze other related categories such as data security platforms (DSPs) and multi-cloud DAM.
These are my main takeaways from this year’s report:
1. Data Classification and Data Lineage Are Still Significant Challenges for Organizations
“There are huge challenges relating to data observability and data lineage when it comes to discovering sensitive data and creating consistent categorizations and classifications”
With Flow:
To have a truly effective data protection strategy, teams need a solution that can reveal the type of data they have (PHI, PII, financial, etc..) and where it’s stored.
With Flow, Security teams can automatically discover and classify structured and unstructured sensitive data in managed, unmanaged, and unmanageable data stores.
The combination of scanning data at rest, analyzing logs, and classifying data in runtime provides unparalleled coverage for security and compliance risks.
Flow is the only DSPM solution that has supercharged its classification technology with Large Language Models (LLMs). As a result, the solution can now identify over 150 distinct data types with up to 50 times more accuracy than non-LLM alternatives.
2. Once Again, Gartner Emphasizes the Importance of Data Flow Analysis
“DSPM uniquely discovers shadow data by creating and analyzing a data map and data flow to identify data locations and user access to data.”
With Flow:
By analyzing the data payload as it flows through the application environment, security teams can get to the root causes of data leakages and potential risks. Because payload analysis follows data in real time, it uncovers data journeys that could not have been foreseen ahead of time. Flow goes beyond known data sources and reveals the most important piece of the puzzle – what you don’t know you don’t know.
Payload analysis is also particularly powerful because it provides context. It doesn’t just show you that data has moved from point A to B, it also reveals how the data was generated, by whom, when, and for what purpose.
These capabilities allow engineers to remediate and solve problems directly with the asset owner. Without real-time data flow analysis, none of this would have been possible, making Flow the only solution to solve these impossible challenges.
3. Data Posture Analysis Requires Tackling Specific Privacy Use Cases
“As data proliferates across the cloud, organizations must identify privacy and security risks with a single product.”
With Flow:
Data is everywhere, and as such companies need a strong solution that can track their data from end-to-end, uncover privacy violations and reliably flag risk.
Flow allows companies to enhance their security posture with a few simple steps:
1. Automate evidence collection for HIPAA, GDPR, CCPA, and PDP bill.
2. Set and enforce policies for data misplacements through different geolocations and networks.
3. Identify and remediate the regulatory risks associated with relevant sensitive data.
4. The Lack of Third-Party Integrations by DSPM Vendors Creates Remediation Challenges
“Currently, DSPM products will integrate with a limited set of third-party security products, leading to difficulty in orchestrating the output analytics across those products. There is no standard way to remediate issues identified, and approaches vary”
With Flow:
We believe integration with existing remediation workflows is critical for any product’s proper adoption. Without it, you get yet another product that flags a cascade of risks that security teams can’t do anything with.
Flow is committed to eliminating this type of experience. The solution is designed to integrate with both webhooks and APIs as well as your existing product stack: SOARs, ticketing systems, and communication tools.
5. Generative AI Compromises Sensitive data
“Data security strategies and technologies also need to adapt to the risks of access to data by generative AI.”
With Flow:
Security teams can empower dev and business teams to work freely with GenAI services without compromising data security posture. Flow is designed to discover sensitive data that flows to all GenAI-based services. This includes both unauthorized services, as well as authorized services that received data they shouldn’t have.
With Flow’s approach and solution, you can, by design, support your business for GenAI use cases, and you can do so without downloading any additional or specific plug-in or extension. Read more here.
Gartner disclaimer
GARTNER and Hype Cycle are registered trademarks and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner® does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner® research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner® disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
