|
1 | 1 | --- |
2 | 2 | title: Data security posture management |
3 | | -description: Learn how Defender for Cloud helps improve data security posture in a multicloud environment. |
4 | | -author: dcurwin |
| 3 | +description: Explore how Microsoft Defender for Cloud enhances data security posture management across multicloud environments, ensuring comprehensive protection. |
5 | 4 | ms.author: dacurwin |
| 5 | +author: dcurwin |
6 | 6 | ms.service: defender-for-cloud |
7 | | -ms.topic: conceptual |
8 | | -ms.date: 01/28/2024 |
| 7 | +ms.topic: concept-article |
| 8 | +ms.date: 07/30/2024 |
| 9 | +#customer intent: As a security professional, I want to understand how Defender for Cloud enhances data security in a multicloud environment so that I can effectively protect sensitive data. |
9 | 10 | --- |
| 11 | + |
10 | 12 | # About data security posture management |
11 | 13 |
|
12 | 14 | As digital transformation accelerates, organizations move data to the cloud at an exponential rate using multiple data stores such as object stores and managed/hosted databases. The dynamic and complex nature of the cloud increases data threat surfaces and risks. This causes challenges for security teams around data visibility and protecting the cloud data estate. |
@@ -69,7 +71,29 @@ When you enable data security posture management capabilities with the sensitive |
69 | 71 |
|
70 | 72 | Changes in sensitivity settings take effect the next time that resources are discovered. |
71 | 73 |
|
72 | | -## Next steps |
| 74 | +## Sensitive data discovery |
| 75 | + |
| 76 | +Sensitive data discovery identifies sensitive resources and their related risk and then helps to prioritize and remediate those risks. |
| 77 | + |
| 78 | +Defender for Cloud considers a resource sensitive if a Sensitive Information Type (SIT) is detected in it and the customer has configured the SIT to be considered sensitive. Defender for Cloud detects SITs that are considered sensitive by default. |
| 79 | + |
| 80 | +The sensitive data discovery process operates by taking samples of the resource’s data. The sample data is then used to identify sensitive resources with high confidence without performing a full scan of all assets in the resource. |
| 81 | + |
| 82 | +The sensitive data discovery process is powered by the Microsoft Purview classification engine that uses a common set of SITs and labels for all datastores, regardless of their type or hosting cloud vendor. |
| 83 | + |
| 84 | +Sensitive data discovery detects the existence of sensitive data at the cloud workload level. Sensitive data discovery aims to identify various types of sensitive information, but it might not detect all types. |
| 85 | + |
| 86 | +To get complete data cataloging scanning results with all SITs available in the cloud resource, we recommend you use the scanning features from Microsoft Purview. |
| 87 | + |
| 88 | +### For cloud storage |
| 89 | + |
| 90 | +Defender for Cloud's scanning algorithm selects containers that might contain sensitive information and samples up to 20MBs for each file scanned within the container. |
| 91 | + |
| 92 | +### For cloud Databases |
| 93 | + |
| 94 | +Defender for Cloud selects certain tables and samples between 300 to 1,024 rows using nonblocking queries. |
| 95 | + |
| 96 | +## Next step |
73 | 97 |
|
74 | | -- [Prepare and review requirements](concept-data-security-posture-prepare.md) for data security posture management. |
75 | | -- [Understanding data security posture management - Defender for Cloud in the Field video](episode-thirty-one.md). |
| 98 | +> [!div class="nextstepaction"] |
| 99 | +> [Prepare and review requirements for data security posture management.](concept-data-security-posture-prepare.md) |
0 commit comments