Cyera announced today that its data security platform now includes an ability to employ tags to automatically apply cybersecurity policies to protect data that the platform discovers has not been adequately protected.

The Cyera data security posture management (DSPM) agentless platform already makes use of large language models (LLMs) and machine learning algorithms to identify misconfigurations, recommend specific access controls and generate new policies.

Ari Weil, vice president of marketing for Cyera, said the latest extensions to the platform now provide cybersecurity teams with a means to automatically remediate those issues.

It’s still early days as far as the usage of AI to address cybersecurity issues is concerned, but there is little doubt these platforms will be widely used to help even odds that are today decidedly stacked against cybersecurity teams. In addition, a slew of forthcoming regulations will hold organizations more accountable for how data is managed by levying stiffer fines, noted Weil.

DSPM platforms address fundamental flaws in how data is managed within many organizations. Data is often copied and moved between various classes of repositories with little to no regard for the regulations that might apply. Cybersecurity and compliance teams that are tasked with minimizing risks to the business traditionally had little to no visibility into where sensitive data lived in applications and repositories. The volume of data that needs to be identified and classified far exceeds the ability of any organization to track manually.

In fact, the volume of sensitive data organizations will need to secure will only increase as it becomes simpler for end users to employ AI platforms such as ChatGPT to create even more data.

Cybersecurity teams will need to be able to address lax implementation of cybersecurity policies immediately versus waiting for IT teams to enable them, said Weil. Historically, cybersecurity teams have not had much insight into how data was being created and stored, so most of their focus has been on securing access and perimeters.

As more automation and AI advances are made, cybersecurity teams will increasingly be able to exercise more control over IT environments. Each organization will need to determine how comfortable they are with cybersecurity teams exercising that authority, but as the number of compliance mandates being applied continues to increase, the need to proactively implement controls has become more pronounced.

In fact, as auditors become more aware of these capabilities, they will assume organizations have these capabilities, which, if not applied, will result in even heavier fines for ignoring known best practices.

Less clear is the degree to which organizations are going to allocate additional funding for data security versus reallocating existing funds away from perimeter security initiatives. The overall percentage of IT budgets being allocated to cybersecurity has steadily increased in recent years, but in the face of recent economic headwinds, spending has contracted somewhat. The challenge now is determining what level of spending is required at a time when threats continue to increase in both volume and sophistication.