Notifications
Clear all
Topic starter
07/06/2026 7:59 pm
TL;DR: Gartner’s 2025 Market Guide for Data Security Posture Management says rapid AI growth and data sprawl have made it harder to locate and protect sensitive information across environments, sharpening the case for DSPM as a discovery and classification layer. The real issue is not only visibility, but whether security teams can turn findings into durable governance and control.
NHIMG editorial — based on content published by Cyera: 2025 Gartner Market Guide for Data Security Posture Management
Questions worth separating out
Q: How should security teams use DSPM to improve data governance?
A: Security teams should use DSPM as a discovery and prioritisation layer, then connect its findings to identity controls, remediation ownership, and access decisions.
Q: Why does AI make data security posture management more urgent?
A: AI makes DSPM more urgent because sensitive data can spread into training pipelines, prompts, shared tools, and automated workflows faster than teams can track manually.
Q: What breaks when DSPM findings are not tied to an owner?
A: When DSPM findings have no owner, the programme turns into a reporting exercise instead of a remediation process.
Practitioner guidance
- Map sensitive data to identity paths Tie DSPM findings to the human users, service accounts, and AI-connected workflows that can reach each dataset, then prioritize the highest-risk intersections for review.
- Define closure criteria before rollout Set ownership, severity thresholds, and remediation deadlines for each DSPM finding so the programme measures reduction, not just discovery volume.
- Review AI data reuse permissions Check whether sensitive datasets are being copied into prompts, training flows, collaboration tools, or shared storage without a matching access review.
What's in the full report
Cyera's full report covers the operational detail this post intentionally leaves for the source:
- Gartner’s implementation recommendations for selecting DSPM tools across cloud, SaaS, and hybrid environments
- Operational examples of how to turn discovery outputs into remediation queues and policy changes
- The market direction, challenge set, and vendor approach comparisons that shape buyer evaluation
- Specific use cases for AI-related data security that go beyond the high-level governance framing here
👉 Read Cyera's 2025 Gartner Market Guide for Data Security Posture Management →
DSPM and AI data visibility gaps: what IAM teams need to know?
Explore further
07/06/2026 9:45 pm
DSPM is becoming the control plane for data visibility, but not the control plane for identity governance. The Gartner framing reinforces a structural reality: discovery and classification are now baseline requirements, yet they do not answer who or what should be allowed to use the data. For IAM leaders, the useful question is how DSPM findings feed access decisions, recertification, and non-human credential governance. The implication is clear: visibility is necessary, but governance still happens in identity systems.
A few things that frame the scale:
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which shows how often identity blind spots extend beyond data stores into the accounts that touch them.
A question worth separating out:
Q: How do organisations know if DSPM is working?
A: Organisations know DSPM is working when discovery leads to fewer high-risk exposures, faster remediation, and cleaner access decisions for sensitive data. If the tool keeps finding the same issues without reduction in exposure or improved ownership, it is generating visibility without governance impact.
👉 Read our full editorial: Data security posture management for AI-era visibility gaps
