David Stuart

Senior Director, Product Marketing

David Stuart is Senior Director of Product Marketing for Sentra, a leading cloud-native data security platform provider, where he is responsible for product and launch planning, content creation, and analyst relations. Dave is a 20+ year security industry veteran having held product and marketing management positions at industry luminary companies such as Symantec, Sourcefire, Cisco, Tenable, and ZeroFox. Dave holds a BSEE/CS from University of Illinois, and an MBA from Northwestern Kellogg Graduate School of Management.

Name's Data Security Posts

David Stuart
David Stuart
November 7, 2024
3
Min Read
Sentra Case Study

Understanding the Value of DSPM in Today’s Cloud Ecosystem

Understanding the Value of DSPM in Today’s Cloud Ecosystem

As businesses accelerate their digital growth, the complexity of securing sensitive data in the cloud is growing just as fast. Data moves quickly and threats are evolving even faster; keeping cloud environments secure has become one of the biggest challenges for security teams today.

In The Hacker News’ webinar, Benny Bloch, CISO at Global-e, and David Stuart, Senior Director of Product Marketing at Sentra, discuss the challenges and solutions associated with Data Security Posture Management (DSPM) and how it's reshaping the way organizations approach data protection in the cloud.

The Shift from Traditional IT Environments to the Cloud

Benny highlights how the move from traditional IT environments to the cloud has dramatically changed the security landscape. 

"In the past, we knew the boundaries of our systems. We controlled the servers, firewalls, and databases," Benny explains. However, in the cloud, these boundaries no longer exist. Data is now stored on third-party servers, integrated with SaaS solutions, and constantly moved and copied by data scientists and developers. This interconnectedness creates security challenges, as it becomes difficult to control where data resides and how it is accessed. This transition has led many CISOs to feel a loss of control. 

As Benny points out, "When using a SaaS solution, the question becomes, is this part of your organization or not? And where do you draw the line in terms of responsibility and accountability?"

The Role of DSPM in Regaining Control

To address this challenge, organizations are turning to DSPM solutions. While Cloud Security Posture Management (CSPM) tools focus on identifying infrastructure misconfigurations and vulnerabilities, they don’t account for the movement and exposure of data across environments. DSPM, on the other hand, is designed to monitor sensitive data itself, regardless of where it resides in the cloud.

David Stuart emphasizes this difference: "CSPM focuses on your infrastructure. It’s great for monitoring cloud configurations, but DSPM tracks the movement and exposure of sensitive data. It ensures that security protections follow the data, wherever it goes."

For Benny, adopting a DSPM solution has been crucial in regaining a sense of control over data security. "Our primary goal is to protect data," he says. "While we have tools to monitor our infrastructure, it’s the data that we care most about. DSPM allows us to see where data moves, how it’s controlled, and where potential exposures lie."

Enhancing the Security Stack with DSPM

One of the biggest advantages of DSPM is its ability to complement existing security tools. For example, Benny points out that DSPM helps him make more informed decisions about where to prioritize resources. "I’m willing to take more risks in environments that don’t hold significant data. If a server has a vulnerability but isn’t connected to sensitive data, I know I have time to patch it."

By using DSPM, organizations can optimize their security stack, ensuring that data remains protected even as it moves across different environments. This level of visibility enables CISOs to focus on the most critical threats while mitigating risks to sensitive data.

A Smooth Integration with Minimal Disruption

Implementing new security tools can be a challenge, but Benny notes that the integration of Sentra’s DSPM solution was one of the smoothest experiences his team has had. "Sentra’s solution is non-intrusive. You provide account details, install a sentinel in your VPC, and you start seeing insights right away," he explains. Unlike other tools that require complex integrations, DSPM offers a connector-less architecture that reduces the need for ongoing maintenance and reconfiguration.

This ease of deployment allows security teams to focus on monitoring and securing data, rather than dealing with the technical challenges of integration.

The Future of Data Security with Sentra’s DSPM

As organizations continue to rely on cloud-based services, the need for comprehensive data security solutions will only grow. DSPM is emerging as a critical component of the security stack, offering the visibility and control that CISOs need to protect their most valuable assets: data.

By integrating DSPM with other security tools like CSPM, organizations can ensure that their cloud environments remain secure, even as data moves across borders and infrastructures. As Benny concludes, "You need an ecosystem of tools that complement each other. DSPM gives you the visibility you need to make informed decisions and protect your data, no matter where it resides."

This shift towards data-centric protection is the future of AI-era security, helping organizations stay ahead of threats and maintain control over their ever-expanding digital environments.

Read More
David Stuart
David Stuart
September 25, 2024
3
Min Read
Data Security

Top Advantages and Benefits of DSPM

Top Advantages and Benefits of DSPM

Addressing data protection in today’s data estates requires innovative solutions. Data in modern environments moves quickly, as countless employees in a given organization can copy, move, or modify sensitive data within seconds. In addition, many organizations operate across a variety of on premises environments, along with multiple cloud service providers and technologies like PaaS and IaaS. Data quickly sprawls across this multifaceted estate as team members perform daily tasks. 

Data Security Posture Management (DSPM) is a key technology that meets these challenges by discovering and classifying sensitive data and then protecting it wherever it goes. DSPM helps organizations mitigate risks and maintain compliance across a complex data landscape by focusing on the continuous discovery and monitoring of sensitive information. 

If you're not familiar with DSPM, you can check out our comprehensive DSPM guide to get up to speed. But for now, let's delve into why DSPM is becoming indispensable for modern cloud enterprises.

Why is DSPM Important?

DSPM is an innovative cybersecurity approach designed to safeguard and monitor sensitive data as it traverses different environments. This technology focuses on the discovery of sensitive data across the entire data estate, including cloud platforms such as SaaS, IaaS, and PaaS, as well as on-premises systems. DSPM assesses exposure risks, identifies who has access to company data, classifies how data is used, ensures compliance with regulatory requirements like GDPR, PCI-DSS, and HIPAA, and continuously monitors data for emerging threats.

As organizations scale up their data estate and add multiple cloud environments, on-prem databases, and third-party SaaS applications, DSPM also helps them automate key data security practices and keep pace with this rapid scaling. For instance, DSPM offers automated data tags that help businesses better understand the deeper context behind their most valuable assets — regardless of location within the data estate. It leverages integrations with other security tools (DLP, CNAPP, etc.) to collect this valuable data context, allowing teams to confidently remediate the security issues that matter most to the business.

What are the Benefits of DSPM?

DSPM empowers all security stakeholders to monitor data flow, access, and security status, preventing risks associated with data duplication or movement in various cloud environments. It simplifies robust data protection, making it a vital asset for modern cloud-based data management.

Now, you might be wondering, why do we need another acronym? 

Let's explore the top five benefits of implementing DSPM:

1) Sharpen Visibility When Identifying Data Risk

DSPM enables you to continuously analyze your security posture and automate risk assessment across your entire landscape. It can detect data concerns across all cloud-native and unmanaged databases, data warehouses, data lakes, data pipelines, and metadata catalogs. By automatically discovering and classifying sensitive data, DSPM helps teams prioritize actions based on each asset’s sensitivity and relationship to policy guidelines.

Automating the data discovery and classification process takes a fraction of the time and effort it would take to manually catalog all sensitive data. It’s also far more accurate, especially when using a DSPM solution that leverages LLMs to classify data with more granularity and rich meta-data. In addition, it ensures that you stay up-to-date with the frequent changes in your modern data landscape.

2) Strengthen Adherence with Security & Compliance Requirements 

DSPM can also automate the process of identifying regulatory violations and ensuring adherence to custom and pre-built policies (including policies that map to common compliance frameworks). By contrast, manually implementing policies is prone to errors and inaccuracies. It’s common for teams to misconfigure policies that either overalert and inhibit daily work or miss significant user activities and changes to access permissions.

Instead, DSPM offers policies that travel with your data and automatically reveal compliance gaps. It ensures that sensitive data stays within the correct environments and doesn’t travel to regions with retention policies or without data encryption.

3) Improve Data Access Governance

Many DSPM solutions also offer data access governance (DAG). This functionality enforces the appropriate access permissions for all user identities, third parties, and applications within your organization. DAG automatically ensures that the proper controls follow your data, mitigating risks such as excessive permission, unauthorized access, inactive or unused identities and API keys, and improper provisioning/deprovisioning for services and users.

By using DSPM to govern data access, teams can successfully achieve the least privilege within an ever-changing and growing data ecosystem. 


