Notifications
Clear all
Topic starter
07/06/2026 8:33 pm
TL;DR: Cloud-stored data now appears in 82% of breaches, 39% span multiple environments, and more than one-third involve shadow data, according to Cyera. The practical shift is from perimeter thinking to continuous data visibility, because scattered data and over-privileged access turn misconfiguration into measurable breach cost and containment delays.
NHIMG editorial — based on content published by Cyera: Why DSPM Has Moved From Buzzword to Board-Level Mandate and How Our New Guide Can Help
By the numbers:
- 82% of breaches now involve cloud-stored data, and 39% span multiple environments.
Questions worth separating out
Q: How should security teams implement DSPM alongside IAM and NHI controls?
A: They should treat DSPM as the visibility layer that tells IAM and NHI teams which identities can reach sensitive data, where copies exist, and which stores sit outside sanctioned controls.
Q: Why do cloud data copies create more risk than a single protected dataset?
A: Because each copy creates a new access path, a new owner, and often a new control gap.
Q: What do teams get wrong when they measure DSPM success?
A: They often count scans and covered systems instead of reduction in reachable exposure.
Practitioner guidance
- Inventory sensitive data across every cloud store Start with structured, semi-structured, and unstructured stores, then include backups, replicas, and test environments.
- Correlate data classification with identity entitlements Join sensitivity labels to the users, service accounts, and pipeline identities that can reach the data.
- Push remediation into existing workflows Route high-risk findings into ITSM, SIEM, and CI/CD processes so labels can be corrected, access can be revoked, and exposed datasets can be remediated without waiting for manual follow-up.
What's in the full article
Cyera's full research guide covers the operational detail this post intentionally leaves for the source:
- Reference architectures for embedding DSPM into DevSecOps and governance workflows.
- RACI charts that separate data owners, security teams, and compliance responsibilities.
- 30-60-90-day milestones for rolling out discovery, risk scoring, and remediation.
- Examples of auto-labelling and just-in-time access revocation in integrated workflows.
👉 Read Cyera's guide on adopting DSPM for cloud data governance →
DSPM and cloud data exposure: what IAM teams need to know?
Explore further
07/06/2026 10:29 pm
DSPM is becoming the control plane for data-centric identity risk. Traditional IAM tells you who can authenticate, but it does not tell you where sensitive data has spread or how many identities can reach it once data is copied into cloud services, backups, and test stores. That is why DSPM now sits at the intersection of data governance and identity governance. Practitioners should treat data visibility as an access problem, not just a classification problem.
A few things that frame the scale:
- 88.5% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to The 2024 Non-Human Identity Security Report.
- That same report found that 35.6% of organisations cite managing consistent access across hybrid and multi-cloud environments as their top NHI security challenge.
A question worth separating out:
Q: What should organisations do before DSPM findings become board material?
A: They should define which data classes matter most, map where those datasets live across cloud environments, and assign remediation ownership for exposed copies. That gives boards evidence on control coverage and gives operators a clear path from finding to action.
👉 Read our full editorial: DSPM moves to board priority as cloud data exposure grows
