Data Security Posture Management: Navigating Security Risks in a Copilot Rollout

By Patrick Ortiz| Trace3 Innovation Intern

The market for Data Security Posture Management (DSPM) has had an interesting journey long before Gartner officially coined the term. The very concept represents a paradigm shift in the way data security is viewed and handled. However, as with any new trend that challenges conventional thought, adoption has lagged prediction. That is until Generative AI entered the market. All at once, data security became top of mind, pushing this technology to the forefront. With an indication from both client requests as well as sales and survey data, our team has identified a clear theme in organizations prioritizing DSPM adoption.

As a continuation of the 2024 Innovation Top Themes Series, let's dive deeper into the DSPM space and what implications the Microsoft 365 (M365) Copilot solution holds for the state of your secure data environment.

The Emergence of Data Security Posture Management

Not too long ago, security teams were approaching data security from the lens of internal protection through outside barriers. This meant that as long as the data resided within the castle walls, it was protected from known threats. Data security tools were heavily reliant on key capabilities, such as data loss prevention (DLP), encryption, and monitoring practices. With the rise of Cloud in the enterprise, this lens was cracked open and no longer were security teams able to maintain a centralized environment they could guard successfully using their traditional mechanisms. Cloud-native environments shifted company data into highly distributed points of storage with even more dynamic risks stacking up, as growth in cloud data occurs at a much more rapid pace. It was becoming clear that the traditional data security strategies were no longer sufficient in providing the lens required to understand where the data was, let alone who had access to it in the first place.

The issue was clear, and the market responded, within 24 months there were over a dozen DSPM solutions in the early-stage startup market. These solutions were built around three key principles: surface sensitive data, track data access, and review data usage. By scanning hybrid cloud environments, DSPM solutions are able to discover and identify the risk of data living everywhere from file systems, application data stores, to object storage buckets. From here, the tool dives into attributes of the data to paint a more comprehensive picture of protections in place, including permissions on files. Even more importantly it enhances your company’s security posture through automated classification of discovered data, helping to identify sensitive data locations that may not have been previously recognized. It doesn’t end there either, some DSPM solutions, with varying approaches, aid in remediation and can help security teams drive forward the development of data breach incident response plans.

With all that said and done, the past few years have led to a quick emergence of competitors in the DSPM market -- with over 15 entrants identified by our team. But it wasn’t till around 2022-2023 that managers have cited data discovery and classification solutions as a top priority in their implementation according to a recent enterprise survey conducted by 451Research¹.

So, what has changed in the last year leading to this uptick? One likely factor is the recent rise of Generative AI Assistants, and particularly the push from Microsoft and their M365 Copilot solution. While these tools provide new opportunities to improve productivity and streamline operations, they also introduce new challenges for security teams that are shifting the priority of DSPM solutions in many enterprise leaders’ minds.

Copilot Data Challenges on the Rise

AI Assistants and Copilots are changing the way employees work, giving them the ability to access all the information tied to them with the ease of simply typing out a quick question to a chatbot. M365 Copilot in particular integrates into a variety of Microsoft apps, everything from SharePoint to Outlook to Teams and more, poising itself as a way to increase worker productivity to levels that we haven’t been able to be reached before. In fact, according to a recent Gartner poll focusing on Microsoft 365, the standout feature gaining traction and considered highly valuable by most organizations is M365 Copilot.² Regardless of where your organization stands on the decision of adoption, as GenAI continues to gain momentum and begins to demonstrate its true value, you can expect a continued increase in adoption of these types of tools.

With each technological shift in the enterprise, there’s always a good mix of benefits and challenges. Introducing a new tool that offers easy access to varying sources, some of which you may not have even been aware of, expands the scope of data security requirements. In the past, especially before the widespread adoption of cloud technologies, data vulnerabilities were often overlooked. For example, excessive privileges are commonplace in many organizations M365 environments. But now with copilots and similar tooling on the rise, this increased accessibility to your data creates wider opportunities for both insider threats and external attacks to take hold of sensitive information.

Now you may be asking yourself, how does one even begin to address the surge of challenges that will stem from a M365 Copilot rollout? This is exactly why the prioritization of DSPM solutions is taking place.

