1 Executive Summary

Over the past decade, the data security landscape has undergone significant transformation, transforming from traditional database protection mechanisms to comprehensive platforms addressing diverse data environments. KuppingerCole Analysts has been at the forefront of this evolution, providing in-depth coverage and guidance to organizations navigating these changes. Our initial focus on database security has expanded to encompass broader data security platforms, reflecting the industry's shift towards more integrated and versatile solutions.

Data security is, of course, much older than a decade and in a sense, even predates computers and the IT in general. Nowadays, however, it usually refers to the practice of protecting digital information from unauthorized access, corruption, or theft. It involves implementing measures to safeguard data from cyber threats, accidental loss, and malicious attacks. This functional area covers various security controls for the information itself stored and processed in systems, underlying computing and network infrastructures, as well as the applications accessing the data.

Figure 1: Data challenges the businesses are facing nowadays.

As computing and storage technologies continue to improve, and modern applications embrace distributed, heterogeneous, cloud-native architectures, the very notion of a data store is changing as well. Just a decade ago, specialized and expensive “big data” solutions affordable only to large enterprises were necessary to deal with business analytics or scientific research. They coexisted with more traditional relational databases, as well as various methods of storing unstructured information. Later, various kinds of NoSQL alternatives have emerged, such as document, graph, or vector database engines.

However, a modern distributed, loosely coupled, and heterogeneous application can easily deal with multiple data models and thus work with multiple databases in parallel. Since all these engines can be deployed in public clouds using commodity infrastructure, the technical differences between them are gradually becoming less and less important. In a sense, from a business perspective, data is data, regardless of the underlying storage technology. Organizations are much more concerned with the business challenges and risks of data.

As more and more companies are embracing digital transformation, the challenges of securely storing, processing, and exchanging digital data continue to multiply. With the average cost of a data breach in 2024 exceeding $4.88M globally (and up to $9.36M in the United States, according to Statista), just direct financial losses can be catastrophic for many companies, not even considering indirect reputational damages. High-profile “mega-breaches” that expose millions of sensitive data records can easily drive these costs up to hundreds of millions of dollars, but even the victims of smaller ones are now facing increasingly harsh compliance fines.

Data only generates value when it is moving or transforming, creating insights, analytics, statistics, etc. – that is, it serves a tangible purpose for a certain business process. A data security solution must be able to sustain these processes, not introduce additional roadblocks. One can say that, just like an ideal database, an ideal data security solution is one that does its job and does not get in the way. Businesses are begrudgingly dealing with compliance and privacy issues because of the regulations, but data security is very difficult to sell as a business enabler. Most customers do not really want a data security platform; they just want their data to be safe everywhere, at all times, and for any kind of data, even in use.

Figure 2: Information protection lifecycle.

Digital data can be exposed to the following types of security risks:

• Denial-of-service attacks that lead to disruption of legitimate access to data.
• Data corruption or loss through human errors, programming mistakes, or sabotage.
• Inappropriate access to sensitive data by administrators or other accounts with excessive privileges.
• Malware, phishing, and other types of cyberattacks that compromise legitimate user accounts.
• Unpatched security vulnerabilities or configuration problems in the database software, which may lead to data loss or availability issues.
• Attacks specifically crafted to target databases through application interfaces or APIs, like SQL injections for relational databases and similar exploits for NoSQL and Big Data solutions.
• Sensitive data exposure due to poor data lifecycle management. This includes unprotected backups, testing or analytical data without proper masking, etc.
• Unsanctioned access to encrypted sensitive data due to improper key management – this is especially critical for cloud environments, where encryption is often managed by the cloud service provider.
• Insufficient monitoring and auditing – not only these pose a significant noncompliance risk, but a lack of a tamper-proof audit trail also makes forensic investigations and incident response much more complicated.

Several more recent pivotal trends and challenges have heightened the importance of data security for businesses.

The proliferation of multi-cloud and hybrid environments: multi-cloud strategies offer organizations flexibility and scalability. However, they create additional complexities in data management and security. As data flows between various platforms, each with distinct security protocols, ensuring consistent security policies and maintaining visibility across these environments are critical challenges.

Increasingly harsh and complex privacy regulations: as the result of growing political tensions, countries introduce their own stringent requirements for sensitive data handling and protection. Organizations must implement and sustain comprehensive data governance frameworks to ensure compliance, avoid penalties, and maintain customer trust.

The rise of Generative AI (GenAI): AI has revolutionized data processing and utilization. However, it also raises various concerns regarding data privacy and security, as multiple new threat vectors and potential data leaks are introduced in GenAI systems.

Therefore, customers are encouraged to look at data security products not as isolated point solutions, but as a part of an overall corporate security strategy based on a multi-layered architecture and unified by centralized management, governance, and analytics.

This Leadership Compass is designed as a tool to help organizations to identify their requirements and map them to the capabilities offered by specific vendors, considering the size, growth, skills, and budget of the customer organization. To better understand the fundamental principles this report is based on, please refer to the KuppingerCole Leadership Compass Methodology.

1.1 Key Findings

• Data security is a key discipline that is critical for safeguarding the business continuity and the very livelihood of modern businesses by protecting their valuable and sensitive data from cyber threats, accidental loss, and malicious attacks.
• Key aspects of data security are maintaining confidentiality, integrity, and availability of digital information; ensuring regulatory compliance with multiple international, industry-wide, and local laws and regulations; as well as building and maintaining trust with customers and stakeholders.
• The emergence of new trends like Generative AI and multi-cloud architectures has even further increased the complexity of modern data processing and consequently made the scope of data security even broader and more complex.
• Data Security Platform is a recently emerged term that represents the customer demands for a universal data protection solution that provides comprehensive security and compliance capabilities, regardless of the data format, platform, or location.
• However, alternative approaches like Data Security Posture Management (DSPM) solutions are also rapidly gaining popularity due to their relative simplicity and fast deployment possibilities.
• The rapid transformation of the market continues. Some vendors covered in our previous Leadership Compass have been acquired, transitioned to private ownership, or rebranded and completely reinvented their entire portfolios. Even the large veteran vendors feel the pressure to evolve to meet the changing customer needs.
• A healthy mixture of traditional security vendors, companies that just entered the market, and innovative startups indicates that the market is still far from maturity, and everyone has an opportunity to gain recognition, especially among the innovation leaders.
• The Overall Leaders in Data Security Platforms are (in alphabetical order): IBM, Netwrix, OpenText, Oracle, SecuPi, Thales, TrustLogix.