IBM snaps up Polar Security to boost cloud data practice

In an effort to enhance its hybrid cloud and artificial intelligence capabilities, IBM announced Tuesday that it is acquiring Polar Security, an Israeli company specializing in data security posture management.

According to a release on the acquisition, there has been a sharp increase in cloud adoption since COVID. IBM said the pandemic flooded companies with cloud data, creating, pardon the expression, silos, a consequence of which is “shadow data.”

Shadow data refers to potentially sensitive data that may leave the digital flock and wander into the low-visibility nooks and crannies of the cloud.

jump to:

DSPM puts data back into the fold

A 2023 study by Gartner, looking at DSPM functions and capabilities, reports that DSPM solutions are becoming safer in exposing data repositories and identifying their risk exposure, thanks to their ability to use data lineage to “structure And thanks to their ability to discover, identify and map whole data”. Unstructured data repositories that rely on integration, for example, specific infrastructure, databases, and CSPs.

Gartner also notes that DSPM technologies use custom integration with identity and access management products to generate data protection alerts, “but typically do not integrate with third-party data protection products, which provide a variety of security approaches.”

what does polar protection do

The release characterized Polar Security as an agentless platform that connects in minutes and finds anonymized and sensitive data across the cloud, including structured and unstructured assets within cloud service providers, SaaS assets and data lakes. It then classifies the data found, maps the potential and actual flow of that data and identifies vulnerabilities, such as misconfigurations, over-entitlements and behaviors that violate policy or regulations.

IBM said it will integrate Polar Security’s DPSM technology within its Guardium family of data protection products to expand Guardium into a single data protection platform that spans all storage locations – SaaS, on-premises and public cloud infrastructure. expands to all data types.

out of sight out of mind

In the 2023 State of Public Cloud Data Security report by cloud-data security firm Laminar, 86 percent of security professionals said they have increased visibility into public cloud data.

Study respondents also said that 77% of organizations have had their public cloud data accessed by an adversary in the past 12 months, up from 51%.

The study looked at how shadow data occurs in organizations:

• The copied data is not properly removed or secured in the test environment.
• Cloud everything—buckets, such as S3 backups, disappear from view.
• Legacy data is not removed after cloud migration.
• Logs filled with sensitive data inadvertently exposed because they are not encrypted or have limited access.
• Data is stored in analytics pipelines via Snowflake or AWS.

Laminar Labs said that when it scanned public-facing cloud storage buckets, it found sensitive personally identifiable information in 21% of these buckets.

IBM’s 2022 report on the cost of data breaches found that globally, data breaches cost $4.35 million per incident, and that cost rises to $9.44 million in the US, with nearly half of breaches occurring in the cloud.

Risks to the enterprise of roaming data outside the perimeter

Forty-three percent of the 550 global organizations polled by IBM for its 2022 report said they are in the early stages or have not begun implementing security practices to protect their cloud environments. The study also reported that businesses with no security practices in their cloud environments took an average of 108 days longer to identify and contain a data breach than those implementing consistent security practices across all their domains.