4) Minimize your Data Attack Surface

DSPM also enables teams to detect unmanaged sensitive data, including mislocated, shadow, or duplicate assets. Its powerful data detection capabilities ensure that sensitive data, such as historical assets stored within legacy apps, development test data, or information within shadow IT apps, don’t go unnoticed in a lower environment. By automatically finding and classifying these unknown assets, DSPM minimizes your data attack surface, controls data sprawl, and better protects your most valuable assets from breaches and leaks.


5) Protect Data Used by LLMs

DSPM also extends to LLM applications, enabling you to maintain a strong risk posture as your team adopts new technologies. It considers LLMs as part of the data attack surface, applying the same DAG and data discovery/classification capabilities to any training data leveraged within these applications. 

By including LLMs in your overarching data security approach, DSPM alleviates any GenAI data privacy concerns and sets up your organization for future success as these technologies continue to evolve.

Enhance Your DSPM Strategy with Sentra

Sentra offers an AI-powered DSPM platform that moves at the speed of data, enabling you to strengthen your data risk posture across your entire hybrid ecosystem. Our platform can identify and mitigate data risks and threats with deep context, map identities to permissions, prevent exfiltration with a modern DLP, and maintain a rich data catalog with details on both known and unknown data. 

In addition, our platform runs autonomously and only requires minimal administrative support. It also adds a layer of security by discovering and intelligently categorizing all data with removing it from your environment. 

Conclusion

DSPM is quickly becoming an essential tool for modern cloud enterprises, offering comprehensive benefits to the complex challenges of data protection. By focusing on discovering and monitoring sensitive information, DSPM helps organizations mitigate risks and maintain compliance across various environments, including cloud and on-premises systems.

The rise of DSPM in the past few years highlights its importance in enhancing security. It allows security teams to monitor data flow, access, and status, effectively preventing data duplication or movement risks. With advanced threat detection, improved compliance and governance, detailed access control, rapid incident response, and seamless integration with cloud services, DSPM provides significant benefits and advantages over other data security solutions. Implementing DSPM is a strategic move for organizations aiming to fortify their data protection strategies in today's digital landscape.

Read More
David Stuart
David Stuart
August 22, 2024
3
Min Read
Data Security

Data: The Unifying Force Behind Disparate GRC Functions

Data: The Unifying Force Behind Disparate GRC Functions

In the ever-evolving world of cybersecurity, a common thread weaves its way through the seemingly disconnected disciplines of data security, data privacy, and compliancedata. This critical element forms the cornerstone of each function, yet existing solutions often fall short in fostering a holistic approach to data governance and security.

This blog delves into the importance of data as the unifying force behind disparate GRC (Governance, Risk & Compliance) functions. We'll explore how a data-centric approach can overcome the limitations of traditional solutions, paving the way for a more efficient and secure future.

The Expanding Reach of DSPM: Evidence from the Hype Cycle

Gartner's Hype Cycles serve as an insightful snapshot of emerging trends within the cybersecurity landscape. Both the "2024 Hype Cycle for Data Security" and the "2024 Gartner Hype Cycle for Cyber-Risk Management" highlight Data Security Posture Management (DSPM) as a key area of focus. This analyst perspective signifies a significant shift, recognizing DSPM as a discipline, not merely a set of features within existing security solutions. It's a recognition that data security is fundamental to achieving all GRC objectives.

Traditionally, data security has been the domain of security teams and Chief Information Security Officers (CISOs). Data privacy, on the other hand, resides with Chief Data Privacy Officers (CDPUs). Compliance, a separate domain altogether, falls under the responsibility of Chief Compliance Officers (CCOs). This siloed approach often leads to a disjointed view of data security and privacy, creating vulnerabilities and inefficiencies.

Data: The Universal Element

Data, however, transcends these functional boundaries. It's the universal element that binds security, privacy, and compliance together. Regardless of its form – financial records, customer information, intellectual property – securing data forms the foundation of a strong security posture. 

Identity, too, plays a crucial role in data security. Understanding user access and behavior is critical for data security and compliance. An effective data security solution will require deep integration with identity management to ensure proper access controls and policy enforcement.

Imagine a Venn diagram formed by the three disciplines: Data Security (CISO), Data Privacy (CDPO), and Compliance (CCO). At the center, where all three circles intersect, lies the critical element – Data. Each function operates within its own domain yet shares ownership of data at its core.

While these functions may seem distinct, the underlying element—data—connects them all. Data is the common thread woven throughout every GRC activity. It's the lifeblood of any organization, and its security and privacy are paramount. We can't talk about securing data without considering privacy, and compliance often hinges on controls that safeguard sensitive data.

For a truly comprehensive approach, organizations need a standardized method for classifying data based on its sensitivity. This common ground allows each GRC function to view and manage data through a shared lens. A unified data discovery and classification layer increases chances for collaboration amongst functions - DSPM provides this.

Existing Solutions Fall Short in a Dynamic Landscape

Traditional GRC solutions often fall short due to their myopic nature. They cater primarily to a single function – data security, data privacy, or compliance – leaving a fragmented landscape.

These solutions also struggle to keep pace with the dynamic nature of data. Data volumes are constantly growing, changing formats, and moving across diverse platforms. Mapping such a dynamic resource can be a nightmare with traditional approaches. Here at Sentra, we've explored this challenge in detail in a previous blog, Understanding Data Movement to Avert Proliferation Risks.

A New Approach: Cloud-Native DSPM for Agility and Scalability

The future of GRC demands a new approach, one that leverages the unifying force of data. Enter cloud-native Data Security Posture Management (DSPM) solutions, specifically designed for scalability and agility. This new breed of platforms offers several key advantages:

  • Comprehensive Data Discovery: The platform actively identifies all data across your organization, regardless of location or format. This holistic view provides a solid foundation for understanding and managing your data security posture.
  • Consistent Data Classification: With a central platform, data classification becomes a unified process. Sensitive data can be identified and flagged consistently across various functions, ensuring consistent handling.
  • Pre-built Integrations: Streamline your workflows with seamless integrations to existing tools across your organization, such as data catalogs, Incident Response (IR) platforms, IT Service Management (ITSM) systems, and compliance management solutions.

Towards a Unified Data Governance and Security Platform

The need for best-of-breed DSPM solutions like Sentra will remain strong to meet the ever-expanding requirements of data security and privacy. However, a future where GRC functionalities are more closely integrated is also emerging.

We're already witnessing a shift in our own customer base, where initial deployments for one specific use case have evolved into broader platform adoption for multiple use cases. Organizations are beginning to recognize the value of a unified platform for data governance and security.

Imagine a future where data officers, application owners, developers, compliance officers, and security teams all utilize a common data governance and security platform. This platform would be built on a foundation of consistent data sensitivity definitions, promoting a shared understanding of data security risks and responsibilities across the entire organization.

This interconnected future is closer than you might think. By embracing the unifying power of data and leveraging cloud-native DSPM solutions, organizations can achieve a more holistic and unified approach to GRC. With data at the center, everyone wins: security, privacy, and compliance all benefit from a more collaborative and data-driven approach.

At Sentra, we believe the inclusion of DSPM in multiple hype cycles signifies the increasing importance of these solutions for security teams worldwide. As DSPM solutions become more integrated into cybersecurity strategies, their impact on enhancing overall security posture is becoming increasingly evident.

Curious about how Sentra can elevate your data security? 

Talk to our data security experts and request a demo today.

Read More
David Stuart
David Stuart
May 28, 2024
3
Min Read
Data Security

Retail Data Breaches: How to Secure Customer Data With DSPM

Retail Data Breaches: How to Secure Customer Data With DSPM

In 2023, the average cost of a retail data breach reached $2.96 million, with the retail sector representing 6% of global data breaches, a rise from 5% in the prior year. 

Consequently, retail now ranks as the 8th most frequently targeted industry in cyber attacks, climbing from 10th place in 2022. According to the Sophos State of Ransomware in Retail report, ransomware affected 69% of retail enterprises in 2023. Nearly 75% of these ransomware incidents led to data encryption, marking an increase from 68% and 54% in the preceding two years.

Yet, these breaches aren't merely a concern for retailers alone; they pose a severe threat to customer confidence at large. 

The need for retailers to focus on data security is crucial since the retail sector serves such a large community (and therefore is a huge target for fraud, account compromise, etc.).  Retailers, increasingly conducting business online, are subject to evolving privacy and credit card regulations, to protect consumers. One compromise or breach event can prove disastrous to the customer trust that retailers may have built over years.  

With the evolving cyber threats, the proliferation of cloud computing, and the persistent risk of human error, retailers confront a multifaceted security landscape. Retailers should take proactive measures, and gain a deeper understanding of the potential risks in order to properly harden their defenses.

