My TechTarget Enterprise Strategy Group colleague Jon Brown and I are collaborating on research around the concept of data resilience. This study will delve into the intersection of data security posture management, data protection, data security, and data governance. While the results will be published in the coming months, I wanted to share the core research hypothesis as we anticipate results from the field.
Sensitive Data Grows
Enterprise data stores including personal identifiable information (PII) or other sensitive data are growing significantly. Data volumes generally are rapidly growing, and cybersecurity teams struggle to identify, categorize, and secure sensitive data repositories and data flows across clouds and geographies. The research will provide some granularity around the volume of data generally and PII/sensitive data specifically, as well as where that data is located.
Tools “Fit for Purpose” vs. Platform
There is a decades-long cybersecurity industry argument about “point products vs. platform.” I’m generally of the “it is a both” camp rather than either/or for reasons that go beyond the space constraints of this blog. When it comes to the various tools involved in data resilience, such as data security posture management, data security, backup, and governance, I expect that most enterprises today are taking a“best tool for purpose” approach for the various elements of data resiliencemore thana consolidated platform approach.
Enterprise Strategy Group has done other research in various cybersecurity domains around the “point product vs. platform” dynamic, including this year’s The State of Identity Security study that showed an even split between those who wanted the best tool for identity security and those who preferred a platform approach. There is considerable value to security practitioners in a consolidated identity platform that brings together functionality like identity governance and administration along with privileged access management. Data resilience is an emerging space compared to the more mature identity and access management space, so the market dynamics will be different.
Data resilience, a subset of cyber resilience, is a relatively new focus for the enterprise driven by high-profile ransomware compromises, and there is a wave of new technology trying to solve this problem—hello, DSPM and cloud data protection players. While security and IT teams want to prune their portfolio of tools for various reasons—the platform approach—organizations are seeing the importance of “fit for purpose” tools that satisfy their new needs for data security and resilience, compared to broader platforms that might or might not provide robust data resilience features and capabilities.
Locating and categorizing data, both on premises and in the cloud, in a dynamic data environment with new apps such as generative AI and “shadow data” outside the purview of IT is a relatively new problem for IT and security teams with differentiated technology approaches from various vendors.
I expect the research to show a significant preference today for “best tool for the purpose” compared to the platform approach for the various elements that comprise data resilience. This will change over time as the enterprise needs evolve, technology evolves, and vendor capabilities/differentiation ebbs and flows.
DSPM Adoption Ramping
Organizations are embracing DSPM and will movein pilot/proof of concept or plan to deploy in the near term. This is a space that is primed for growth with key drivers, includingpreventing potential data breaches and facilitating deployment of generative AI. While past research has shown increasing investments in data security generally—DSPM was a top 10 priority in the Enterprise Strategy Group “2024 Technology Spending Intentions Survey”—I expect this research to provide granular details around that ramp.
Noise vs. Substance
While there are many opinions and hypotheses surrounding the state of DSPM, some of that is noise is driven by a lack of data or talking to “friendlies” who might not represent the broader market. Given how much flux and innovation is out there, it’s exciting to conduct this rigorous Enterprise Strategy Group research to shed light on DSPM and adjacent solution areas. The above hypothesis highlights explain what we’re expecting to see—and I’m looking forward to seeing the insight nuggets illuminating where enterprise IT and security teams are focusing their data resilience efforts, who is involved, and what the business drivers are. If you are in the DSPM space and interested in understanding the research, give me a shout to discuss.
