GigaOm Key Criteria for Evaluating Data Security Platform (DSP) Solutionsv2.0

An Evaluation Guide for Technology Decision-Makers

Table of Contents

  1. Executive Summary
  2. Data Security Platforms Sector Brief
  3. Decision Criteria Analysis
  4. Analyst’s Outlook
  5. About Paul Stringfellow

1. Executive Summary

Poorly managed and inadequately secured data leaves organizations at risk of a data breach and increases the costs of storage and protection. Organizations have traditionally tackled this issue via “point” solutions–individual applications or solutions– for data loss prevention (DLP), governance, data protection, encryption, and threat detection. However, as the size and complexity of data used by organizations continue to grow, so does the complexity of managing multiple point solutions, further increasing costs and risks to a business’s data assets.

The risks presented by ineffective or overly complex data security solutions are considerable, as are the risks posed by insecure and unmanaged data. A data breach, or the denial of access to its data, can have significant implications for an organization, from loss of productivity to financial penalties and reputational damage that can lead to loss of future business. Therefore, having effective data security measures in place should be a priority for all organizations, as the penalty for failing to do so is potentially severe.

However, businesses should also be aware that robust data security will benefit the organization in multiple ways. Data security is increasingly an essential part of any future customer due diligence, and demonstrating a robust data security posture will provide a commercial advantage. Businesses are also seeing demands from insurers and auditors to prove the quality of data security processes and controls. Effectively demonstrating this will potentially help lower insurance premiums and reduce audit complexity.

Data Security Platforms (DSPs) have been developed to address this challenge by unifying various data security strategies into a single, cohesive solution. These platforms aim to simplify the complexity of managing data security while enhancing its overall effectiveness. DSPs integrate key data protection measures, such as:

  • Discovery and classification: The ability to find data, understand its content and sensitivity, and apply classifications where necessary.
  • Access security: The ability to monitor and control who should have access to data, ensuring it is protected appropriately.
  • Auditing: The ability to find insights into data usage—who accessed it, when, and with whom it was shared.
  • Usage and risk analysis: The ability to develop an understanding of data usage and identify situations when usage and usage patterns present a risk to data security.
  • Secure sharing: The ability to share data appropriately. This may include using encryption, rights management, anonymization, and masking techniques to ensure data is protected.

Data security must be an essential part of an organization’s strategic thinking. Unsecured and ineffectively managed data pose considerable risks. A breach or the loss of access to data (such as a ransomware attack) can have severe implications for an organization, from loss of productivity to financial penalties to reputational damage that can lead to loss of future business. A robust data security platform can lower all these risks.

However, business leaders must be aware that data security is not an IT problem that needs to be solved. It is a business problem, and awareness and responsibility must be accepted across an entire organization.

Business Imperative
Data security is a business problem, not simply an IT problem, and this must be made clear across an organization’s entire leadership. Successful adoption of a DSP solution will require an organization to carry out a sizable project in which it recognizes data risk and responsibilities, identifies data owners, and builds policies around data classification, usage, and governance. These policies must be understood and adopted across the business. IT leaders should be a part of this process, but it is important that, especially when doing this at scale, a project team is in place to ensure all key stakeholders are involved in these decisions before IT begins to focus on security enforcement.

Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of deploying a DSP solution, this GigaOm Key Criteria report provides a structured assessment of the sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters adoption of a DSP solution, we provide an overall Sector Adoption Score (Figure 1) of 3.8 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that a DSP solution is a credible candidate for deployment and worthy of thoughtful consideration.

The factors contributing to the Sector Adoption Score for DSP are explained in more detail in the Sector Brief section that follows.

Key Criteria for Evaluating Category Solutions

Sector Adoption Score

1.0

Deters
Adoption

Discourages
Adoption

Merits
Consideration

Encourages
Adoption

Compels
Adoption

Figure 1. Sector Adoption Score for DSP

This is the second year that GigaOm has reported on the DSP space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) for selecting an effective DSP solution. The companion GigaOm Radar report identifies vendors and products that excel in those decision criteria. Together, these reports provide an overview of the market, identify leading DSP offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and nonfunctional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector.