DSPM identifies and prioritizes the vulnerabilities associated with each data asset. Primarily, DSPM looks for the following vulnerabilities:
Misconfigurations
Misconfigurations result in missing or incomplete application or system security settings, making enterprise data vulnerable to unauthorized access. The most frequently cited consequence of misconfiguration is insecure cloud data storage, but misconfigurations can also create security vulnerabilities such as unapplied security patches and lost data encryption. Misconfiguration is widely considered the most common cloud data security risk and is the prevalent cause of data loss or leakage.
Excessive entitlements (or excessive permissions)
Excess entitlements give users more privileges or permissions to access data than they need to do their tasks. Excessive entitlements can be the result of misconfiguration, but can also occur if entitlements are intentionally escalated incorrectly or negligently (or maliciously, by a threat actor), or when permissions intended to be temporary are not revoked when they are no longer required.
Data flow and data lineage issues
Data flow analysis tracks all the places where data resided and who had access to it in each location. Besides information about infrastructure vulnerabilities, data flow analysis can reveal potential attack paths on sensitive data.
Security policy and regulatory violations
DSPM solutions map current data security settings against an organization's data security policies – and data security requirements imposed by any regulatory frameworks to which the organization is subject – to identify where data is not adequately protected and where the organization is at risk of non-compliance.
