IBM’s purchase of Polar Security for an undisclosed sum on May 16 has focused attention on an emerging market space that, until recently, didn’t even have a formal name associated with it.
Polar is among an increasing number of startups — many based in Israel — that offer a new class of tools, built to accomplish “data security posture management (DSPM).” They help organizations discover, monitor, and secure sensitive data across hybrid and multi-cloud environments. To that end, IBM will integrate Polar’s technology with its Guardium portfolio of data security products.
The Polar acquisition is the company’s fifth so far this year.
Data Classification in the Cloud
The key selling point of products from Polar and companies like it, is their ability to automatically classify discovered data in these environments (in addition to monitoring user access and discovering threats to the data) — so security teams can protect it better. Many of the technologies, including Polar Security’s DSPM platforms, are agentless and have the claimed ability to automatically discover sensitive data in minutes and to classify them into categories such as PII, PHI, and PCI.
Gartner, which gave the category its name last year, describes DSPM products as enabling organizations to discover shadow data — structured and unstructured — in repositories across cloud service providers, data lakes, and SaaS environments. The analyst firm has predicted that more than 20% of organizations will deploy a DSPM capability by 2026 because of “urgent requirements to identify and locate previously unknown data repositories