Tool Overview:
Prisma Cloud (Palo Alto Networks)

About Prisma Cloud

Prisma Cloud's Data Security Posture Management (DSPM) capabilities came through Palo Alto Networks' December 2023 acquisition of Dig Security. This DSPM solution protects sensitive data across major public cloud environments. The technology, which was integrated into the Prisma Cloud platform, discovers and contextualizes sensitive data within cloud infrastructure, focusing on database and object storage protection. The platform serves organizations that need to maintain visibility and security over their cloud-based data assets while ensuring compliance with data protection regulations.

What does Prisma Cloud do?

The platform operates through automated data discovery and classification mechanisms that scan cloud environments to identify sensitive information. Through its scanning capabilities, Prisma Cloud maps sensitive data across infrastructure as a service (IaaS), platform as a service (PaaS), and database as a service (DBaaS) assets. The system employs over 100 pre-built classifiers to identify various types of sensitive data, including personally identifiable information (PII), financial records, health information, developer secrets, and compliance-related data.

The scanning process is implemented without requiring agents or additional connectors, enabling rapid deployment and results. Within 24 hours of implementation, the platform provides a comprehensive mapping of sensitive data locations and associated risks across the cloud infrastructure. This agentless approach minimizes the operational overhead typically associated with data security tools.

A key technical aspect of the platform's architecture is its approach to data residency compliance. The platform performs all scanning and classification operations within the customer's cloud account, rather than extracting data for external processing. This design choice ensures that sensitive data remains within its designated geographic boundaries and compliance jurisdictions. The platform utilizes metadata and cloud logs for its operations, which helps maintain system performance while conducting security assessments.

What makes Prisma Cloud different?

The DSPM technology, which originated from Dig Security, has been integrated into Palo Alto Networks' Prisma Cloud platform as part of their Cloud-Native Application Protection Platform (CNAPP). This integration extends Prisma Cloud's Code to Cloud intelligence to include data security capabilities, providing insights into cloud data stores. The platform distinguishes itself through its focus on shadow data discovery and blind spot elimination, helping organizations understand not just where sensitive data resides, but also its business context and risk profile.

The speed of implementation and time-to-value sets the platform apart from traditional data security solutions. The ability to provide a complete sensitive data map within 24 hours, without requiring complex integration work, addresses the rapid deployment needs of cloud-first organizations. This capability is particularly relevant for enterprises managing multiple cloud environments where traditional agent-based solutions might introduce complexity and deployment delays.

Use cases and industries

The platform serves organizations operating in regulated industries where data protection and compliance are critical concerns. It addresses several key use cases, including the discovery and protection of sensitive data across multiple cloud providers, compliance with data residency requirements, and the identification of shadow data that might otherwise escape security controls.

The solution supports database and object storage protection across four major public cloud providers, making it suitable for enterprises with multi-cloud architectures. Organizations using various cloud services for data storage and processing can maintain consistent security controls across their entire cloud infrastructure through a single platform. The integration with Prisma Cloud's broader CNAPP capabilities provides organizations with a unified view of risks associated with cloud applications, data, and infrastructure.