The year 2024 had just begun when VF Corporation, a global apparel and footwear giant, experienced a significant breach. This incident served as a stark reminder of the far-reaching consequences of ransomware attacks in the retail industry. Approximately 35 million individuals, including employees, customers, and vendors, were affected. Personal information such as names, addresses, and Social Security numbers fell into the hands of malicious actors, emphasizing the urgent need for retailers to secure sensitive data.

How to Secure Customer Data

Automatically Discover, Classify and Secure All Customer Data

Automatically discovering, classifying, and securing all customer data is essential for businesses today. Sentra offers a comprehensive retail data security solution, uncovering sensitive customer data such as personally identifiable information (PII), cardholder data, payment account information, and order details across both known and unknown cloud data stores. 

With Sentra's Data Security Posture Management (DSPM) solution, no sensitive data is left undiscovered; the platform provides extensive coverage of data assets, custom data classes, and detailed cataloging of tables and objects. This not only ensures compliance but also supports data-driven decision-making through safe collaboration and data sharing. As a cloud-native solution, Sentra offers full coverage across major platforms like AWS, Azure, Snowflake, GCP, and Office 365, as well as on-premise file shares and databases. Your cloud data remains within your environment, ensuring you retain control of your sensitive data at all times.

Comply with Data Security and Privacy Regulations

Ensuring compliance with data security and privacy regulations is paramount in today's business landscape. With Sentra’s DSPM solution, you can streamline the process of preparing for security audits concerning customer and credit card/account data. Sentra’s platform efficiently identifies compliance discrepancies, enabling swift and proactive remediation measures.

You can also simplify the translation of requirements from various regulatory frameworks such as PCI-DSS, GDPR, CCPA, DPDPA, among others, using straightforward rules and policies. For instance, you'll receive notifications if regulated data is transferred between regions or to an insecure environment. 

Sentra Dashboard Issues showing top compliance frameworks

Furthermore, our system detects specific policy violations, such as uncovering PCI-DSS violations that indicate classified information, including credit cards and bank account numbers, being publicly accessible or located outside of a PCI compliant environment. Finally, we generate comprehensive compliance reports containing all necessary evidence, including sensitive data categories, regulatory measures, security posture, and the status of relevant regulatory standards.

Mitigate Supply Chain Risks and Emerging Threats

Addressing supply chain risks and emerging threats is critical for safeguarding your organization. Sentra leverages real-time threat monitoring, Data Detection and Response (DDR) to prevent fraud, data exfiltration, or breaches, thereby reducing downtime and ensuring the security of sensitive customer data.

Sentra dashboard example of sensitive data accessed from suspicious IP address

Sentra’s DSPM solution offers automated detection capabilities to alert you when third parties gain access to sensitive account and customer data, empowering you to take immediate action. By implementing least privilege access based on necessity, we help minimize supply chain risks, ensuring that only authorized individuals can access sensitive information. 

Additionally, Sentra’s DSPM enables you to enforce security posture and retention policies, thereby mitigating the risks associated with abandoned data. You'll receive instant alerts regarding suspicious data movements or accesses, such as those from unknown IP addresses, enabling you to promptly investigate and respond. In the event of a breach, our solution facilitates swift evaluation of its impact and enables you to initiate remedial actions promptly, thereby limiting potential damage to your organization.

Read More
David Stuart
David Stuart
May 6, 2024
3
Min Read
Data Security

Securing Your Microsoft 365 Environment with Sentra

Securing Your Microsoft 365 Environment with Sentra

Picture this scenario: a senior employee at your organization has access to a restricted folder in SharePoint that contains sensitive data. Another employee needs access to a specific document in the folder and asks the senior employee for help. To save time, the senior employee simply copies the entire document and drops it into a folder with less stringent access controls so the other employee can easily access it. Because of this action taken by the senior employee, which only took seconds to complete, there’s now a copy of sensitive data — outside a secure folder and unknown to the data security team. 

The Sentra team hears repeatedly that Microsoft 365 services, like SharePoint, are a pressing concern for data security teams because this type of data proliferation is so common. While Microsoft services like OneDrive, SharePoint, Office Online, and Teams drive productivity and collaboration, they also pose a unique challenge for data security teams: identifying and securing the constantly changing data landscape without inhibiting collaboration or slowing down innovation. 

Today’s hybrid environments — including Microsoft 365 services — present many new security challenges. Teams must deal with vast and dynamic data within SharePoint, coupled with explosive cloud growth and data movement between environments (cloud to on prem or vice versa). They must also find ways to find and secure the unstructured sensitive data stored within Microsoft 365 services.

Legacy, connector- and agent-based solutions can’t fit the bill — they face performance and scaling constraints and are an administrative nightmare for teams trying to keep pace. Instead, teams need a data security solution that can automatically comprehend unstructured data in several formats and is more responsive and reliable than legacy tools. 

A cloud-native approach is one viable, scalable solution to address the multitude of security challenges that complex, modern environments create. It provides versatile, agile protection for the multi-cloud, hybrid, SaaS (i.e., Microsoft), and on-prem environments that comprise a business’s operations. 

The Challenge of Protecting Your Microsoft 365 Environment

When employees use Microsoft 365, they can copy, move, or delete data instantly, making it challenging to keep track of where sensitive data resides and who has access to it. For instance, sensitive data can easily be stored improperly or left behind in a OneDrive after an employee leaves an organization. This is commonplace when using Teams and/or SharePoint for document collaborations. This misplaced sensitive data can become ammunition for an insider threat, such as a disgruntled employee who wants to cause company damage.

Assets contain plain text credit card numbers

Defending your Microsoft 365 environment against these risks can be difficult because Microsoft 365 stores data, such as Teams messages or OneDrive documents, in a free-form layout. It’s far more challenging to classify this unstructured data than it is to classify structured data because it doesn’t follow a clear schema and formatting protocol. For instance, in a structured database, sensitive information like names and birthdates would be stored in neighboring columns labeled “names” and “birthdates.” However, in an unstructured data environment like Microsoft 365, someone might share their birthdate or other PII in a quick Teams message to an HR staff member, which is then stored in SharePoint behind the scenes. 

In addition, unstructured data lacks context. Some data is only considered sensitive under certain conditions. For example, 9-digit passport numbers alone wouldn’t pose a significant risk if exposed, while a combination of passport numbers and the identity of the passport holders would. Structured databases make it easy to see these relationships, as they likely contain column titles (e.g., “passport number,” “passport holder name”) or other clear schemas. Unstructured file repositories, on the other hand, might have all of this information buried in documents with a free-form block of text, making it especially difficult for teams to understand the context of each data asset fully.

Protection Measures to Address Microsoft 365 Data Risks

Today’s businesses must get ahead of these challenges by instituting best practices such as least privilege access, or else face consequences such as violating compliance regulations or putting sensitive data at risk of exposure

Since sensitive data is far more nuanced and complex to discern in Microsoft 365, businesses need a cloud-native solution that identifies the subtle signs associated with sensitive data in unstructured cloud environments and takes appropriate action to protect it. 

Sentra’s Integration with Microsoft 365

Sentra’s data security posture management (DSPM) platform enables secure collaboration and file sharing across services such as SharePoint, OneDrive, Teams, OneNote, and Office Online.

Its new integration with Microsoft 365 offers unmatched discovery and classification capabilities for security, data owners and risk management teams to secure data — not stopping activity but allowing it to happen securely. Here are a few of the features we offer teams using Microsoft 365: 

Advanced ML/AI analysis for accurate data discovery.

Sentra’s data security platform can autonomously discover data across your entire environment, including shadow data (i.e., misplaced, abandoned, or unknown data) or migrated data (data that may have sprawled to a lesser protected environment). It can then accurately rank data sensitivity levels by conducting in-depth analysis based on nuanced contextual information such as metadata, location, neighboring assets, and file path.

Sensitive data that is stored on-premise was found in a cloud environment

This contextual approach differs from traditional security methods, which rely on very prescriptive data formats and overlook unstructured data that doesn’t fit into these formats. Sentra’s high level of accuracy minimizes the number of false positives, requiring less hands-on validation from your team.

Use case scenario: An employee has set up their company OneDrive account to be directly accessible through their personal computer’s central file system. While working on personal tasks on their computer, this employee accidentally saves their child’s medical paperwork inside the company OneDrive rather than a personal file. To prevent this situation, Sentra can discover and notify the appropriate users if PII is residing in a OneDrive business account and violating company policy.

Precise data classification to support remediation. 

After discovering sensitive data, Sentra classifies the data using data context classes. This granular classification level provides rich usage context and enables teams to perform better risk prioritization, sensitivity analysis, and control actioning. Its data context classes can identify very specific types of data: configuration, log, tabular, image, etc. By labeling their resources with this level of precision and context, businesses can better understand usage and which files are more likely to contain sensitive information and which are not. 

In addition, Sentra consolidates classified data security findings from across your entire data estate into a single platform. This includes insights from multiple cloud environments, SaaS platforms, and on-premises data stores. Sentra offers a centralized, always-up-to-date data catalog and visualizations of data movement between environments.

Use case scenario: An employee requests access to a SharePoint folder containing a nonsensitive document. A senior employee authorizes access without realizing that sensitive documents are also stored within this folder. To prevent this type of excessive privileged access, Sentra labels sensitive documents, emails, and other Microsoft file formats so your team can enforce access policies and take the correct actions to secure these assets. 

Guardrails to enforce data hygiene across your environment.

Sentra also enforces data hygiene best practices across your Microsoft 365. environment, proactively preventing staff from taking risky actions or going against company policies.

For instance, it can determine excessive access permission and alert on these violations. Sentra can also monitor sharing permissions to enforce least privilege access on sensitive files. 

Use case scenario: During onboarding, a new junior employee is given access permissions across Microsoft 365 services. By default, they now have access to confidential intellectual property stored in SharePoint, even though they’ll never need this information in their daily work. To prevent this type of excessive access control, Sentra can enforce more stringent access controls for sensitive SharePoint folders.

Automation to accelerate incident response.

Sentra also supports automated incident response with early breach detections. It can identify data similarities to instigate an investigation of potentially risky data proliferation. In addition, it provides real-time alerting when any anomalous activity occurs within the environment and supports incident investigation and breach impact analysis with automated remediation and in-product guidance. Sentra also integrates with data catalogs and other incident response/ITSM tools to quickly alert the proper teams and kick off the right response processes. 

Use case example: An employee who was just laid off feels disgruntled with the company. They decide to go into SharePoint and start a large download of several files containing intellectual property. To protect your data from these types of internal threats, Sentra can immediately detect and alert you to suspicious activities, such as unusual activity, within your Microsoft 365 environment.

DSPM, the Key to Securing Microsoft 365

After talking with many customers and prospects facing challenges securing Microsoft 365, the Sentra team has seen the significance of a DSPM platform compatible with services like SharePoint, OneDrive, and Office Online. We prioritize bringing all data, including assets buried in your Microsoft 365 environment, into view so you can better safeguard it without slowing down innovation and collaboration. 

Dive deeper into the world of data security posture management (DSPM) and discover how it helps organizations secure their entire data estate, including cloud, on-prem, and SaaS data stores (like Microsoft 365)

Read More
David Stuart
David Stuart
April 30, 2024
4
Min Read
Data Security

How to Meet the Security Challenges of Hybrid Data Environments

How to Meet the Security Challenges of Hybrid Data Environments

It’s an age-old question at this point: should we operate in the cloud or on premises? But for many of today’s businesses, it’s not an either-or question, as the answer is both.

Although cloud has been the ‘latest and greatest’ for the past decade, very few organizations rely on it completely, and that’s probably not going to change anytime soon. According to a survey conducted by Foundry in 2023, 70% of organizations have brought some cloud apps or services back to on premises after migration due to security concerns, budget/cost control, and performance/reliability issues. 

But at the same time, the cloud is still growing in importance within organizations. Gartner projects that public cloud spending will increase by 20.4% in just the next year. With all of this in mind, it’s safe to say that most businesses are leveraging a hybrid approach and will continue to do so for a long time. 

But where does this leave today’s data security professionals, who must simultaneously secure cloud and on prem operations? The key to building a robust data security approach and future-proofing your hybrid organization is to adopt cloud-native data security that serves both areas equally well and, importantly, can match the expected cloud growth demands of the future.

On Prem Data Security Considerations

Because on premises data stores are here to stay for most organizations, teams must consider how they will respond to the unique challenges of on prem data security. Let’s dive into two areas that are unique to on premises data stores and require specific security considerations:

Network-Attached Storage (NAS) and File Servers

File shares, such as SMB (CIFS), NFS and FTP, play an integral role in making on prem data accessible. However, the specific structure and data formats used within file servers can pose challenges for data security professionals, including:

  • Identifying where sensitive data is stored and preventing its sprawl to unknown locations.
  • Nested or inherited permissions structures that could lead to overly permissive access.
  • Ensuring security and compliance across massive amounts of data that change continuously.

On Prem Databases With Structured and Unstructured Data

The variety in on prem databases also brings security challenges. Different databases such as MSSQL, Oracle, PostgreSQL, MongoDB, and MySQL and others use different data structures. Security professionals often struggle to compile structured, unstructured, and semi-structured data from these different sources to monitor their data security posture continuously. ETL operations do the heavy lifting, but this can lead to further obfuscation of the underlying (and often sensitive!) data. Plus, access control is managed separately within each of these databases, making it hard to institute least privilege.

Businesses need to use data security solutions that can scan all of these distinct store and data types, centralize security administration for these disparate storage areas, and respond to security issues commonly appearing in hybrid environments, such as misconfigurations, weak security, data proliferation and compliance violations. Legacy premise or cloud-only solutions won’t cut it in these situations, as they aren’t adapted to work with these specific considerations. 

Cloud Data Security Considerations

In addition to all these on prem data and storage variations, most organizations also leverage multiple cloud environments. This reality makes managing a holistic view of data security even more complex. A single organization might use several different cloud service providers (AWS, Azure, Google Cloud Platform, etc.), along with a variety of data lakes and data warehouses (e.g., Snowflake). Each of these platforms has a unique architecture and must be managed separately, making it challenging to centralize data security efforts.

Here are a few aspects of cloud environments that data security professionals must consider:

Massive Data Attack Surface

Because it’s so easy to move, change, or modify data in the cloud, data proliferates at an unprecedented speed. This leads to a huge attack surface of unregulated and unmonitored data. Security professionals face a new challenge in the cloud: securing data regardless of where it resides. But this can prove to be difficult when security teams might not even know that a copied or modified version of sensitive data exists in the first place. This organizational data that exists outside the centralized and secured data management framework, known as shadow data, poses a considerable threat to organizations, as they can’t protect what they don’t know.

Business Agility

In addition, security teams must figure out how to secure cloud data without slowing down other teams’ innovation and agility in the cloud. In many cases, teams must copy cloud data to complete their daily tasks. For example, a developer might need to stage a copy of production data for test purposes, or a business intelligence analyst might need to mine a copy of production data for new revenue opportunities. They must learn how to enforce critical policies without gatekeeping sensitive data that teams need to access for the business to succeed. 

Variety in Data Store Types

Cloud infrastructure often includes a variety of data store types as well. This includes cloud computing infrastructure such as IaaS, PaaS, DBaaS, application development components such as repositories and live applications, and, in many cases, several different public cloud providers. Each of these data stores exists in a silo, making it challenging for data security professionals to gain a centralized view of the entire organization’s data security posture. 

Unifying Cloud and On Prem Hybrid Environments With Cloud-Native Data Security

Because of its massive scale, dynamic nature, and service-oriented architecture, cloud infrastructure is more complex to secure than on prem. Generally speaking, anyone with a username and password for a cloud instance can access most of the data inside it by default. In other words, you can’t just secure its boundaries as you would with on premises data. And because new cloud instances are so easy to spin up, there are no assurances that a new cloud asset, that may contain data copies, will have the same protections as the original.  

Because of this complexity, legacy tools originally created for on prem environments, such as traditional data loss prevention (DLP), just won’t cut it in cloud environments. Yet cloud-only security offerings, such as those from the cloud service providers themselves, exclude the unique aspects of on premises environments or may be myopic in what they support. Instead, organizations must consider solutions that address both on prem and multi-cloud environments simultaneously. The answer lies in cloud-native data security that supports both

Because it’s built for the complexity of the cloud but includes support for on prem infrastructure, a cloud-native data security platform can follow your data across your entire hybrid environment and compile complex security posture information into a single location. Sentra approaches this concept in a unique way, enabling teams to see data similarity and movement between on prem and cloud stores. By understanding data movement, organizations can minimize the risks associated with data sprawl, while simultaneously securely enabling the business.

