Cyera Data Security Implementation and Review

Welcome to the Deep Dive, where we take your source material and uncover the most important knowledge nuggets. Today, we're taking a deep dive into the incredibly complex, constantly shifting world of cybersecurity. Specifically, we're searing in on a huge challenge companies face right now, getting a real handle on their data and cloud security posture. And we have a fantastic stack of material for this Deep Dive. We've pulled insights directly from security leaders, CISOs and directors at companies like ACV auctions, Lifelabs, Medical Laboratory Services, and Malena Healthcare. Some big names there. Definitely. And we also have perspectives from folks who really understand the cloud security vendor landscape, including former executives from companies like Palo Alto Networks and Orca Security, people who've been in the trenches. Right. So our mission today is clear to sift through all of this and extract the absolute key insights. What are the biggest problems these security teams are wrestling with? What tools are they actually using of the data in cloud space? How are they evaluating these different solutions? And what priorities are truly driving their decisions? And this Deep Dive is tailored for you, the listener. Whether you're navigating this exact landscape yourself, maybe preparing for a critical meeting, or just intensely curious about how organizations protect their most valuable digital assets in a world of increasing threats we think we've got you covered. OK, let's unpack this. So what jumps out immediately from these sources is that the most fundamental challenge security leaders highlight isn't always about like keeping attackers out. Really? What is it then? It's often much simpler and perhaps surprisingly harder, just knowing where your data actually is. It's knowing where it is. And what sensitive information, things like PII, personal identifiable information, or PHI, protect it health information, especially critical and regulated industries that actually contains. That sounds almost too basic, doesn't it? Yeah. But based on what we heard, it's incredibly difficult in practice. Why is just knowing where your data is such a monumental task now? Well, because data just doesn't sit in one neat place anymore, it lives everywhere. Sprrolling across SQL databases dumped into S3 buckets, residing in managed services like RDS instances. OK. And even buried deep within unstructured formats, like PDFs and Word documents scattered across file shares or collaboration tools. And before modern tools stepped in, this was as the Associate Director of Security at ACV auctions, put it, a manual disaster. Exactly. A manual disaster. Think manual mapping, guesstimating, or maybe relying on busy developers to somehow document everything. Which often didn't happen reliably, I imagine. Not reliably, not scalably, precisely. And it's important to note that the focus for the tools we're talking about today is primarily data at rest. OK. The stored data. The data stored in these myriad locations. Data in flight, like the content of emails, that's typically handled by different systems, like traditional data loss prevention or DLP tools. Got it. And the massive shift to cloud environments over the last decade or so. Oh, that has just amplified this data sprawl problem exponentially. Traditional on-prem focus data security tools simply struggled. They couldn't keep pace with the sheer volume, the dynamic nature, the distributed landscape of data in the cloud. Which brings us to a category that's really stepped into the spotlight recently. Data security posture management. DSPM. DSPM. Yeah. DSPM. We've heard a lot about CSPM cloud security posture management, which focuses on the infrastructure configurations, right? Like ensuring an S3 bucket isn't accidentally left open to the public internet. Exactly. How does DSPM differ, or perhaps complement, CSPM? That's a crucial distinction. Think of CSPM as securing the container, making sure the settings around your cloud resources are correct and secure. The configuration hygiene. OK, locking the doors and windows. Right. DSPM, on the other hand, digs inside the container. It focuses on understanding the data itself that's residing within those resources. Is there sensitive data in that bucket? What kind? Who owns it? That sort of thing. So if CSPM fixes the leaky faucet, DSPM tells you if the water is gold plated, or maybe toxic if it spills. That's a helpful analogy. And there is a really powerful perspective from the CISO at LifeLab's Medical Laboratory Services that captures the strategic importance of this. They actually see DSPM as the king of security posture management. The king? Wow. That's incredibly high praise. What's driving that view? Well, their argument is compelling and, frankly, quite pragmatic. While CSPM aims to lower the likelihood of a breach by fixing infrastructure misconfigurations, reducing the ways an attacker might get in. OK, prevention. Right, prevention. DSPM helps lower the impact of a breach. They acknowledge that in today's world, preventing every single breach might be, well, impossible. Hard truth. Hard truth. So the