From the basic physical protections of the 1960s and 1970s to today’s sophisticated, cloud-based, automated systems, data security has come a long way in the past 50 years. It’s been quite a journey, with new solutions emerging with remarkable frequency to address threats arising from new technologies and attack techniques. And excitingly, the past two years have seen the latest data security evolution: Data Security Posture Management (DSPM).

Data Security: The Story So Far

But before we get to DSPM, let’s set the scene a little. To understand DSPM, we first need to understand how data security has developed over the years.

The Early Years

We can trace the origins of data security to the 1960s. Back then, all data was stored centrally on mainframes, meaning only those with physical access to the mainframe could retrieve the data stored on it. Physical protections were the primary form of data security – think locked doors and security guards.

Throughout the 1970s and 1980s, however, data security began to resemble what we know today. As data sharing and the risk of unauthorized access increased, technicians began applying basic encryption algorithms – such as the Data Encryption Standard (DES) – to protect sensitive data, mostly at the file level.

Networking and Antivirus

In the late 1980s and 1990s, systems became networked, meaning more data flowed from location to location and was exposed to unauthorized access and network-based threats like viruses and worms. In response, we saw the emergence of early firewalls, antivirus software, and Access Control Lists (ACLs).

The Internet and Encryption Protocols

The widespread adoption of the Internet throughout the 1990s and 2000s had an enormous impact on data security, as data was suddenly exposed to global threats. In response, Secure Sockets Layer (SSL) and, later, Transport Layer Security (TLS) became standard protocols for encrypting and securing data in transit. Similarly, Public Key Infrastructure (PKI) and Intrusion Detection Systems (IDS) emerged to authenticate identities, encrypt communications, and monitor network traffic for suspicious activity, respectively.

Early Cloud Security

Many of the problems we still deal with today emerged in the 2010s and early 2020s. Organizations began adopting cloud infrastructure, challenging traditional security tools by storing sensitive data in off-premises environments. As a result, many security teams turned to tools like Security Information and Event Management (SIEM) to better understand their security environment and Cloud Access Security Brokers (CASB) to monitor and secure data across cloud services and enforce security policies.

DSPM: A Modern Solution to a Modern Problem

That brings us to DSPM. Just as all the other solutions mentioned above emerged in response to a new problem, so did DSPM.

Increasing Cloud Complexity Requires New Solutions

Cloud adoption is skyrocketing – Gartner predicts that by 2027, more than 70% of enterprises will use industry cloud platforms to accelerate their business initiatives, up from less than 15% in 2023 – and many organizations use multiple cloud service providers (CSPs) to store and access their data.

While CSPs have granted organizations tremendous scalability, flexibility, and productivity benefits, they have also complicated data security. The increasing number of repositories and pipelines required for CSP projects has resulted in data becoming lost in locations not directly tied to business operations, meaning security teams overlook and fail to protect it. DSPM is a solution to this problem.

What is DSPM?

First introduced to the world in the 2022 Gartner Hype Cycle for Data Security, DSPM is a suite of tools that provides visibility into where sensitive data is, who has access to it, how it has been used, and the security posture of the data store or application. It assesses the existing state of data security, identifies and classifies potential risks and vulnerabilities, implements security controls to mitigate these risks, and regularly monitors and updates an organization’s security posture.

The State of the DSPM Market

The DSPM market has matured remarkably quickly. In the 2022 Gartner Hype Cycle for Data Security, Gartner stated that DSPM had a market penetration of less than 1%. In its 2023 Innovation Insight, it projected that DSPM’s market penetration will increase to 20% over the next few years.

Gartner’s more recent Voice of the Customer for Data Security Posture Management tells a similar story. A consolidation of 379 Gartner Peer Insight reviews over an 18-month period ending 31 March 2024; the report shows that all the DSPM market’s leading vendors achieve scores of 81% or more in the willingness to recommend category and at least four stars in all other categories.

DSPM: It’s Only the Beginning

While DSPM is becoming more common, relatively few organizations have these solutions. However, this will change in the coming years. DSPM is the future of data security, providing security teams with unrivaled visibility and protection of their cloud environments. So, watch this space.

Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He’s written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.