Data Security Posture Management (DSPM)

Data Security Posture Management, or DSPM, helps quickly detect sensitive information stored in Yandex Object Storage buckets for timely actions to protect it from unauthorized access or leaks, such as configuring access policies, anonymizing data, etc.

With proper integration, DSPM can work in leak prevention mode and prevent transferring or saving confidential information.

Scanning for sensitive informationScanning for sensitive information

DSPM scans data sources for sensitive information in buckets.

Before you start scanning, select a data source and specify the data categories to search for.

Data sourceData source

A data source contains information on the bucket to scan, along with additional settings.

For example, you can set the scan scope for a data source, All files or Files by template. If you select Files by template, you can use regular expressions to set the criteria which the names of the files to scan must or must not match.

You can create multiple data sources for a single bucket, each with its own scan scope settings.

Data categoriesData categories

When setting up a new scan, you can specify the category of data to search for. You can select all the available categories at once or any of them separately.

Data categories available for scanning:

• Personal data: Full names, phone numbers, email addresses, document numbers, IP addresses, etc.
• Secrets: Cloud access keys, passwords, tokens, SSH keys, etc.

To create data sources, set up and run scans, and view scan results, the user must have the appropriate roles.

See alsoSee also

• Creating a DSPM data source
• Creating a DSPM scan