Do you know where your data is?

Issue 8 2022 Editor's Choice, Risk Management & Resilience

The essence of cybersecurity is protecting your data. Whether it is personal information, customer databases, financial statuses, strategic plans or whatever else a company needs to operate efficiently, successfully and compliantly, data is at its core, and losing this data to unauthorised people or through ransomware is the greatest cyber threat to a business.

Additionally, knowing where that data is, and how sensitive it is, has also become a critical factor for enterprises. In the past, back in the mainframe days and even beyond the initial client/server architectures, it was fairly simple to know where your data was.

Today, however, knowing the location and classification (how important or sensitive any piece of data is) is not as easy, as we have internal services and computing devices containing important data, cloud services that are beyond the direct control of the business, and even SaaS applications which keep your data in their own storage system. The third decade of the 21st century has also seen a dramatic move to mobile working and home offices, which adds yet another location where corporate data can reside and be transferred to and from.

The issue is not so much where the data is, but what data is there, and how (or if) it is protected to ensure compliance with data security and privacy laws. Data on a server may be encrypted and have a whole range of cyber products protecting it, but what about the data on an employee’s mobile device or a spreadsheet that gets sent out to clients or other third parties? This creates a problem for enterprises and, whether the action is accidental or malicious, the consequences can remain the same.

Data Security Posture Management

According to Gartner, “Data security posture management (DSPM) provides visibility as to where sensitive data is, who has access to that data, how it has been used and what the security posture of the data store or application is. This requires a data flow analysis to determine the data sensitivity. DSPM forms the basis of a data risk assessment (DRA) to evaluate the implementation of data security governance (DSG) policies.” [1]

Flow Security is a relatively new company in the data management space, focusing on Data Security Posture Management (DSPM, also a relatively new concept). Flow has designed a data security platform that “discovers, classifies and protects sensitive data in and outside application environments.” Put simply, Flow’s DSPM manages the ‘data journey’, it provides cybersecurity teams with the ability to protect data efficiently by allowing them to understand where, when and how it is used.

The idea is not simply to show where the data is, but more importantly, to reduce the potential for data loss or breach due to excessive permissions (allowing people to access data they don’t need for their jobs or not disabling data access when people leave or change jobs, etc.) when access is detected from a strange location, and when cloud systems are configured incorrectly.

Naturally, since data flows into, out of and through companies continually, DSPM needs to be a real-time process, not something one does after a breach. According to Jonathan Roizin, CEO of Flow Security, Flow’s data security platform is “the first that analyses data not only at-rest but also in-motion to secure data wherever it flows”.

The system automatically finds and classifies data, and then delivers a mapping of data flows as well as data stores within and external to the company, even including data stored in the illusive ‘shadow IT’ data stores.

Data security survey

Flow Security’s Annual Cloud Data Security Survey from September 2022 [2], which collated data from 200 security decision-makers in the US and UK, indicates that the highest priority in cloud data security in 2022 is monitoring “sensitive data sent to external services, and insecure interfaces and APIs (52%).” Furthermore, data access governance was seen as a high priority for 28% of respondents in 2021, while it is now a high priority for 48% of the decision-makers surveyed.

The respondents also noted that about 31% of their corporate data is being handled and/or stored by external services. Moreover, “88% of CISOs say they are investing a high level of effort in discovering network data flows, and 52% are not satisfied with this process.”

Roizin says Flow Security solves this problem for enterprises in real time by discovering and classifying data, and also enforcing corporate data protection policies. In other words, what data can be included in an email and what can’t – in a South African context, if someone sends out ID numbers in an email, this would raise an alert and prevent the data from leaving the company.

Having gained a foothold in the US and the EU, Flow Security is also looking to Africa to expand its market, with a few customer sites already adopting its data security platform to meet this critical business requirement.

Find out more at




Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

From the editor's desk: A sad but exciting goodbye
Technews Publishing News & Events
Welcome to the final monthly issue of SMART Security Solutions. This is the last issue of the year and the last monthly issue we will print. The SMART Security Solutions team wishes all our readers and advertisers a relaxing festive season and a peaceful and prosperous 2024.

The human factor side of video management systems
Leaderware Editor's Choice Surveillance Risk Management & Resilience
A video management system (VMS) is central to, and the most vital element to any control room operation using CCTV as part of its service delivery, however, all too often, it is seen as a technical solution rather than an operational solution.

Get the basics right to win more business
ServCraft Editor's Choice Risk Management & Resilience
The barriers to entry in security are not high. More people are adding CCTV and fencing to their repertoire every year. Cowboys will not last long in a space where customers trust you with their safety.

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

South Africa shows a 1200% increase in deepfake fraud
News & Events Risk Management & Resilience
Sumsub released its third annual Identity Fraud Report of the year, analysing identity fraud across industries and regions based on millions of verification checks across 28 industries and over 2 million fraud cases.

How hackers exploit our vulnerabilities
Information Security Risk Management & Resilience
Distractions, multi-tasking, and emotional responses increase individuals’ vulnerability to social engineering, manipulation, and various forms of digital attacks; 74% of all data breaches included a human element.

Global strength, local craft
Impro Technologies Editor's Choice
Impro Technologies is a resounding success story. Started in South Africa, the company remains true to its roots and still designs and manufactures its access control systems and solutions in the country.

Identity verification and management trends
Technews Publishing Information Security
Insights into what we can expect from identity fraudsters and the industry next year, ranging from criminal exploitation of AI and digital IDs to multi-layer fraud protection and the need for more control over personal information sharing.

Rapid rise in DNS attacks drives demand for new approach
Infrastructure Risk Management & Resilience
As ransomware grows more sophisticated and DNS attacks become more frequent, businesses are increasingly trying to protect themselves by adopting innovative approaches and technologies to bolster the integrity and security of their backup systems.

South Africans play a role in becoming scam victims
Editor's Choice Risk Management & Resilience
The South African fraud landscape is becoming increasingly risky as fraudsters and scammers look to target individuals with highly sophisticated scams, in an environment where it is becoming increasingly difficult for lawmakers and authorities to bring these criminals to justice.