With a unified platform, teams can see a complete picture of their data security posture without needing to jump back and forth between the contexts and differing interfaces of on premises and cloud tools. A centralized platform also enables teams to consistently define and enforce policies for all types of data across all types of environments. In addition, it makes it easier to generate audit-ready reports and feed data into remediation tools from a single integration point.


Sentra’s Cloud-Native Approach to Hybrid Environments

Sentra offers a cloud-native data security posture management (DSPM) solution for monitoring various data types across all environments — from premises to SaaS to public cloud.

This is a major development, as our solution uniquely enables security teams to…

  • Automatically discover all data without agents or connectors, including data within multiple cloud environments, NFS / SMB File Servers, and both SQL/NoSQL on premises databases.
  • Compile information inside a single data catalog that lists sensitive data and its security and compliance posture.
  • Receive alerts for misconfigurations, weak encryptions, compliance violations, and much more.
  • Identify duplicated data between environments, including on prem, cloud, and SaaS, enabling organizations to clean up unused data, control sprawl and reduce risks.
  • Track access to sensitive data stores from a single interface and ensure least privilege access.

Plus, when you use Sentra, your data never leaves your environment - it remains in place, secure and without disruption. We leverage native cloud serverless processing functions (ex. AWS Lambda) to scan your cloud data. For on premises, we scan all data within your secure networks and only send metadata to the Sentra cloud platform for further reporting and analysis.

Sentra also won’t interrupt your production flow of data, as it works asynchronously in both cloud and on premises environments (it scans on prem by creating temporary copies to scan in the customer cloud environment).

Dive deeper into how Sentra’s data security posture management (DSPM) helps hybrid organizations secure data everywhere. 

To learn more about DSPM, schedule a demo with one of our experts.

Read More
David Stuart
David Stuart
March 11, 2024
4
Min Read
Data Loss Prevention

It's Time to Embrace Cloud DLP and DSPM

It's Time to Embrace Cloud DLP and DSPM

What’s the best way to prevent data exfiltration or exposure? In years past, the clear answer was often data loss prevention (DLP) tools. But today, the answer isn’t so clear — especially in light of the data democratization trend and for those who have adopted multi-cloud or cloud-first strategies. 

Data loss prevention (DLP) emerged in the early 2000s as a way to secure web traffic, which wasn’t encrypted at the time. Without encryption, anyone could tap into data in transit, creating risk for any data that left the safety of on-premise storage. As Cyber Security Review describes, “The main approach for DLP here was to ensure that any sensitive data or intellectual property never saw the outside web. The main techniques included (1) blocking any actions that copy or move data to unauthorized devices and (2) monitoring network traffic with basic keyword matching.”

Although DLP has evolved for securing endpoints, email and more, its core functionality has remained the same: gatekeeping data within a set perimeter. But, this approach simply doesn’t perform well in cloud environments, as the cloud doesn’t have a clear perimeter. Instead, today’s multi-cloud environment includes constantly changing data stores, infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS) and more.

And thanks to data democratization, people across an organization can access all of these areas and move, change, or copy data within seconds. Cloud applications do so as well—even faster.

Traditional DLP tools weren’t built for cloud-native environments and can cause significant challenges for today’s organizations. Data security teams need a new approach, purpose-built for the realities of the cloud, digital transformation and today’s accelerated pace of innovation.

Why Traditional DLP Isn’t Ideal for the Cloud

Traditional DLPs are often unwieldy for the engineers who must work with the solution and ineffective for the leaders who want to see positive results and business continuity from the tool. There are a few reasons why this is the case:

1. Traditional DLP tools often trigger false alarms.

Traditional DLPs are prone to false positives. Because they are meant to detect any sensitive data that leaves a set perimeter, these solutions tend to flag normal cloud activities as security risks. For instance, traditional DLP is notorious for erroneously blocking apps and services in IaaS/PaaS environments. These “false positives” disrupt business continuity and innovation, which is frustrating for users who want to use valuable cloud data in their daily work.

Not only do traditional DLPs block the wrong signals, but they also overlook the right ones, such as suspicious activities happening over cloud-based applications like Slack, Google Drive or generative AI/LLM apps. Plus, traditional DLP doesn’t follow data as users move, change or copy it, meaning it can easily miss shadow data.

2. Traditional DLP tools cause alert fatigue.

In addition, these tools lack detailed data context, meaning that they can’t triage alerts based on severity. Combine this factor with the high number of false positives, and teams end up with an overwhelming list of alerts that they must sort manually. This reality leads to alert fatigue and can cause teams to overlook legitimate security issues.

3. Traditional DLP tools rely on lots of manual intervention.

Traditional DLP deployment and maintenance take up lots of time and resources for a cloud-based or hybrid organization. For instance, teams must often install several legacy agents and proxies across the environment to make the solution work accurately.

Plus, these legacy tools rely on clear-cut data patterns and keywords to uncover risk. These patterns are often hidden or nonexistent because they are often disguised or transformed in the data that exists in or moves to cloud environments. This means that teams must manually tune their DLP solution to align with what their sensitive cloud data actually looks like. In many cases, this manual intervention is very difficult—if not impossible—since many cloud pipelines rely on ETL data, which isn’t easy to manually alter or inspect. 

Plus, today’s organizations use vast amounts of unstructured data within cloud file shares such as Sharepoint. They must parse through tens or even hundreds of petabytes of this unstructured data, making it challenging to find hidden sensitive data. Traditional DLP solutions lack the technology that would make this process far easier, such as AI/ML analysis.

Cloud DLP: A Cloud-Native Approach to Data Loss Prevention

Because the cloud is so different from traditional, on-premise environments, today’s cloud-based and hybrid organizations need a new solution. This is where a cloud DLP solution comes into the picture. We are seeing lots of cloud DLP tools hit the market, including solutions that fall into two main categories:

SaaS DLP products that leverage APIs to provide access control. While these products help to protect from loss within some SaaS applications, they are limited in scope, only covering a small percentage of the cloud services that a typical cloud-native organization uses. These limitations mean that a SaaS DLP product can’t provide a truly comprehensive view of all cloud data or trace data lineage if it’s not based in the cloud. 

IaaS + PaaS DLP products that focus on scanning and classifying data. Some of these tools are simply reporting tools that uncover data but don’t take action to remediate any issues. This still leaves extra manual work for security teams. Other IaaS + PaaS DLP offerings include automated remediation capabilities but can cause business interruptions if the automation occurs in the wrong situation.  

To directly address the limitations inherent in traditional DLPs and avoid these pitfalls, next-generation cloud DLPs should include the following:

  • Scalability in complex, multi-cloud environments
  • Automated prioritization for detected risks based on rich data context
  • Auto-detection and remediation capabilities that use deep context to correct configuration issues, creating efficiency without blocking everyday activities
  • Integration and workflows that are compatible with your existing environments
  • Straightforward, cloud-native agentless deployment without extensive tuning or maintenance
Attribute Cloud DLP DSPM DDR
Security Use Case Data Leakage Prevention Data Posture Improvement, Compliance Threat Detection and Response
Environments SaaS, Cloud Storage, Apps Public Cloud, SaaS and OnPremises Public Cloud, SaaS, Networks
Risk Prioritization Limited: based only on predefined policies - not based on discovered data or data context Analyzes Data Context, Access Controls, and Vulnerabilities Threat Activity Context such as anomalous traffic, volume, access
Remediation Block or Redact Data Transfers, Encryption, Alert Alerts, IR/Tool Integration & Workflow Initiation Alerts, Revoke Users/Access, Isolate Data Breach

Further Enhancing Cloud DLP by Integrating DSPM & DDR

While Cloud Data Loss Prevention (DLP) helps to secure data in multi-cloud environments by preventing loss, DSPM and DDR capabilities can complete the picture. These technologies add contextual details, such as user behavior, risk scoring and real-time activity monitoring, to enhance the accuracy and actionability of data threat and loss mitigation. 

Data Security Posture Management (DSPM) enforces good data hygiene no matter where the data resides. It takes a proactive approach, significantly reducing data exposure by preventing employees from taking risky actions in the first place. Data Detection and Response (DDR) alerts teams to the early warning signs of a breach, including suspicious activities such as data access by an unknown IP address. By bringing together Cloud DLP, DSPM and DDR, your organization can establish holistic data protection with both proactive and reactive controls. There is already much overlap in these technologies. As the market evolves, it is likely they will continue to combine into holistic cloud-native data security platforms.  

Sentra’s data security platform brings a cloud-native approach to DLP by automatically detecting and remediating data risks at scale. Built for complex multi-cloud and premise environments, Sentra empowers you with a unified platform to prioritize all of your most critical data risks in near real-time.

