Notifications
Clear all
Topic starter
07/06/2026 8:14 pm
TL;DR: Sensitive data discovery and classification is expanding quickly, with 39% of surveyed organisations already using it, 22% in pilot or proof of concept, 22% planning deployment in the next 12 months, and 71% expecting to increase spending, according to Cyera. Manual implementation remains a bottleneck as cloud deployments accelerate.
NHIMG editorial — based on content published by Cyera: Securing More Data in More Places With Sensitive Data Discovery and Classification in the Cloud
By the numbers:
- 39% of those surveyed are using sensitive data discovery and classification.
- 22% are in pilot/proof of concept.
- 71% say they will increase their spending on it in the next 12 months.
Questions worth separating out
Q: How should security teams use sensitive data discovery to reduce cloud risk?
A: Security teams should use discovery output to identify which identities can actually reach sensitive datasets, then narrow access based on business need.
Q: Why does sensitive data classification often fail in cloud environments?
A: It often fails because cloud estates change faster than manual review cycles can keep up.
Q: What do teams get wrong about deploying DSPM?
A: Teams often treat DSPM as a data cataloguing project instead of a governance control.
Practitioner guidance
- Map sensitive data to effective identity reach Link classification results to human, service account, and workload entitlements so teams can see which identities can reach the highest-value datasets.
- Replace manual discovery with continuous coverage Move from one-time classification exercises to recurring scans across cloud storage, backup locations, and shared services.
- Use exposure to drive access review order Start access recertification with datasets that are both sensitive and broadly reachable, then work outward to lower-risk data.
What's in the full report
Cyera's full report covers the operational detail this post intentionally leaves for the source:
- Survey methodology and the underlying market breakdown behind the 39% adoption figure
- Implementation strategies for sensitive data discovery and classification across cloud environments
- Vendor development themes that affect deployment planning and operational maturity
- Operational considerations for teams moving from pilot to production DSPM
👉 Read Cyera's report on sensitive data discovery and classification in the cloud →
Sensitive data discovery and classification in cloud environments?
Explore further
07/06/2026 10:03 pm
Data visibility is becoming an identity governance problem, not just a storage problem. Sensitive data discovery only matters when organisations can connect classification outcomes to access paths, service accounts, and workload permissions. In cloud environments, the risk is not simply unknown data. It is unknown data that remains reachable through persistent identity grants. Practitioners should treat DSPM as part of entitlement governance, not a separate reporting layer.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey.
- 52% of respondents see AI security decision-making power shifting toward platform and infrastructure teams rather than the executive suite.
A question worth separating out:
Q: How do organisations decide which datasets to govern first?
A: They should start with datasets that are both sensitive and reachable by broad or persistent identity grants. That means crown-jewel records, shared cloud storage, and replicated copies that are accessible by service accounts or workloads. Prioritising by exposure and sensitivity gives the fastest risk reduction.
👉 Read our full editorial: Sensitive data discovery in the cloud is shifting toward DSPM
