Wiz is excited to announce Data Security Posture Management (DSPM) is now available within our FedRAMP authorized offering, Wiz for Government. With DSPM integrated into our FedRAMP environment, highly regulated customers and government agencies gain a powerful tool to efficiently safeguard their sensitive information in multi-cloud environments. 

DSPM provides actionable insights into where sensitive data resides and helps visualize which systems and identities have access, helping organizations proactively manage data security risks.

The Challenge of Data Visibility 

The dynamic and decentralized nature of the cloud makes it difficult to track data movement and access points, with most organizations leveraging multiple cloud providers and regions, leading to data sprawl. This complexity makes it difficult for organizations to maintain consistent data policies, tracking data lineage, and ensuring regulatory compliance (think GDPR, CCPA, HIPAA, FISMA, OMB M-17-12, …). 

Knowing exactly where sensitive data is stored is foundational to combatting this challenge. Once data visibility is achieved, organizations need to know “who can access what data in my environment?” This is necessary to enforce least privilege access, especially with the growing footprint of non-person entities (NPEs) within cloud environments. 

As AI adoption accelerates, organizations need to know what data AI models are accessing, reducing risk of accidental exfiltration of sensitive data. This is critical for AI adoption—when organizations can quickly understand which data their AI systems can access and train against, they can mitigate risks while accelerating innovation. 

Automating Data Visualization and Risk Remediation 

DSPM automates the discovery and classification of sensitive data across cloud environments, adding additional data-specific information into the Wiz security graph to ensure agencies can prioritize remediation against toxic combinations of risk with the highest impact to the confidentiality, integrity, and/or availability (CIA) of the system. By mapping potential attack paths, security teams can prioritize remediation efforts and reduce the likelihood of data breaches. 

DSPM provides contextual visibility into: 

• Discovering and classifying sensitive data- Agentless scanning across multi-cloud environments, providing visualization of an agency’s data footprint.

• Data Classification Rules- Organizations can use out-of-the-box rules or create custom rules to detect and categorize sensitive data automatically, such as certain CUI data types. 

• Effective Permissions Management- Gain insights into which identities, services, and applications have access to sensitive data and enforce least-privilege access controls. 

• AI Readiness- Automatically detects sensitive training data and identify risks of data leakage with proactive risk remediation guidance.

• Prioritizing the attack path- allowing security teams to visualize how an adversary might attempt to access sensitive data. This helps agencies preemptively address vulnerabilities and reduce their attack surface. 

• Reduced Data Attack Surface- Continuously monitor sensitive data exposure and identify weak points in cloud security configurations. Real-time monitoring of security indicators enables faster incident response. 

• Compliance Assurance- Aids in identifying and bridging security gaps against various data protection regulations

Accelerating Federal Use Cases through DSPM 

Data visibility and governance is paramount for maintaining the CIA of government systems as well as the highly-regulated private sector environments serving the Government, including those organizations requiring FedRAMP and CMMC accreditations.  

Zero Trust 

In their Zero Trust Cybersecurity Maturity Model 2.0, CISA emphasizes key security indicators for protecting data. With DSPM, agencies can automate data discovery and visualize data access. This information is then correlated across different zero trust pillars through the Wiz Cloud-Native Application Protection Platform (CNAPP). This contextual cross-visibility enables a more comprehensive view of security risks and potential attack vectors, prioritizing proactive remediation and reducing alert fatigue through more meaningful reporting and incident response.

CMMC 

The U.S. Department of Defense (DoD) seeks to protect controlled unclassified information (CUI) through the Cybersecurity Maturity Model Certification (CMMC). By using the OOTB or custom data classification rules available within Wiz’s DSPM configuration, organizations can quickly identify CUI within their cloud environments and map connections across cloud resources. By automating this visibility, organizations can more quickly establish and justify their CMMC audit boundary, reducing their audit scope and accelerating the documentation process for achieving certification. 

To learn more about the NIST SP 800-171r2 controls Wiz for Gov can assist with for CMMC, see our Wiz for CMMC Certification Datasheet. 

Delivering Unparalleled Data Security for FedRAMP Environments 

Wiz is excited to bring this powerful DSPM capability to government and highly regulated customers requiring FedRAMP-authorized solutions. This enhancement expands Wiz for Gov to assist with the automation of discovery, categorization, and inventory of sensitive data. With Wiz, federal agencies and contractors can bring together historically siloed, disjoined cloud security tools into a unified platform, and enhance their security posture with stronger visibility into data risks, enabling them to secure their most critical assets with confidence.