Infosec glossary

DSPM

Data Security Posture Management

Organizations store data across cloud services, databases, data warehouses, object stores, and software services. Security teams may not know where sensitive data resides, who can access it, or whether its storage and permissions follow policy. DSPM addresses that visibility and assessment problem.

Platform acronym 6 min read By Infosec Writing Studio editorial team
01

DSPM maps sensitive data and its security context

Data discovery identifies stores and datasets, while classification determines whether they contain information such as personal data, credentials, financial records, intellectual property, or regulated content. Context then shows the cloud account, owner, location, service, and environment associated with that data.

Security assessment adds information about encryption, public exposure, identity permissions, cross-account access, copies, and other conditions. This combination helps distinguish an expected dataset from one stored or shared in a risky way.

02

Core DSPM functions

DSPM systems connect to supported data services and inspect metadata, configurations, permissions, or data samples. Discovery methods differ, so organizations should consider service coverage, scanning depth, data handling, and whether analysis moves content outside its original environment.

Findings may identify a public store, an overprivileged identity, an unencrypted dataset, a stale copy, or sensitive data in an unapproved location. Remediation may change a configuration, remove access, assign an owner, delete an unnecessary copy, or document an accepted condition.

  • Sensitive data discovery and classification
  • Access and entitlement analysis
  • Storage configuration and exposure assessment
  • Ownership, prioritization, and remediation tracking
03

DSPM differs from DLP and data governance

Data loss prevention monitors or controls how data moves through endpoints, networks, applications, or cloud services. Data governance defines ownership, quality, retention, use, and accountability. DSPM concentrates on the security state and exposure of sensitive data across connected environments.

The disciplines can share classification labels and policy information. They remain distinct because they answer different questions about data use, movement, ownership, and security risk.