focus shifts when a breach does happen, how do you minimize the damage? That's where knowing exactly where your most sensitive data your crown jewels reside becomes absolutely paramount. So it's a strategic pivot. Recognizing breach inevitability and shifting investment focus from just prevention to minimizing the blast radius. That CSO ranks DSPM as a top-tier priority then. Top-tier. Right alongside foundational things like endpoint detection and response, EDR and email security-- That I. Absolutely. For them, understanding their data risk is mission-critical for business survival, especially in a highly regulated field like health care. OK, let's dive into the tools themselves then. We heard about several different solutions playing in this space, each with maybe different approaches. What did the sources tell us about who's succeeding and why? Let's start with SIR. SIR came up frequently. Very frequently in the evaluations done by multiple organizations we heard from ACV auctions, lifelabs, and Malena health care. It was often seen as a clear front runner or the winner in their bake-offs. What specifically made SIR stand out from the pack for these companies? What was the secret sauce? Several factors, but a few key insights emerged pretty clearly. Accuracy was a major one. Malena health care reported hitting around 92%, 93% accuracy, and identifying and classifying a sensitive data with SIR. That's high. That is hot, yeah. And crucially, its ability to handle unstructured data like scanning inside PDFs and Word documents was highlighted as a key differentiator. The messy stuff. Exactly, especially against some competitors early on who are perhaps more focused on just structured databases. Lifelabs specifically called out its broader technology coverage, including critical support for the Microsoft ecosystem one drive, SharePoint teams. Which is where so much of that unstructured data is, right? Precisely. Speed and ease of implementation also consistently came up as major pluses. People like that they could get it up and running relatively quickly. So the key insight here is that finding the data isn't enough. Truly valuable tools like SIR differentiate themselves by actively understanding the contents, even in complex formats addressing blind spots older approaches missed. Is that fair? That's very fair. And once it finds and classifies that data, it helps security teams prioritize remediation efforts. How so? Well, an alert about an expose S3 bucket is one thing. But knowing that bucket contains PII makes it a much, much higher priority issue to fix. Right. Context is everything. Context is king. It provides that classification, a clear inventory of data assets, reporting, and even prescriptive steps on how to remediate risks. Helps tell you what to do. And we saw some real world validation in terms of customer spend and satisfaction, too, didn't we? We did. ACV auctions, 100,000 year customer, scored SIR and 8.59 out of 10. Pretty solid. Yeah. Molina health care, spending $1 million a year recently renewed for three years and also gave it an 8.5 out of 10. Consistent scores. Very consistent. And life labs, after their initial adoption, they expanded their investment to over $1 million a year and gave it a perfect 10 out of 10. A 10 out of 10. OK, those are pretty strong endorsements. Very strong. And an interesting point with life labs, they were actually the first customer for SIR as new on-prem DSPM offering. Bridging the GAB. Exactly. Which is significant because many large organizations weren't born in the cloud. They still have substantial data stores in traditional data centers. Bridging that gap between cloud and on-prem data is crucial for a complete picture. And that capability was a key requirement for life labs. Good sense. Were there any features they still wanted to see from SIR or areas for improvement mentioned? Yes. One thing that came up was data lineage. Data lineage. Understanding the full lifecycle of data where it originated, how it moved, where it ended up. Life labs mentioned that as a desired future capability to provide even deeper context, understand the flow. OK. Moving beyond SIR, Vesa was also mentioned in this space. What's their angle? How do they fit in? Vesa definitely plays in the data security area. But the sources we reviewed position them with a slightly different primary focus. They seem to be seen as strong on remediation and particularly on access control and identity governance. IGA-AM. IGA-AM. Managing who has permission to access what? Exactly. Think of it as managing permissions to data services systems across the whole organization. So while SIR is maybe focused more on what the data is and where it lives, Vesa is more focused on who is allowed to touch it and when they're touching it. That seems like a helpful way to differentiate their core strengths based on these sources, yes. Vesa's strength is often highlighted in activity monitoring, tracking who is accessing data and when. OK. However, for some organizations like ACV auctions, the initial most critical priority is still simply understanding the data itself and its sensitivity before diving deep into access logs. Because maybe you can get that access info elsewhere. Potentially, yeah. Especially since access information might be obtainable from other existing security tools they already have in place. First things first, know your data. Right. OK. Let's look at whiz. They're a major player, primarily known for CSPM, as we said. How does their DSPM offering compare based on these accounts? >> Wiz is undoubtedly a leader in the broader cloud security space, particularly CSPM, no question. But according to Malena, healthcare's evaluation from about, say, two and a half years ago. >> Okay, so a little while back. >> A little while back, yeah. Wiz's DSPM offering at that time was perceived as light and notably lacked robust unstructured data support. >> That unstructured data piece again. >> Right. This was a key reason why Saira was the preferred choice for Malena, being a regulated healthcare company needing high accuracy across all data types. >> So maybe they've enhanced it since then, but earlier on, it wasn't meeting the deep requirements for everyone in that specific area. >> That's the picture from that specific source evaluation time frame, yes. Separately, TASCAS uses Wiz extensively, primarily for cloud vulnerability management. They praised Wiz's continuous scanning capabilities and real-time assurance, seeing it evolve into more of a central cloud security platform for them. >> Interesting. And we heard some interesting contrast when comparing Wiz to other platforms like Orca or Palo Alto's Prisma, didn't we? >> Yes, the different vendor perspectives are always insightful, aren't they? A source from the Orca perspective suggested that while Wiz sometimes wins on price, it might sample data stores rather than evaluating the entirety. Whereas Orca claims its approach provides richer and deeper data by analyzing everything, a different view. >> Right. >> Another perspective, this one from the Prisma source, highlighted Wiz's scanning engine as intuitive and requiring less custom rule writing compared to some earlier CSPMs. Easier to use, maybe. >> Oh, okay. And for massive enterprises. >> Yeah, for very large enterprises, say over 20,000 workloads onboarding an ingestion speed, might sometimes favor Wiz. Again, this was according to the Orca source, offering a potential counterpoint. >> Fascinating different viewpoints there on approach and strengths. >> Do you know how that Orca itself then? They're marketing often emphasizes an agentless approach. >> Yes, Orca positions itself as a leading agentless cloud security platform. The agentless model, which typically uses snapshotting technology to analyze cloud workloads without installing software agents on every machine. >> By avoiding agent fatigue. >> Exactly. That's seen as a winning strategy by a former VP of business development at Orca, as it avoids the operational complexity and, frankly, the hassle of deploying and managing agents across a vast environment. >> Makes sense. And what's their pitch specifically on the data side compared to the others? >> Well, they claim their data insights are richer and deeper than competitors like Wiz because they evaluate the entirety of data stores rather than sampling. That's their claim. >> Okay. >> They also emphasize providing insights into previously unknown or shadow IT assets and the associated vulnerabilities working there. >> Finding things you didn't know you had. >> Pretty much. Orca does offer auto remediation features, but the sources indicate customers tend to enable these cautiously. >> Understandably. >> Yeah, maybe only around 40% adoption. Primarily due to that understandable fear of causing business disruption, if an automated fix goes wrong on a critical system. >> That makes complete sense. You want security to fix things and not break the business. Rule number one. >> Exactly. Rule number one. >> Orcasaurus also suggested they might offer better customer service and a smoother onboarding experience for mid-sized companies compared to Wiz, positioning themselves as perhaps some more hands-on partner. >> Interesting distinction. What about the more established, older guard of data security tools? Players like BigGD or Veronus, how did they fare in these discussions? >> The experts we heard from were pretty clear, actually. These legacy players, including BigVD, Veronus and StealthBits, have struggled significantly to keep up with the demands of the cloud. >> Why is that? What's the core issue? >> A key technical reason cited is their heavy reliance on older, reject-driven classification engines. >> And why is that reject's approach a problem in the cloud error? You mentioned structured versus unstructured earlier. >> Think of reject's regular expressions as incredibly specific text patterns. Their rigid rules designed to find exact matches, like a specific credit card number format, for example. In the complex, ever-changing, and often unstructured world of cloud data, these rigid patterns generate a lot of noise. High false positives, where the tool thinks it found sensitive data, but didn't. >> Wasting time. >> Exactly. And requiring constant manual tuning by security teams just to keep the noise down. Plus, the underlying architecture of these older