Dig Security Adds Support for SaaS Apps to DSPM Platform
Dig Security today added support for software-as-a-service (SaaS) applications to its platform for protecting data stored in cloud computing environments.
Dig Security CEO Dan Benjamin said as data becomes increasingly fragmented in the age of cloud computing, the Dig Data Security Platform provides a comprehensive approach to ensuring data security.
Dig Security has been making a case for an agentless approach to data security posture management (DSPM) that enables organizations to enforce policies based on the sensitivity of the data stored in various cloud computing services. The overall goal is to identify blind spots where sensitive data that cybersecurity teams are unaware of might be stored, including Microsoft 365 applications, with others to follow.
As part of that effort, Dig Security has also invested in large language models (LLMs) to enable cybersecurity teams to leverage generative artificial intelligence (AI) to better understand the potential severity of threats to data based on where and how it is stored.
In general, organizations are more focused on data security to combat ransomware threats. Most ransomware attacks try to encrypt or outright steal data using tactics and techniques that legacy cybersecurity platforms are not designed to detect. A data-centric approach to cybersecurity provides a mechanism to not only secure data but also govern it in a way that enables organizations to comply with a wide range of regulations, noted Benjamin.
The support for SaaS applications comes at a time when the number of organizations relying on SaaS applications in the wake of the COVID-19 pandemic has substantially increased. Most of the platforms, however, were chosen by business leaders with little regard for cybersecurity considerations. Since then, cybercriminals have been targeting employees with phishing attacks to gain access to credentials and log into these applications as if they were legitimate users. In addition to stealing data, cybercriminals are distributing malware and escalating privileges to enable them to access other systems.
The challenge cybersecurity teams now face is finding ways to retroactively implement the controls required to lock down SaaS applications alongside other cloud services. The issue is that organizations now have tens, sometimes even hundreds, of SaaS applications that each have a unique approach to configuring security controls. A DSPM platform enables cybersecurity teams to centralize data security in a way that reduces friction and costs, noted Benjamin.
There’s little doubt the number of attacks launched against SaaS platforms will steadily increase as more data is created and stored within them. A review of the cybersecurity controls that need to be in place is critical, especially as regulations become more stringent. The challenge, as always, is finding a way to implement those controls without disrupting the workflows these SaaS applications enable.
As these regulations governing responsibility for securing data become more stringent, it should become easier for cybersecurity teams to justify investments in more data-centric approaches to cybersecurity. The issue today is the bulk of cybersecurity spending tends to focus on protecting endpoints and perimeters. Unfortunately, cybercriminals have repeatedly shown they know how to breach those, leaving data security as the last line of defense.