Data Security Posture Management

Discover, classify and protect data in cloud environments. Prevent exfiltration and compliance violations.
Data Security Hero Front Image
Data Security Hero Back Image

Data is an organization’s most important digital asset and the focal point of security and compliance. But growing data volumes, increased regulation and the shift toward AI make it difficult to effectively monitor and protect data in the cloud.

Read about our approach to Cloud Data Security.

Discover, classify, protect and govern data in cloud environments

Prisma® Cloud Data Security Posture Management (DSPM) allows organizations to securely scale their data and AI infrastructure. Building on unique data discovery, classification and monitoring capabilities, Prisma Cloud puts data at the center of Code to Cloud™ security.
  • Support for AWS, Azure, GCP and Snowflake
  • Find shadow data and misconfigured datastores
  • Continuously monitor data at rest and in transit
  • icon Data visibility
    Data discovery and classification
  • Data risk analysis
    Data risk analysis
  • Data privacy and compliance
    Data privacy and compliance
  • Data access governance
    Data access governance
  • Data detection and response
    Data detection and response
  • icon Malware prevention
    Malware prevention

THE PRISMA CLOUD SOLUTION

Our approach to Cloud Data Security

Data discovery and classification

Prisma Cloud automatically finds and contextualizes sensitive data. Eliminate data blind spots, find shadow data and bolster your security and compliance posture with automated data classification. Prisma Cloud DSPM protects your datastores (including database and object storage) across the four major public cloud providers.

  • Comprehensive coverage

    Find all sensitive or regulated data, regardless of where data resides – infrastructure as a service (IaaS), platform as a service (PaaS), and database as a service (DBaaS) assets.

  • Automated data classification

    Use 100+ pre-built classifiers to identify PII, financial information, health records, developer secrets and compliance-related data. Customize any classifier or build your own from scratch.

  • Fast, agentless scanning and classification

    Prisma Cloud DSPM provides a full mapping of your sensitive data and risk in 24 hours, no connectors required.

  • Sensitive data stays in your account

    Data is scanned and classified in your cloud account, ensuring data residency compliance. Prisma Cloud DSPM relies on metadata and cloud logs to minimize impact on performance.

Data discovery and classification

Data risk analysis

Misconfigured cloud resources can lead to data breach and compliance violations. Publicly exposed assets, over-permissive access control and violations of data residency or privacy regulations can have costly consequences. Prisma Cloud continuously monitors, identifies and prioritizes vulnerabilities in cloud data resources.

  • Visibility into data at risk

    Get visibility into your data in complex, multicloud environments. Understand where sensitive information is exposed across structured and unstructured data in storage, analytics and database services.

  • Prebuilt and custom policies

    Use templates or define your policies to find data flows and misconfigurations that put your organization at risk: publicly-exposed storage, violations of residency requirements, excessive access permissions and more.

  • Unified policy engine

    Apply the same security policies wherever your data lives, based on a continuously updated threat model and the unique characteristics of data environments – data movement, lineage and regulatory considerations.

Data risk analysis

Data privacy and compliance

Prisma Cloud DSPM helps you strengthen your privacy and compliance posture by understanding how sensitive data is replicated or consumed across your cloud environments. See how regulated data travels through different cloud services and environments to detect issues, such as violations of data residency requirements or non-compliant replication between environments.

  • Identify sensitive data at rest, in use and in motion

    Prisma Cloud DSPM monitors data flows between storage locations and environments (e.g., between production and development), allowing you to see the full path leading to a compliance issue.

  • Determine when your data may become non-compliant

    See when specific data flows put you at risk of compliance violation, such as PII moved into non-compliant regions, or healthcare records moved into unencrypted storage.

  • Prevent data breach and insider threats

    Find out if data is moving into an unauthorized location by seeing who has access at source and target. Ensure that data stays in monitored storage and doesn’t leave your cloud account.

Data privacy and compliance

Data access governance

Preventing unauthorized access to data is a core aspect of cybersecurity – but many organizations struggle with complex IAM policies, cross-account permissions and cloud service sprawl. Prisma Cloud DSPM gives you the tools to see who has access to your critical data assets, assign data owners and create accountability for security and compliance.

  • Visual map of access holders

    Get a clear visual representation of your sensitive data and a mapping of identities and accounts with access permissions. Make sense of myriad managed permissions granted to consultants, vendors and employees.

  • Notifications for high-priority data access risks

    Prisma Cloud DSPM alerts you to significant incidents such as cross-account access to sensitive data, over-privileged permissions and application, and unused or out-of-date permissions.

  • Continuous data access monitoring

    Prisma Cloud DSPM tracks all data interactions including changes to permissions across the data lifecycle, so you can rightsize permissions according to actual access and activity patterns.

Data access governance

Data detection and response (DDR)

Cloud data remains in flux. Responding to changes days or weeks after they happen might not prevent critical incidents. Prisma Cloud DSPM allows you to detect and respond to high-priority incidents in minutes by monitoring your environment and alerting you on important changes with full context and prioritization.

  • Agentless, dynamic monitoring for cloud environments

    Prisma Cloud DSPM analyzes cloud logs to detect potentially damaging scenarios, such as large-scale data downloads or regulated data copied into an insecure environment.

  • Alerts in near real time

    Get notifications on matters that need your attention at this moment, including high-risk data movement, exfiltration or severe compliance violations. Enable effective incident response and remediation.

  • Multiple integrations with your security stack

    Get alerts in the ticketing and messaging tools you’re using today, such as Jira and Slack. Integrate with SOAR and SIEM tools to activate automated and manual response workflows.

Data detection and response (DDR)

Malware prevention

Some IT applications allow users to upload data, which are then stored as files in your object storage account (e.g. Amazon S3, Azure Blob). These files can contain malware that could later “detonate” and put your organization at risk. Prisma Cloud DSPM helps you detect malware with automated discovery and scanning for files in cloud storage.

  • WildFire® integration

    Use the WildFire malware analysis engine, seamlessly integrated into Prisma Cloud DSPM, to quickly and easily identify malware hidden in your stored data. No separate, siloed security product required.

  • Compliance with malware scanning requirements

    Compliance frameworks (e.g., PCI, NIST, GDPR), due diligence processes and RFI responses may require the scanning of certain data for malware. Prisma Cloud DSPM simplifies your path to compliance.

  • Integrated dashboard for malware and other data risk

    Use a single UI for comprehensive cloud data security. The Prisma Cloud DSPM dashboard displays all malware detected and analyzed to facilitate an audit or forensic investigation.

Malware prevention
Prisma Cloud
Prisma Cloud
Prisma® Cloud is the industry’s most complete Cloud Native Application Protection Platform (CNAPP), with the industry’s broadest security and compliance coverage—for infrastructure, workloads, and applications, across the entire cloud native technology stack—throughout the development lifecycle and across hybrid and multicloud environments.

Cloud Security Posture Management modules

VISIBILITY, COMPLIANCE, AND GOVERNANCE

Continuously monitor all cloud resources for misconfigurations, vulnerabilities and other security threats. Simplify compliance reporting.

THREAT DETECTION

Pinpoint the highest risk security issues using ML-powered and threat intelligence-based detection with contextual insights.

DATA SECURITY

Continuously monitor cloud storage for security threats, govern file access and mitigate malware attacks.

Featured Resources

Get more insight into what Prisma Cloud can do for your business