The DSPM Solution

From the get-go, DSPMs have positioned themselves to help companies get a grasp on overly permissive documents. So now, with M365 Copilot, having the ability to quickly identify the data you have in place and correlating all of it to the permissions reach of this new tool is even more crucial. There are three core DSPM capabilities to highlight against these new challenges:

1. Discovery & Classification: Surface sensitive data in your Microsoft environment.

   1. Find overlooked exposure of sensitive data across your environment.

   2. Know which identities have access to the data and their associated permissions.

   3. Use lineage to map data across data repositories both structured and unstructured.

2. Policy Enforcement: Take actionable steps to remove access risks found in M365.

   1. Enforce preemptive data security and compliance controls.

   2. Perform automated risk analysis on previously established data governance policies.

3. Remediation & Monitoring: Identify and resolve risk points as they grow with Copilot generation.

   1. Alert and inspect data residency, privacy, and breach risks preemptively.

   2. Enable third-party products with associated metadata in support of remediation.

The security concept of “least privilege” is the best way to understand how to properly handle permissions in this type of rollout across the company. Although talked about frequently, it still remains difficult to truly achieve this positioning of a company’s security posture. This is where a DSPM solution excels at providing both the visibility and remediation strategies to achieve the level of data security posture copilots are now prioritizing. The value of a DSPM has always been there, especially for companies heavily invested in their cloud environments. If you haven’t already taken a look into the benefits of this solution in your own organization, now is a ripe time for adoption.

What Comes Next?

The DSPM market has been around for some time now, but the market is showing strong indications of the nascency of this tooling. Just look to the acquisitions taking place with some of the larger security platforms in the enterprise that you may already be leveraging. The first acquisition was kicked off by IBM when they purchased Polar Security back in May of 2023 looking to expand their coverage of the shadow data problem.⁵ Examples of this activity continued with Rubrik’s announcement of their grab for Laminar back in August 2023⁶, Palo Alto’s completed acquisition of Dig Security at the end of last year⁷, and most recently CrowdStrike’s reach for Flow Security which was just announced at the beginning of March this year⁸.

Although a great solution for the use case discussed here, DSPMs unfortunately won’t be able to handle all the security needs that may arise from the growing ease of access in the data space. Depending on the needs of your specific rollout, other security solutions may also be required to work in tandem with a DSPM. Identifying your personal areas of concern is paramount for the formulation of your Copilot security strategy. Some examples to look to for the future of data security include “Next-Gen DLP” and “LLM Firewalls”. A couple solutions our Innovation team has been tracking closely that are building out strong capabilities in this space are Lasso Security and Harmonic Security. In addition, our team has seen the cloud storage security space advancing, specifically from Nira, extending the capabilities of control and visibility into Google and Microsoft drives.

With the initial rollouts of M365 Copilot underway, it’ll be important to keep an eye on the developments in the data security space to make sure your organization is staying up to date. As always, the Innovation team here at Trace3 is uniquely positioned between the expanding market and our clients to ensure you stay as educated as possible in the developments. If you have any further questions or are interested in exploring some of the solutions highlighted below, please feel free to reach out to us at innovation@trace3.com.

1. Survey Data Hub – Voice of the Enterprise: Information Security, Technology Roadmap 2023 – 451 Research
2. Gartner – Top 10 Insights From the 2023 Microsoft 365 Survey – 25 October 2023 – ID G00801554
3. Verizon – 2023 Data Breach Investigations Report
4. Varonis – Must-Know Data Breach Statistics [2023]
5. IBM Acquisition of Polar Security | IBM Newsroom
6. Rubrik Acquires DSPM Leader Laminar to Accelerate Cloud Data Security | Rubrik
7. Palo Alto Networks Completes Acquisition of Dig Security | Palo Alto Networks
8. CrowdStrike to Acquire Flow Security and Expand Its Cloud Security Leadership

Patrick Ortiz joined the Innovation team at Trace3 in May 2023 as a summer intern and quickly showcased success in content development and insight discovery. With a background in science and engineering research and a passion for understanding the latest trends across the enterprise IT space, he continues to bring in a forward outlook and deliver on content to help clients understand the ever-changing landscape of IT solutions. He will be completing his bachelor’s degree at Arizona State University and will join the Innovation team full-time. When not in classes or researching, Patrick can be found eating at some of the best foodie locations in whichever city he may be exploring.