IBM acquired the Israeli company, founded in 2021, to increase its relevance in the new domain of data security posture management, or DSPM.
To advance its hybrid cloud and artificial intelligence capabilities, IBM announced Tuesday that it is acquiring Polar Security, an Israel-based company that specializes in data security posture management.
According to the acquisition announcement, there has been a rapid increase in cloud adoption since COVID. IBM noted that the pandemic has flooded companies with cloud data, leading to an epidemic, pardon the expression, of silos, one of the consequences of which is the rise of “shadow data.”
Shadow data refers to potentially sensitive data that can leave the digital herd and wander into the low-visibility nooks and crannies of the cloud.
DSPM puts the data back into the fold
Gartner’s 2023 study, which looked at DSPM functions and capabilities, reports that DSPM solutions are becoming more intelligent in identifying data warehouses and risk exposure due to their ability to use data lineage to “discover, identify and map data: structured and unstructured. unstructured data warehouses based on, for example, dedicated infrastructure, databases and integration with CSPs”.
Gartner also noted that DSPM technologies use custom integrations with identity and access management products to generate data security alerts, “but typically do not integrate with third-party data security products, resulting in a variety of security approaches.”
What does Polar Security do?
The release describes Polar Security as an agentless platform that connects in minutes and finds unknown and sensitive data across the cloud, including structured and unstructured assets within cloud service providers, SaaS properties and data lakes. It then categorizes the discovered data, maps the potential and actual flow of that data, and identifies vulnerabilities such as misconfigurations, excessive rights, and behaviors that violate policies or regulations.
IBM said it will integrate Polar Security’s DPSM technology into its Guardium family of data security products to expand Guardium into a data security platform that covers all types of data across all storage locations: SaaS, on-premises and public cloud infrastructure. :
Out of sight, out of mind
Eighty-six percent of security professionals surveyed in cloud data security firm Laminar’s 2023 State of Public Cloud Data Security Report said they have increased visibility into public cloud data.
The survey participants also noted that 77% of organizations had an adversary access their public cloud data in the past 12 months, compared to 51%.
The study examined how shadow data appears in organizations;
- Copied data that is not properly removed or backed up remains in test environments.
- Cloud-everything buckets like S3 backups are disappearing from view.
- Outdated data is not deleted after cloud migration.
- Inadvertent logs are accidentally exposed because they are not encrypted or access is restricted.
- Data is stored in analytics pipelines via Snowflake or AWS.
Laminar Labs says that when it scanned public-facing cloud storage buckets, it found sensitive personally identifiable information in 21% of those buckets.
IBM’s 2022 Cost of Data Breaches Report found data breaches cost $4.35 million per incident worldwide and $9.44 million in the US, with nearly half of breaches occurring in the cloud :
Risks to the enterprise beyond data roaming
Of the 550 global organizations surveyed by IBM for its 2022 report, 43 percent said they are in the early stages or have not yet implemented security practices to protect their cloud environments. The study also reports that businesses with no security practices in place in their cloud environment took an average of 108 days longer to detect and contain a data breach than those with consistent security practices across all their domains.