IBM’s recent acquisition of Polar Security has highlighted an emerging market space known as Data Security Posture Management (DSPM). DSPM is a growing industry that provides tools to automate the process of discovering, monitoring, and securing sensitive data across hybrid and multi-cloud environments. The acquisition, which took place on May 16, is IBM’s fifth so far this year.
Startups, many based in Israel, are leading the charge in the DSPM market. These companies are developing innovative solutions to automate the discovery and classification of data in these environments, allowing security teams to protect it better. Gartner, which gave the category its name last year, describes DSPM products as enabling organizations to discover structured and unstructured “shadow data” in repositories across cloud service providers, data lakes, and SaaS environments. The analyst firm predicts that over 20% of organizations will deploy a DSPM capability by 2026 due to “urgent requirements to identify and locate previously unknown data repositories and to mitigate associated security and privacy risks.”
IBM’s purchase of Polar gives the tech giant immediate access to technology that will help it compete in the market segment with a growing number of pureplay vendors, and vendors expanding into the space from other markets such as cloud security posture management and cloud DLP. Examples of pureplay DSPM vendors include Laminar, Cyera, and Dig, while Wiz, Varonis, Orca, and now IBM are all vendors that have added DSPM to their technology portfolio over the past year.
Richard Stiennon, Chief research analyst at IT-Harvest, says his firm currently tracks over a dozen vendors in the market. “DSPM is a vibrant space with at least 16 players,” Stiennon says. Polar, which launched in 2021, was in the middle of the pack with about 30 employees at the time of purchase he notes, adding, “IBM Tech Fund had participated in the $8 million seed funding, so they have had visibility into Polar for at least 16 months.” Among the larger vendors in the space are Wiz, Laminar with about 95 employees, and Cyera with a headcount of some 75, Stiennon says.
A lot of the enterprise interest in the space stems from growing concerns over data exposure in cloud and SaaS environments. Just like shadow IT is a problem, shadow data—or sensitive data in cloud databases, AWS S3 buckets, and other repositories stored across multiple environments- has become a real and pressing problem for many organizations.
Justin Lam, an analyst with S&P Global Market Intelligence, says that “Sensitive data discovery and classification has become a top priority [for organizations]. A recent survey of technology decision-makers that the analyst firm conducted showed that for many organizations, DSPM has become a top technology priority for 2023.”
IBM’s acquisition of Polar has raised the profile of DSPM as a technology and potentially puts other cyber industry majors in the market to buy one of Polar’s competitors. Analyst firm Omdia expects the IBM acquisition of Polar to push other technology heavyweights into the space as well. “We have seen such landgrabs before- in data leak prevention in the mid-2000s, cloud access security brokers in the mid-2100s, and cloud security posture management later in the last decade,” says Rik Turner, analyst with Omdia.
Turner describes the DSPM market as still largely immature or moving just beyond that phase. To date, it has been all about startups, many of them from Israel, raising early rounds of venture capital money and starting to evangelize about DSPM. Until Gartner came up with a name for the category, many of the players in the space were positioning themselves as providing cloud data posture management and DSPM together, he says.
“Now, alongside the startups, we have not only Big Blue jumping in but also CSP vendors like Orca and Wiz, both of whom are adding some DSPM capabilities,” Turner notes. “It may be too early to see IBM’s acquisition of Polar as the tipping point, but if Laminar does indeed go to one of the bigger beasts, the land grab really will have begun.”