Cybersecurity vendor
Proofpoint is partnering with
Wiz to give organizations better visibility into and control of their sensitive information in the cloud.
Proofpoint is integrating its data security posture management (DSPM) offering into Wiz’s cloud-native applications protection platform (CNAPP) to address key security issues in increasing distributed IT environments.
The integration comes at a time when cloud data security is at a tipping point, according to Amer Deeba, group vice president and general manager of DSPM at Proofpoint.
“Sensitive data is everywhere – across public clouds, SaaS platforms, and hybrid environments – and attackers know it,” Deeba told MSSP Alert. “But most security teams lack the full context. They may see infrastructure risks but not understand the sensitivity of the data tied to those assets.”
That’s where the integration of Proofpoint’s technology with Wiz’s platform comes in, he said. The growing use of cloud resources to create and store data is helping to fuel the increasing complexity in the modern security landscape. Not only does the cloud significantly expand the attack surface for bad actors, but it means a broad distribution of data, stretching from on-premises datacenters through SaaS workloads to the cloud and edge.
At the same time, cyber threats are more frequent and sophisticated, the requirements for complying with data security regulations grow, and security teams are under pressure to protect more data and systems with fewer resources, he said.
“By combining Proofpoint’s deep visibility into data sensitivity and classification with Wiz’s infrastructure risk insights, we’re giving teams a complete picture of where their most valuable data is, and what’s putting it at risk,” Deeba said. “It’s about connecting the dots between data and infrastructure to improve decisions and reduce exposure.”
Benefits and Risks
There are myriad benefits to storing data in the cloud, from better accessibility and scalability to the potential for lower costs and security, where cloud service providers are required to keep systems up-to-date and security, according to online course provider Coursera. Then there are the risks, including data breaches, misconfigurations, insecure APIs, over-accessibility to the data if improperly managed, and insider threats.
There’s also the challenge of gauging the shared security responsibilities between the cloud provider and its customers.
“Typically, under this model, the provider takes responsibility for ensuring the safety and security of the actual infrastructure – such as the hardware, software, facilities, and networks – that runs the cloud service offering, and the customer takes responsibility for the security of the data and programs stored within it,” Coursera
wrote in a report. “The precise responsibilities held by service providers and customers, however, can vary considerably depending on the provider and the type of service they offer.”
In addition, Wiz
noted in a report that 54% of cloud environments have exposed virtual machines or serverless instances containing sensitive data, such as personally identifiable or payment information. In addition, 61% of organizations have confidential information exposed in public repositories.
The continued storing of data in the cloud also is fueling what Statista analysts expects will be “significant growth worldwide” in the cloud data security market, which they are forecasting will increase from $2.7 billion this year to
$6.6 billion by 2029.
Combining Intelligence, Context
Through the integration, Proofpoint is combining its data-centric intelligence with the prioritized context from Wiz’s platform, which will unify all of the risk signals from across the cloud. This will allow security teams to better quantify the risk of exposed data, high regulatory fines, and breaches, according to Sunnyvale, California-based Proofpoint. It also will give them more confidence with allocating resources to remediate any threats.
It also will give MSSPs and MSPs another tool they can bring to their customers to help manage their risks, Deeba said.
“With this integration, the organizations MSPs and MSSPs serve can gain better insight into both the data layer and the infrastructure layer,” he said. “They can spot high-risk attack paths to sensitive data faster, respond more precisely, and support compliance more effectively.”
At the same time, it allows them to deliver higher-value managed services that extend beyond detection to include proactive risk reduction for data and policy enforcement across complex hybrid environment, he said.
Proofpoint Grows Portfolio
The integration comes at a time when Proofpoint is aggressively growing its capabilities. Last month, the vendor announced it is
buying Hornetsecurity to better protect SMBs running Microsoft 365 and to complement its enterprise-grade security portfolio. A week later,
Proofpoint said it bought Nuclei, which is focused on compliance archiving and AI-powered data enrichment.
The deal boosts the vendor’s digital communications governance capabilities.
For Wiz, this latest partnership comes with the backdrop of its proposed
$32 billion acquisition by Google to bolster its cloud security capabilities. The agreement was made in March after a previous offer by Google was turned down by the high-flying startup.
However, reports surfaced this week that the U.S. Justice Department is
investigating the proposed deal, worried that it could hurt competition.
