Notifications
Clear all
Topic starter
07/06/2026 9:22 pm
TL;DR: Cloud-stored data now appears in 82% of breaches and 39% span multiple environments, according to Cyera’s Data Security Architect’s Guide to Adopting DSPM. The implication is that visibility, misconfiguration control, and privilege reduction now matter more than perimeter assumptions, and DSPM only helps when it is tied to IAM and remediation workflows.
NHIMG editorial — based on content published by Cyera: The Data Security Architect's Guide to Adopting DSPM
By the numbers:
Questions worth separating out
Q: How should security teams use DSPM to reduce cloud breach risk?
A: They should use DSPM to find sensitive data, then connect those findings to the identities and roles that can reach it.
Q: Why do cloud-stored data breaches often involve identity controls?
A: Because the data usually becomes reachable through misconfigurations or excessive privileges, not through a single perimeter failure.
Q: What do teams get wrong about DSPM dashboards?
A: They treat visibility as the outcome instead of the start of the process.
Practitioner guidance
- Correlate sensitive data to identity entitlements Join DSPM findings to IAM and NHI access reviews so every high-risk dataset is tied to the identities that can reach it, including service accounts and workload identities.
- Prioritise over-privileged paths first Use exposure and access scope together to rank the permissions that create the largest blast radius, then remediate those before broadening the programme to low-risk assets.
- Build remediation ownership into the operating model Assign response owners, approval steps, and enforcement actions for every DSPM alert so discovery triggers a change in privilege or configuration rather than another report.
What's in the full report
Cyera's full research covers the operational detail this post intentionally leaves for the source:
- The 30-page DSPM playbook and reference architecture guidance for deployment planning.
- RACI chart examples that show how to assign ownership for discovery, triage, and remediation.
- 30-60-90-day milestones for turning DSPM from visibility into an operating programme.
- Practical automation guidance for discovery, risk scoring, and remediation workflows.
👉 Read Cyera's guide to adopting DSPM for cloud data security →
DSPM for cloud breach reduction: are your controls keeping up?
Explore further
08/06/2026 9:18 am
DSPM is becoming an identity governance problem, not just a data discovery problem. Once 82% of breaches involve cloud-stored data, the issue is no longer whether data can be found. The real question is whether identity controls can explain who can reach that data and why. That makes DSPM relevant to IAM, PAM, and NHI programmes at the point where entitlements meet sensitive data.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: Should organisations align DSPM with IAM and PAM governance?
A: Yes. DSPM findings become actionable only when access review, privilege reduction, and owner accountability are part of the same operating model. That is where data security stops being a report and starts becoming a control.
👉 Read our full editorial: Data security posture management for cloud breaches and privilege gaps
