Torsion: An established Data Security Posture Management (DSPM) solution 

What is Data security posture management (DSPM) 

Data security posture management (DSPM) was first identified by industry analyst Gartner in its 2022 Hype Cycle for Data Security. The Gartner definition of DSPM is as follows: ‘Data security posture management (DSPM) provides visibility as to where sensitive data is, who has access to that data, how it has been used, and what the security posture of the data stored or application is. It does that by assessing the current state of data security, identifying potential risks and vulnerabilities, implementing security controls to mitigate these risks, and regularly monitoring and updating the security posture to ensure it remains effective. As a result, it enables businesses in maintaining the confidentiality, integrity, and availability of sensitive data. The typical users of DSPM include Information Technology (IT) departments, security teams, compliance teams, and executive leadership.’ 

How DSPM works 

Typically, DSPM solutions provide a high degree of automation and focus on three key areas of data security: 

  1. Data access visibility: The volume of data in the cloud is growing and impossible to control manually within organisations. DSPM can limit the data sprawls within cloud service providers and Software-as-a-Service (SaaS) apps and give an accurate, live picture of the data that exists and who has access to what.
  2. Data access and movement: DSPM can highlight where and how data is shared to highlight existing permissions, controls and sharing.
  3. Data protection:  DSPM can automatically uncover potential data access security risks therefore enabling fixes to be applied rapidly.  

How Torsion automates DSPM 

Let’s take those three core elements of DSPM and look at exactly how Torsion automates each function: 

  1. Data access visibility: The Torsion platform sits within the user interface of the Microsoft 365 applications (Teams, SharePoint and OneDrive) to give full visibility of ‘who has access to their own data and why they have it’. Admin users can see the entire data architecture within an central dashboard for an even fuller picture. Torsion also automatically revokes data access that is out of date, not relevant or not in sync with company policies. This limits the amount of data sprawl within the organisation and ensures that only those that need access to a piece of data have it. Torsion also highlights data access that has become hidden in nested files and folders.
  2. Data access and movement: Users and admin can see who has accessed what information, when they accessed it and what their business reason is for having access. Permissions are kept current and security levels can be applied to certain data so any sensitive data is carefully tracked.
  3. Data protection:  Torsion constantly monitors what is being shared and where. It flags any vulnerable or out of character to the data owner so they can check it and validate it. Why do we inform the data owner and not just the IT team? With so much data in the cloud, IT are not in a position to understand the business, security and compliance implications of every piece of information in every document – making them the wrong people to decide who needs access. Only the data owner in the business is best placed to fully understand the data, and decide who should have access.

Summary 

Being aware and understanding where your data lives, who has access to it and how it is being utilised is key in meeting your data security and compliance needs. But with so much cloud data it’s no longer to possible to monitor and control it manually. A Date Security Posture Management (DSPM) solution such as Torsion is a highly automated tool that gives you complete visibility and control of ‘who has access to what’.  

Watch our quick 2 minute demo of Torsion.