Address skills shortages with third-party data discovery tools

Homegrown might be best in some scenarios, but resource-constrained security teams should consider third-party tools for data discovery and resilience.

Turns out, it's not even vendor hype: Resource-constrained enterprises really are turning to third-party tools for data discovery and classification rather than relying on homegrown tools, according to new research.

My esteemed colleague at TechTarget's Enterprise Strategy Group, Jon Brown, and I recently published the research report "Achieving Cyber and Data Resilience: The Intersection of Data Security Posture Management With Data Protection and Governance." The study delved into data resilience, the segment of cyber-resilience focused on data. Data resilience is the intersection of data security posture management (DSPM), data protection, data security and data governance.

One particularly interesting finding in the study was that, while 36% of teams use a homegrown tool for data discovery, resource-constrained teams were more likely to be part of the 46% of enterprises using a commercial, third-party tool for data discovery. In particular, the 54% lacking security skill sets said they are more likely to lean on vendors to supplement their in-house skills shortages by using third-party tools for automated data discovery. In addition, the 26% of organizations that said their teams lacked data resilience skill sets were also less likely to rely on internally developed tools for data discovery.

What's wrong with homegrown?

Developing and maintaining an internal tool can divert scarce internal resources that could be better used elsewhere. While compelling reasons to build your own data discovery tool might exist, I suspect this is more of a legacy phenomenon where teams have deployed an internally developed tool for their on-premises environment and now have to maintain it. And while teams might have originally focused on on-premises data, they now have the added challenge of wrestling with data scattered across multiple clouds.

Teams are typically facing a decision about whether to continue with their existing homegrown approach or switch to a commercial, off-the-shelf product for data discovery and classification. In some instances, they might continue to use a homegrown tool for on-premises and a commercial tool for cloud environments. But two tools can incur a continued drain in internal resources to maintain the existing tool. It also requires swiveling between tools to get a holistic picture of the data environment.

Internally developed tools aren't particularly prevalent when it comes to cloud environments with multiple IaaS environments and SaaS applications. Every cloud is different and developing an internal tool to cover the entire estate is a big task.

Given the multi-cloud data discovery challenge, a sensible approach is to use a commercial tool rather than devote internal resources to the task.

Given the multi-cloud data discovery challenge, a sensible approach is to use a commercial tool rather than devote internal resources to the task. That's exactly what enterprises feeling the skills shortage pinch are doing.

DSPM tools now address cloud and on-premises data stores

The data resilience challenge is where options like DSPM come into play. DSPM products originally emerged with a focus on cloud data, but they have expanded their footprint to include on-premises data stores as well. Enterprise buyers should ask the following key questions when considering data discovery and classification:

  • Why divert scarce internal resources maintaining legacy on-premises data discovery tools when a commercial tool can do that work?
  • Why deploy two tools when you can use one that provides unified coverage of both on-premises and cloud data?

Our research indicated that IT and security leaders are more likely to say, "Let's go with a commercial tool that enables me to better use my scarce internal resources and provides coverage across my data estate, both on-premises and in the cloud."

That's a smart move and one that any team with a legacy, homegrown data discovery and classification tool should consider.

Todd Thiemann is a senior analyst covering identity access management and data security for TechTarget's Enterprise Strategy Group. He has more than 20 years of experience in cybersecurity marketing and strategy.

Enterprise Strategy Group is a division of TechTarget. Its analysts have business relationships with technology vendors.

Next Steps

Identity security and data security predictions

Dig Deeper on Data security and privacy