Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Blog
  • Pricing
  • Documentation
© 2025 Direct Cursus Technology L.L.C.
Yandex Security Deck
    • Overview
    • Access Transparency
    • Data Security Posture Management (DSPM)
    • Cloud Infrastructure Entitlement Management (CIEM)
    • Quotas and limits
  • Pricing policy

In this article:

  • Scanning for sensitive information
  • Data source
  • Data categories
  1. Concepts
  2. Data Security Posture Management (DSPM)

Data Security Posture Management (DSPM)

Written by
Yandex Cloud
Updated at March 31, 2025
  • Scanning for sensitive information
    • Data source
    • Data categories

Data Security Posture Management, or DSPM, helps quickly detect sensitive information stored in Yandex Object Storage buckets for timely actions to protect it from unauthorized access or leaks, such as configuring access policies, anonymizing data, etc.

With proper integration, DSPM can work in leak prevention mode and prevent transferring or saving confidential information.

Scanning for sensitive informationScanning for sensitive information

DSPM scans data sources for sensitive information in buckets.

Before you start scanning, select a data source and specify the data categories to search for.

Data sourceData source

A data source contains information on the bucket to scan, along with additional settings.

For example, you can set the scan scope for a data source, All files or Files by template. If you select Files by template, you can use regular expressions to set the criteria which the names of the files to scan must or must not match.

You can create multiple data sources for a single bucket, each with its own scan scope settings.

Data categoriesData categories

When setting up a new scan, you can specify the category of data to search for. You can select all the available categories at once or any of them separately.

Data categories available for scanning:

  • Personal data: Full names, phone numbers, email addresses, document numbers, IP addresses, etc.
  • Secrets: Cloud access keys, passwords, tokens, SSH keys, etc.

To create data sources, set up and run scans, and view scan results, the user must have the appropriate roles.

See alsoSee also

  • Creating a DSPM data source
  • Creating a DSPM scan

Was the article helpful?

Previous
Access Transparency
Next
Cloud Infrastructure Entitlement Management (CIEM)
© 2025 Direct Cursus Technology L.L.C.