Data Security Posture Management (DSPM)

Data Security Posture Management, or DSPM, is a tool that helps to quickly detect sensitive information stored in Yandex Object Storage buckets for timely action to protect it from unauthorized access or leaks (configure access policies, anonymize data, etc.).

With proper integration, DSPM can work in leak prevention mode, blocking the sharing or saving of confidential information.

Scanning for sensitive informationScanning for sensitive information

DSPM scans data sources to identify sensitive information in buckets.

Before you start scanning, select a data source and specify the data categories to search for.

Data sourceData source

A data source contains information on the bucket to scan, along with additional settings.

For example, you can set the scan scope for a data source, All files or Files by template. If you select Files by template, you can use regular expressions to set the criteria which the names of the files to scan must or must not match.

You can create multiple data sources for a single bucket, each with its own scan scope settings.

Data categoriesData categories

When setting up a new scan, you can specify the category of data to search for. You can select all the available categories at once or any of them separately.

Data categories available for scanning:

• Personal data: Full names, phone numbers, email addresses, document numbers, IP addresses, etc.
• Secrets: Cloud access keys, passwords, tokens, SSH keys, etc.

To create data sources, set up and run scans, and view scan results, the user must have the appropriate roles.

See alsoSee also

• Creating a DSPM data source
• Creating a DSPM scan