Request a demo to learn more about our cloud DLP, DSPM and DDR offerings.

Read More
David Stuart
David Stuart
February 5, 2024
3
Min Read
Data Security

Solving M&A Integration Challenges with Sentra's DSPM

Solving M&A Integration Challenges with Sentra's DSPM

Mergers and acquisitions (M&A) integrations bring forth various risks that can significantly impact the success of the combined entity. The complexity involved in merging diverse systems, technologies, and operational processes may result in IT integration challenges, disrupting day-to-day operations and impeding synergy realization. Beyond these challenges, there are additional risks such as regulatory compliance issues, customer dissatisfaction due to service disruptions, and strategic misalignment that must be adeptly navigated during the M&A integration process. Effective risk mitigation requires proactive planning, clear communication, and meticulous execution to ensure a smooth transition for both organizations involved. Further complicating these challenges are the data security concerns inherent in M&A integrations.

Data Security Challenges in M&A Integrations

As organizations merge, they combine vast amounts of sensitive information, such as customer data, proprietary technology, and internal processes. The integration process itself can introduce vulnerabilities as systems are connected and data is migrated, potentially exposing sensitive information to cyber threats. Neglecting cybersecurity measures during M&A integrations may lead to incurring unnecessary risks, compliance violations and fines, or worse—data breaches, jeopardizing the confidentiality, integrity, and availability of critical information.

This can affect millions of individuals, and in certain situations even a billion… One notable instance of a major data breach of this size was during the 2017 acquisition of Yahoo by Verizon. Throughout the due diligence phase, Yahoo revealed two significant data breaches that it had initially tried to conceal. In the months preceding the deal, hackers compromised the personal information of 500 million Yahoo users, followed by another breach affecting one billion accounts. Despite the breaches, the acquisition proceeded at a reduced price of nearly $4.5 billion, with Verizon negotiating a $350 million reduction in the transaction value.

Navigating the M&A integration process involves addressing several critical challenges, such as:

  • Hidden vulnerabilities: Undetected breaches in acquired companies become sudden liabilities for the merged entity.
  • Integration chaos: Merging disparate data systems creates confusion, increasing access risks and potential leaks.
  • Compliance minefield: Navigating a web of new regulations across various industries and territories raises compliance burdens.
  • Insider threats: Disgruntled employees in both companies pose increased risks during integration and restructuring.

In order to achieve a seamless transition and safeguard sensitive data, it is crucial to conduct thorough due diligence on the security measures of both merging entities. It also requires the implementation of robust cybersecurity protocols and clear communication to all stakeholders about the steps being taken to protect sensitive information.

Failure to address data security challenges can result in not only financial losses but also reputational damage, eroding trust among customers and stakeholders alike. Therefore, a comprehensive approach to data security is essential to navigate M&A integrations successfully. Data Security Posture Management (DSPM) is an essential tool for easily and quickly assessing the risk of data exposure and related compliance adherence of candidate acquisition and integration targets.

Rapid Assessment of Data Risk

DSPM provides a rapid and straightforward assessment of data exposure risks, ensuring compliance with standards throughout the acquisition and integration efforts. Its unique capabilities include unparalleled detection of both known and unknown shadow data repositories, exceptional granular data classification, and posture and risk assessment for data, regardless of its location.

security posture score

Cloud-native Data Security Posture Management (DSPM) requires no connectors, agents, or credentials for operation. This simplicity makes it a valuable asset for organizations seeking a comprehensive and efficient solution to enhance their data security measures throughout the intricate process of M&A integrations. Set up is quick and easy and no data ever leaves the target environment - so there is no impact to operations or increased security risk.


DSPM is agnostic to infrastructure, so it works across the entire cloud estate - despite variance in the host public cloud provider. It supports all leading Cloud Service Providers (CSPs), or in the underlying data structure - it works equally for structured as well as unstructured data. Assessment time is short, generally within hours to a few days max, and takes place autonomously. 

Risk Sensitivity Score

Once the assessment is complete, a risk sensitivity score is generated for each discovered data store, for example, S3, RDS, Snowflake, OneDrive, etc., and the underlying data assets contained within. These scores can be easily compared with other portfolio members (as long as they also have actively configured accounts) to determine the level of risk a new portfolio member brings to the organization. This is done granularly, and can be filtered by account type (AWS, GCP, Azure, etc.),  by environment (development, production, etc.), by region or can be custom defined.

Adherence to Compliance Frameworks

Ensuring adherence to compliance frameworks in the context of M&A integration is a critical aspect of assessing risk associated with potential integration targets. 

It involves a thorough examination of an organization's compliance with industry data security standards and regulations, as well as the adoption of best practices. Sentra's Data Security Posture Management (DSPM) offers a comprehensive range of frameworks for independent assessment of compliance levels, while also providing alerts for potential policy violations. This proactive approach aids in a more accurate evaluation of the risk of audit failure and potential regulatory fines. Maintaining compliance with global regulations and internal policies for cloud data is essential. Examples include General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard (PCI-DSS). 

In the era of multi-cloud operations, sensitive cloud data is in constant motion, leading to various challenges such as:

  • Unknown data risks due to lack of visibility and inaccurate data classification.
  • Undetected data movement across regions.
  • Unnoticed changes to access permissions and user activity.
  • Misconfigurations of data security posture resulting in avoidable violations. 

The continuous movement and changes in data activity make it challenging to achieve the necessary visibility and control to comply with global regulations. Your data security posture management needs the ability to keep pace by being fully automated and continuously on guard.

Conclusion

To conclude, successful mergers and acquisitions (M&A) integrations demand a meticulous strategy to address data security challenges. In the integration process, organizations merge vast amounts of sensitive information, introducing vulnerabilities as systems are connected and data is migrated, potentially exposing this sensitive information to cyber threats. 

Data Security Posture Management (DSPM), stands out for its simplicity and rapid risk assessment capabilities. Its agnostic nature, quick setup, and autonomous assessment make it a valuable asset during the intricate M&A process.

The Risk Sensitivity Score provided by Sentra's DSPM solution enables granular evaluation of risks associated with each data store, facilitating informed decision-making. Adherence to compliance frameworks is crucial, and Sentra's DSPM plays a vital role by offering a comprehensive range of frameworks for independent assessment, ensuring compliance with industry standards.

In the dynamic multi-cloud landscape, where sensitive data is in constant motion, DSPM becomes indispensable. It addresses challenges such as unknown data risks, undetected data movement, and misconfigurations, providing the needed visibility and control for compliance with global regulations. In essence, a proactive approach, coupled with tools like DSPM, is essential for secure M&A integrations. Failure to address data security challenges not only poses financial threats but also jeopardizes reputational integrity. Prioritizing data security throughout the integration journey is crucial for success.

To learn more about DSPM, schedule a demo with one of our experts.

Read More
David Stuart
David Stuart
December 6, 2023
4
Min Read
Data Security

Safeguarding Data Integrity and Privacy in the Age of AI-Powered Large Language Models (LLMs)

Safeguarding Data Integrity and Privacy in the Age of AI-Powered Large Language Models (LLMs)

In the burgeoning realm of artificial intelligence (AI), Large Language Models (LLMs) have emerged as transformative tools, enabling the development of applications that revolutionize customer experiences and streamline business operations. These sophisticated AI models, trained on massive amounts of text data, can generate human-quality text, translate languages, write different kinds of creative content, and answer questions in an informative way.

Unfortunately, the extensive data consumption and rapid adoption of LLMs has also brought to light critical challenges surrounding the protection of data integrity and privacy during the training process. As organizations strive to harness the power of LLMs responsibly, it is imperative to address these vulnerabilities and ensure that sensitive information remains secure.

Challenges: Navigating the Risks of LLM Training

The training of LLMs often involves the utilization of vast amounts of data, often containing sensitive information such as personally identifiable information (PII), intellectual property, and financial records. This wealth of data presents a tempting target for malicious actors seeking to exploit vulnerabilities and gain unauthorized access.

One of the primary challenges is preventing data leakage or public disclosure. LLMs can inadvertently disclose sensitive information if not properly configured or protected. This disclosure can occur through various means, such as unauthorized access to training data, vulnerabilities in the LLM itself, or improper handling of user inputs.

Another critical concern is avoiding overly permissive configurations. LLMs can be configured to allow users to provide inputs that may contain sensitive information. If these inputs are not adequately filtered or sanitized, they can be incorporated into the LLM's training data, potentially leading to the disclosure of sensitive information.

Finally, organizations must be mindful of the potential for bias or error in LLM training data. Biased or erroneous data can lead to biased or erroneous outputs from the LLM, which can have detrimental consequences for individuals and organizations.

