While some Data Security Posture Management (DSPM) solutions have embraced side-scanning— a technique intended to streamline the scanning process— it’s important to evaluate both the pros and cons. Before your organization adopts this approach, consider these advantages and common barriers – and see why BigID’s approach is different, built to scale, and designed for the enterprise.
- Flexibility: Side-scanning, as employed by several data security posture management platforms, duplicates data through “snapshotting” which gives customers the flexibility to choose where their data is copied.
- Efficiency and Speed: Side-scanning is known for its efficiency and speed in scanning and identifying potential security risks without direct interaction with production data.
- Simplicity in Deployment: Side-scanning is relatively easy to deploy, making it a convenient choice for organizations looking for a quick and straightforward implementation of security measures.
- Low Intrusiveness: It’s designed to operate in the background with low intrusiveness, so organizations maintain a balance between security measures and daily operations. The nature of side-scanning is typically non-invasive so it runs seamlessly alongside existing systems and processes without causing disruptions.
- Compatibility: Side-scanning is often compatible with various data sources, including cloud environments, on-premises servers, and diverse storage systems, making it versatile for different IT infrastructures.
- Limited Coverage Across Data Sources: Side-scanning relies on fast copy or replication APIs available for select data sources in major cloud platforms like GCP, AWS, and Azure. As for the remaining native and non-native data sources? They all require custom connectors— often resulting in connectivity challenges.
- Local Duplication: The data is copied into the customer’s environment, resulting in increased hidden storage and compute costs – and most concerning of all, increased risk and potential attack surface.
- Vendor Dependency: Some DSPM platforms copy data to its data center, creating a considerable third-party risk. Entrusting both rights and actual data to another vendor raises concerns about data security and ownership.
- Stateful Inventory Gap: The complexity of this task demands accurate pointers specifying the exact location of data within various repositories such as files, databases, emails, and data lakes. Many DSPM platforms and similar tools lack the necessary technological components to achieve this level of sophistication. Their architectural limitations indicate that their current roadmaps do not include features to address these challenges without a fundamental re-architecture of their systems.
- Sampling Limits: Inherent limitations of side-scanning stem from fixed sampling and hard file limits, since vendors must carefully manage how much data they duplicate. Many SaaS vendors set a fixed sampling rate of 1%. This equates to skipping over 99% of a file or bucket, which can cast doubt on the reliability of compliance verification.Additionally, data security posture management platforms that utilize side-scanning or the “snapshot method” have hard limits on file sizes and how many rows they can read. Systems like these significantly reduce the percent of coverage your organization receives.
The Big Difference
BigID has over five years of intuitive research and development, which allows a broader reach and infrastructure to connect with a multitude of data sources including Snowflake, Salesforce, Alation, Adobe, Databricks, ServiceNow, and many more.
When considering side-scanning, organizations must carefully evaluate the limitations associated with data duplication, precise location pointers, sampling constraints, identity awareness, and coverage across diverse data sources. With BigID, you don’t run into those limitations. BigID doesn’t just copy data, but instead builds an inventory of your entire data landscape. With BigID, you get granularity including identity based and location based for greater visibility across your entire ecosystem.
Schedule a 1:1 demo with our data security experts to see how BigID can fill the coverage gaps in your side-scanning tools today.