tools was often described as clunky. >> Clunky? >> Yeah, and simply didn't scale efficiently for the vastness and dynamism of cloud environments. This was highlighted by both the CISO at Life Labs and the InfoSec Director at Molina. >> So the cloud really exposed the limitations of those older, pattern matching approaches, compared to more modern context-aware methods. We also heard about tools focused on the software development pipeline itself. >> Right. Beyond cloud infrastructure and data at rest, securing the pipeline from the coders' keyboard to production is also critical, completely different area, but related. >> Also. >> The code is a bit of a big deal. >> So the code is a bit of a big deal. >> And finally, there seems to be that classic tension between tools sprawl having lots of specialized tools versus trying to consolidate on the fewer platforms. The single pane of glass dream versus best-of-breed reality. Yeah, there's a constant push and pull there. On one hand, the desire is for that single pane of glass, a unified platform for visibility and management across different security domains. It simplifies operations, training, reporting. Sounds ideal. It sounds ideal, but on the other hand, security teams often find that best-of-breed tools, like maybe a highly specialized DSPM platform, offer deeper capabilities and more accurate insights in their specific area that a broad, general-purpose platform might. Trade-offs. Always trade-offs. And existing contracts, and let's be honest, internal political realities often complicate consolidation efforts, too, as the director at Malina Healthcare noted. It's not just a technical decision. Never is. So looking ahead, based on these sources, what's on the horizon for this corner of cybersecurity? What's next? AI is widely expected to be a tailwind for data security. Seems almost inevitable. How so? The ability of AI to help contextualize, analyze, and process the massive volumes of data generated in cloud environments far more than humans ever could manually is seen as a necessity, just pattern matching at scale. But is there a downside? Well, there's also the flip side. AI could potentially lower the bar for new competitors entering the space, making it easier to build these tools, or maybe even exacerbate the data problem itself by enabling new types of sophisticated data risks we haven't even thought of yet. Double-age sword. Could be. And we're seeing vendors continuing to evolve their offerings, of course. Like Sire adding on-prem. Exactly. Examples like Sire expanding into on-prem support, as they did with life labs. And vendors exploring features like data lineage to provide that more complete picture of data flow across complex environments. The tools aren't standing still. And that ideal solution, we talked about highly automated detection and remediation, still aspirational for the most part. While that remains an aspiration for some, like the head of Infosac at Tascas, the real world complexity and potential impact of errors in large organizations mean that truly automated remediation is likely to remain limited. To those specific cases. To very specific, high confidence critical scenarios for the foreseeable future. Efficient manual processes and auto mitigation will continue to be essential layers in the security posture for most. So we've unpacked this critical need to truly understand and secure your data in today's dynamic cloud-first world. A lot to take in. Definitely. We've heard how innovative tools like Sire are specifically tackling this by focusing on the data content itself, how this differs from and complements other crucial security tools like CSPMs, and the very real practical challenges security leaders face every day in prioritizing risks, actually fixing problems and managing costs and complexity. It's abundantly clear from these sources that knowing exactly what you have and where it is, especially your sensitive data, is no longer just, you know, a nice-to-have-or-best practice. It's foundational. Foundational for risk management. Foundational for managing risk in a world where breaches are increasingly seen, maybe rightly, as inevitable. And organizations are finding powerful new ways to gain that essential visibility. This deep dive definitely gives us a much clearer picture of this essential, rapidly evolving corner of cybersecurity. What's particularly fascinating, I think, is that strategic shift we discussed earlier. The consensus on breach and evitability really changes the game, doesn't it? It directly drives the importance of solutions like DSPM. Yeah, and here's where it gets really interesting for you, the listener. Considering that security breaches are widely seen as inevitable, and protecting sensitive data is paramount to limiting the impact when they occur. Right. How does this strategic shift focusing more on impact reduction, like DSPM enables, alongside traditional prevention, like CSPM? How does that fundamentally change how organizations should be thinking about and prioritizing their future security investments and their overall strategy? What stands out to you? Something to think about. Thanks for joining us from the steep dive.