OWASP Top 10 for LLM Applications

The OWASP Top 10 for LLM Applications identifies and prioritizes critical vulnerabilities that can arise in LLM applications. Among these, LLM03 Training Data Poisoning, LLM06 Sensitive Information Disclosure, LLM08 Excessive Agency, and LLM10 Model Theft pose significant risks that cybersecurity professionals must address. Let's dive into these:

OWASP Top 10 for LLM Applications

LLM03: Training Data Poisoning

LLM03 addresses the vulnerability of LLMs to training data poisoning, a malicious attack where carefully crafted data is injected into the training dataset to manipulate the model's behavior. This can lead to biased or erroneous outputs, undermining the model's reliability and trustworthiness.

The consequences of LLM03 can be severe. Poisoned models can generate biased or discriminatory content, perpetuating societal prejudices and causing harm to individuals or groups. Moreover, erroneous outputs can lead to flawed decision-making, resulting in financial losses, operational disruptions, or even safety hazards.

LLM06: Sensitive Information Disclosure

LLM06 highlights the vulnerability of LLMs to inadvertently disclosing sensitive information present in their training data. This can occur when the model is prompted to generate text or code that includes personally identifiable information (PII), trade secrets, or other confidential data.

The potential consequences of LLM06 are far-reaching. Data breaches can lead to financial losses, reputational damage, and regulatory penalties. Moreover, the disclosure of sensitive information can have severe implications for individuals, potentially compromising their privacy and security.

LLM08: Excessive Agency

LLM08 focuses on the risk of LLMs exhibiting excessive agency, meaning they may perform actions beyond their intended scope or generate outputs that cause harm or offense. This can manifest in various ways, such as the model generating discriminatory or biased content, engaging in unauthorized financial transactions, or even spreading misinformation.

Excessive agency poses a significant threat to organizations and society as a whole. Supply chain compromises and excessive permissions to AI-powered apps can erode trust, damage reputations, and even lead to legal or regulatory repercussions. Moreover, the spread of harmful or offensive content can have detrimental social impacts.

LLM10: Model Theft

LLM10 highlights the risk of model theft, where an adversary gains unauthorized access to a trained LLM or its underlying intellectual property. This can enable the adversary to replicate the model's capabilities for malicious purposes, such as generating misleading content, impersonating legitimate users, or conducting cyberattacks.

Model theft poses significant threats to organizations. The loss of intellectual property can lead to financial losses and competitive disadvantages. Moreover, stolen models can be used to spread misinformation, manipulate markets, or launch targeted attacks on individuals or organizations.

Recommendations: Adopting Responsible Data Protection Practices

To mitigate the risks associated with LLM training data, organizations must adopt a comprehensive approach to data protection. This approach should encompass data hygiene, policy enforcement, access controls, and continuous monitoring.

Data hygiene is essential for ensuring the integrity and privacy of LLM training data. Organizations should implement stringent data cleaning and sanitization procedures to remove sensitive information and identify potential biases or errors.

Policy enforcement is crucial for establishing clear guidelines for the handling of LLM training data. These policies should outline acceptable data sources, permissible data types, and restrictions on data access and usage.

Access controls should be implemented to restrict access to LLM training data to authorized personnel and identities only, including third party apps that may connect. This can be achieved through role-based access control (RBAC), zero-trust IAM, and multi-factor authentication (MFA) mechanisms.

Continuous monitoring is essential for detecting and responding to potential threats and vulnerabilities. Organizations should implement real-time monitoring tools to identify suspicious activity and take timely action to prevent data breaches.

Solutions: Leveraging Technology to Safeguard Data

In the rush to innovate, developers must remain keenly aware of the inherent risks involved with training LLMs if they wish to deliver responsible, effective AI that does not jeopardize their customer's data.  Specifically, it is a foremost duty to protect the integrity and privacy of LLM training data sets, which often contain sensitive information.

Preventing data leakage or public disclosure, avoiding overly permissive configurations, and negating bias or error that can contaminate such models should be top priorities.

Technological solutions play a pivotal role in safeguarding data integrity and privacy during LLM training. Data security posture management (DSPM) solutions can automate data security processes, enabling organizations to maintain a comprehensive data protection posture.

DSPM solutions provide a range of capabilities, including data discovery, data classification, data access governance (DAG), and data detection and response (DDR). These capabilities help organizations identify sensitive data, enforce access controls, detect data breaches, and respond to security incidents.

Cloud-native DSPM solutions offer enhanced agility and scalability, enabling organizations to adapt to evolving data security needs and protect data across diverse cloud environments.

Sentra: Automating LLM Data Security Processes

Having to worry about securing yet another threat vector should give overburdened security teams pause. But help is available.

Sentra has developed a data privacy and posture management solution that can automatically secure LLM training data in support of rapid AI application development.

The solution works in tandem with AWS SageMaker, GCP Vertex AI, or other AI IDEs to support secure data usage within ML training activities.  The solution combines key capabilities including DSPM, DAG, and DDR to deliver comprehensive data security and privacy.

Its cloud-native design discovers all of your data and ensures good data hygiene and security posture via policy enforcement, least privilege access to sensitive data, and monitoring and near real-time alerting to suspicious identity (user/app/machine) activity, such as data exfiltration, to thwart attacks or malicious behavior early. The solution frees developers to innovate quickly and for organizations to operate with agility to best meet requirements, with confidence that their customer data and proprietary information will remain protected.

LLMs are now also built into Sentra’s classification engine and data security platform to provide unprecedented classification accuracy for unstructured data.

Learn more about Large Language Models (LLMs) here.

Conclusion: Securing the Future of AI with Data Privacy

AI holds immense potential to transform our world, but its development and deployment must be accompanied by a steadfast commitment to data integrity and privacy. Protecting the integrity and privacy of data in LLMs is essential for building responsible and ethical AI applications. By implementing data protection best practices, organizations can mitigate the risks associated with data leakage, unauthorized access, and bias. Sentra's DSPM solution provides a comprehensive approach to data security and privacy, enabling organizations to develop and deploy LLMs with speed and confidence.

Read More
David Stuart
October 21, 2024
5
Min Read
Data Sprawl

How Sentra Built a Data Security Platform for the AI Era

How Sentra Built a Data Security Platform for the AI Era

In just three years, Sentra has witnessed the rapid evolution of the data security landscape. What began with traditional on-premise Data Loss Prevention (DLP) solutions has shifted to a cloud-native focus with Data Security Posture Management (DSPM). This marked a major leap in how organizations protect their data, but the evolution didn’t stop there.

The next wave introduced new capabilities like Data Detection and Response (DDR) and Data Access Governance (DAG), pushing the boundaries of what DSPM could offer. Now, we’re entering an era where SaaS Security Posture Management (SSPM) and Artificial Intelligence Security Posture Management (AI-SPM) are becoming increasingly important. 

These shifts are redefining what we’ve traditionally called Data Security Platform (DSP) solutions, marking a significant transformation in the industry. The speed of this evolution speaks to the growing complexity of data security needs and the innovation required to meet them.

The Evolution of Data Security

What Is Driving The Evolution of Data Security?

The evolution of the data security market is being driven by several key macro trends:

  • Digital Transformation and Data Democratization: Organizations are increasingly embracing digital transformation, making data more accessible to various teams and users.
  • Rapid Cloud Adoption: Businesses are moving to the cloud at an unprecedented pace to enhance agility and responsiveness.
  • Explosion of Siloed Data Stores: The growing number of siloed data stores, diverse data technologies, and an expanding user base is complicating data management.
  • Increased Innovation Pace: The rise of artificial intelligence (AI) is accelerating the pace of innovation, creating new opportunities and challenges in data security.
  • Resource Shortages: As organizations grow, the need for automation to keep up with increasing demands has never been more critical.
  • Stricter Data Privacy Regulations: Heightened data privacy laws and stricter breach disclosure requirements are adding to the urgency for robust data protection measures.
Rapid cloud adoption

Similarly, there has been an evolution in the roles involved with the management, governance, and protection of data. These roles are increasingly intertwined and co-dependent as described in our recent blog entitled “Data: The Unifying Force Behind Disparate GRC Functions”. We identify that today each respective function operates within its own domain yet shares ownership of data at its core. As the co-dependency on data increases so does the need for a unifying platform approach to data security.

Sentra has adapted to these changes to align our messaging with industry expectations, buyer requirements, and product/technology advancements.

A Data Security Platform for the AI Era

Sentra is setting the standard with the leading Data Security Platform for the AI Era.

With its cloud-native design, Sentra seamlessly integrates powerful capabilities like Data Discovery and Classification, Data Security Posture Management (DSPM), Data Access Governance (DAG), and Data Detection and Response (DDR) into a comprehensive solution. This allows our customers to achieve enterprise-scale data protection while addressing critical questions about their data.

data security cycle - visibility, context, access, risks, threats

What sets Sentra apart is its connector-less, cloud-native architecture, which effortlessly scales to accommodate multi-petabyte, multi-cloud environments without the administrative burdens typical of connector-based legacy systems. These more labor-intensive approaches often struggle to keep pace and frequently overlook shadow data.

Moreover, Sentra harnesses the power of AI and machine learning to accurately interpret data context and classify data. This not only enhances data security but also ensures the privacy and integrity of data used in Gen- AI applications. We recognized the critical need for accurate and automated Data Discovery and Classification, along with Data Security Posture Management (DSPM), to address the risks associated with data proliferation in a multi-cloud landscape. Based on our customers' evolving needs, we expanded our capabilities to include DAG and DDR. These tools are essential for managing data access, detecting emerging threats, and improving risk mitigation and data loss prevention.

DAG maps the relationships between cloud identities, roles, permissions, data stores, and sensitive data classes. This provides a complete view of which identities and data stores in the cloud may be overprivileged. Meanwhile, DDR offers continuous threat monitoring for suspicious data access activity, providing early warnings of potential breaches.

We grew to support SaaS data repositories including Microsoft 365 (SharePoint, OneDrive, Teams, etc.), G Suite (Gdrive) and leveraged AI/ML to accurately classify data hidden within unstructured data stores.

Sentra’s accurate data sensitivity tagging and granular contextual details allows organizations to enhance the effectiveness of their existing tools, streamline workflows, and automate remediation processes. Additionally, Sentra offers pre-built integrations with various analysis and response tools used across the enterprise, including data catalogs, incident response (IR) platforms, IT service management (ITSM) systems, DLPs, CSPMs, CNAPPs, IAM, and compliance management solutions.

How Sentra Redefines Enterprise Data Security Across Clouds

Sentra has architected a solution that can deliver enterprise-scale data security without the traditional constraints and administrative headaches. Sentra’s cloud-native design easily scales to petabyte data volumes across multi-cloud and on-premises environments. 

The Sentra platform incorporates a few major differentiators that distinguish it from other solutions including:

  • Novel Scanning Technology: Sentra uses inventory files and advanced automatic grouping to create a new entity called “Data Asset”, a group of files that have the same structure, security posture and business function. Sentra automatically reduces billions of files into thousands of data assets (that represent different types of data) continuously, enabling full coverage of 100% of cloud data of petabytes to just several hundreds of thousands of files which need to be scanned (5-6 orders of magnitude less scanning required). Since there is no random sampling involved in the process, all types of data are fully scanned and for differentials on a daily basis. Sentra supports all leading IaaS, PaaS, SaaS and On-premises stores.
  • AI-powered Autonomous Classification: Sentra’s use of AI-powered classification provides approximately 97% classification accuracy of data within unstructured documents and structured data. Additionally, Sentra provides rich data context (distinct from data class or type) about multiple aspects of files, such as data subject residency, business impact, synthetic or real data, and more. Further, Sentra’s classification uses LLMs (inside the customer environment) to automatically learn and adapt based on the unique business context, false positive user inputs, and allows users to add AI-based classifiers using natural language (powered by LLMs). This autonomous learning means users don’t have to customize the system themselves, saving time and helping to keep pace with dynamic data.
  • Data Perimeters / Movement: Sentra DataTreks™ provides the ability to understand data perimeters automatically and detect when data is moving (e.g. copied partially or fully) to a different perimeter. For example, it can detect data similarity/movement from a well protected production environment to a less- protected development environment. This is important for highly dynamic cloud environments and promoting secure data democratization.
  • Data Detection and Response (DDR): Sentra’s DDR module highlights anomalies such as unauthorized data access or unusual data movements in near real-time, integrating alerts into existing tools like ServiceNow or JIRA for quick mitigation.
  • Easy Customization: In addition to ‘learning’ of a customer's unique data types, with Sentra it’s easy to create new classifiers, modify policies, and apply custom tagging labels.

As AI reshapes the digital landscape, it also creates new vulnerabilities, such as the risk of data exposure through AI training processes. The Sentra platform addresses these AI-specific challenges, while continuing to tackle the persistent security issues from the cloud era, providing an integrated solution that ensures data security remains resilient and adaptive.

Use Cases: Solving Complex Problems with Unique Solutions

Sentra’s unique capabilities allow it to serve a broad spectrum of challenging data security, governance and compliance use cases. Two frequently cited DSPM use cases are preventing data breaches and facilitating GenAI technology deployments. With the addition of data privacy compliance, these represent the top three.  

Let's dive deeper into how Sentra's platform addresses specific challenges:

Data Risk Visibility

Sentra’s Data Security Platform enables continuous analysis of your security posture and automates risk assessments across your entire data landscape. It identifies data vulnerabilities across cloud-native and unmanaged databases, data lakes, and metadata catalogs. By automating the discovery and classification of sensitive data, teams can prioritize actions based on the sensitivity and policy guidelines related to each asset. This automation not only saves time but also enhances accuracy, especially when leveraging large language models (LLMs) for detailed data classification.

Security and Compliance Audit

Sentra Data Security Platform can also automate the process of identifying regulatory violations and ensuring adherence to custom and pre-built policies (including policies that map to common compliance frameworks). 

The platform automates the identification of regulatory violations, ensuring compliance with both custom and established policies. It helps keep sensitive data in the right environments, preventing it from traveling to regions that violate retention policies or lack encryption. Unlike manual policy implementation, which is prone to errors, Sentra’s automated approach significantly reduces the risk of misconfiguration, ensuring that teams don’t miss critical activities.

Data Access Governance

Sentra enhances data access governance (DAG) by enforcing appropriate permissions for all users and applications within an organization. By automating the monitoring of access permissions, Sentra mitigates risks such as excessive permissions and unauthorized access. This ensures that teams can maintain least privilege access control, which is essential in a growing data ecosystem.

Minimizing Data and Attack Surface

The platform’s capabilities also extend to detecting unmanaged sensitive data, such as shadow or duplicate assets. By automatically finding and classifying these unknown data points, Sentra minimizes the attack surface, controls data sprawl, and enhances overall data protection.

Secure and Responsible AI

As organizations build new Generative AI applications, Sentra extends its protection to LLM applications, treating them as part of the data attack surface. This proactive management, alongside monitoring of prompts and outputs, addresses data privacy and integrity concerns, ensuring that organizations are prepared for the future of AI technologies.

Insider Risk Management

Sentra effectively detects insider risks by monitoring user access to sensitive information across various platforms. Its Data Detection and Response (DDR) capabilities provide real-time threat detection, analyzing user activity and audit logs to identify unusual patterns.

Data Loss Prevention (DLP)

The platform integrates seamlessly with endpoint DLP solutions to monitor all access activities related to sensitive data. By detecting unauthorized access attempts from external networks, Sentra can prevent data breaches before they escalate, all while maintaining a positive user experience.

Sentra’s robust Data Security Platform offers solutions for these use cases and more, empowering organizations to navigate the complexities of data security with confidence. With a comprehensive approach that combines visibility, governance, and protection, Sentra helps businesses secure their data effectively in today’s dynamic digital environment.

From DSPM to a Comprehensive Data Security Platform

Sentra has evolved beyond being the leading Data Security Posture Management (DSPM) solution; we are now a Cloud-native Data Security Platform (DSP). Today, we offer holistic solutions that empower organizations to locate, secure, and monitor their data against emerging threats. Our mission is to help businesses move faster and thrive in today’s digital landscape.

What sets the Sentra DSP apart is its unique layer of protection, distinct from traditional infrastructure-dependent solutions. It enables organizations to scale their data protection across ever-expanding multi-cloud environments, meeting enterprise demands while adapting to ever-changing business needs—all without placing undue burdens on the teams managing it.

And we continue to progress. In a world rapidly evolving with advancements in AI, the Sentra Data Security Platform stands as the most comprehensive and effective solution to keep pace with the challenges of the AI age. We are committed to developing our platform to ensure that your data security remains robust and adaptive.

 Sentra's Cloud-Native Data Security Platform provides comprehensive data protection for the entire data estate.
 Sentra Cloud-Native Data Security Platform provides comprehensive data protection for the entire data estate.
Read More