Navigating the Future of Data Security: 5 Key Takeaways from Gartner’s Summit

Introduction

Earlier this month, I attended for the first time a US Gartner Summit. Although its name indicates its focus on security and risk management, there was a third dominant topic in almost every presentation – data. And that is no coincidence. The cyber security field has seen only a handful of markets progress as quickly as the data security industry has in recent months, a rapid evolution that’s attracting every security practitioner’s attention.

Among the many speakers, the insights shared by the analyst Andrew Bales during his talks, “The State of Public Cloud Data Security” and “Outlook for Data Security,” stood out for their depth and relevance. These discussions didn’t just paint a picture of our industry’s reality, they also underscored the urgency of adapting our strategies to respond to new challenges and opportunities.

In this post, I will share my five key takeaways from Bales’ presentations. These points will explore the evolution of data security practices, the emerging threats, and the promising solutions on the horizon. Whether you’re an industry professional or simply interested in understanding the trends and changes in data security, these takeaways offer some insights into the future of our market.

Takeaway 1: Evolution of Data Security Toolbox for New Environments

As Bales argued in his talks, companies’ data environment isn’t static. It has been going through radical transformations in recent years. With the fast adoption of new technologies, especially the public cloud and SaaS, data is more fragmented than ever, in continuously changing environments. These changes require a new set of tools, which Bales describes as “The New Data Security Toolbox”.

Foremost among these new tools is the Data Security Posture Management (DSPM). As our digital interactions multiply and data generation rates increase, DSPM emerges as a crucial component of the toolbox, providing a comprehensive view of the entire data security posture of an organization. It helps identify vulnerabilities, manage risks, and ensure regulatory compliance, thereby establishing itself as a cornerstone of the modern data security infrastructure.

This change isn’t a matter of mere preference; it’s a strategic necessity. The pace at which data breaches occur today is alarming, with threats evolving as quickly as the technology itself. In this context, relying on traditional tools would be akin to bringing a knife to a gunfight. The emergence of DSPM, among other modern security tools, signals an industry-wide acknowledgment that we must match our defenses to the sophistication of the threats we face.

Takeaway 2: The Realization of Business-Centric Data Security

The evolution of data security isn’t defined only by its tools and technologies. There’s a huge shift also in its core philosophy and approach. As Bales highlighted, data security has journeyed from being incident-centric, through compliance-centric, to becoming genuinely business-centric.

This transition signifies a monumental change. Previously, data security was a reactive process, primarily responding to incidents as they occurred, or ensuring adherence to regulatory requirements. Today, it has become an integral part of business strategy. This shift is not mere rhetoric but a tangible change, facilitated by new tools that allow businesses to integrate data security seamlessly into their core operations.

In the business-centric model, data security is not just about preventing data breaches or meeting compliance requirements. It’s about treating data with its context, allowing new business opportunities without risking the underlying data. It’s about fostering customer trust and gaining a competitive edge. It’s about ensuring that every business decision takes data security implications into account, bridging the gap between the business and IT departments.

The advent of this era heralds a new chapter in data security, where the focus isn’t just on averting risks, but also leveraging security as a business enabler. It offers a promising direction toward more resilient and future-proof organizations, helping everyone, especially end-users, sleep better at night.

Takeaway 3: The Eternal Role of Security Teams: Managing Access and Data Security

In the ever-shifting arena of data security, the role of security teams extends across various environments – On-prem, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), each demanding different aspects of security. As Bales insightfully pointed out, while these responsibilities may change depending on the environment, the intersection of all these is consistent: people and data.

Despite the rapid technological changes and the commoditization of several security aspects, the core responsibilities revolving around data and people (E.g., access, and identity) have remained constant. In essence, no matter how automated or complex security systems become, human identities, the organizations’ sensitive data, and the combination of the two, access to data, continue to be paramount. The threats linked to unauthorized access or data breaches remain, and in some ways, become even more potent.

This highlights an important truth: the role of security teams is not just about managing the latest security tools or countering advanced threats. It’s about maintaining the most fundamental elements – human identity and data.

Takeaway 4: The Threat of “Shadow Data” in Cloud Data Security

A sobering revelation from Bales’ talks was the growing threat of “dark data” or “shadow data” within cloud data security. In an era where data is regarded as the new oil, this dark data represents untapped reserves that lurk below the surface, invisible to security systems. With companies able to visualize only between 10-48% of their cloud data (according to Bales), this uncharted territory poses a significant risk to data security.

These dark corners of our digital ecosystem aren’t just a storage issue, of course. They form potential weak links in an organization’s security framework. The phrase “out of sight, out of mind” rings ominously true here – organizations cannot protect what they do not know exists.

As more organizations move towards the cloud, the concern around dark data escalates. This invisibility cloak gives it the potential to become a low-hanging fruit for hackers and cybercriminals, making it a pressing concern. Addressing the shadow data issue is not just about gaining complete visibility but also about ensuring comprehensive protection of these data assets, a challenge that security professionals must face head-on.

Takeaway 5: The Inadequacy of Current Solutions and the Promise of Emerging Tools

Bales’ talks also shone a light on a stark reality: the tools that served us well in the past may not be adequate for the challenges of today and tomorrow. Legacy solutions like Cloud Access Security Broker (CASB), SaaS Security Posture Management (SSPM), and Cloud-Native Application Protection Platform (CNAPP) have shown limitations when dealing with the new challenges of cloud data security.

Moreover, native capabilities provided by tech giants such as Microsoft’s Purview Information Protection, Google Cloud’s Data Loss Prevention, Amazon’s Macie, or IBM’s Guardium, though promising, are still maturing and might not provide a holistic solution to data security in hybrid environments.

In response to this gap, the industry has seen the emergence of new solutions like broad Data Security Platforms (bDSP), Data Security Posture Management (DSPM), Data Access Governance (DAG), and Data Leakage Prevention (DLP). Among these, DSPM solutions and bDSP stand out as key players in addressing the multifaceted challenges of cloud data security.

One of the core capabilities of DSPMs, and perhaps their most powerful, is their ability to build a comprehensive data map and pipeline. This function enables the analysis of the full data lineage, providing a holistic view of data security and illuminating the shadows where threats might lurk. This shift towards more advanced tools underlines the commitment of the industry to stay ahead of the evolving challenges and protect our digital frontier.

Conclusion

The world of data security is changing fast, and it’s truly fascinating. At the heart of this change, we’re seeing how platforms like DSPMs are coming into their own and playing an increasingly important role in securing our digital spaces.

Here at Flow Security, we’ve been part of this journey from the start. Way before “DSPM” became a buzzword and Gartner coined the category, we were already transforming the way companies protect their data. As the first and only player to offer a solution that combines data-at-rest with data-in-motion analysis, either on-prem, in the cloud, or SaaS, we’re extremely proud of the part we’ve played in shaping this category.

Insights from Gartner’s Security and Risk Management Summit and talks like those from Andrew Bales underline that we’re on the right path. And as we continue, our aim is simple: to keep learning, adapting, and continuing revolutionizing data security.