BlogWhy data security capabilities should be integrated with CNAPP

Why data security capabilities should be integrated with CNAPP

To get ahead of data exposure in the cloud, CNAPPs need to understand data risks at scale.

3 minutes read

Editor’s note: Wiz recently announced the general availability of Wiz for DSPM. With this release, we enhanced our cloud security platform with broader coverage for cloud data assets and a customizable data classification engine to support the needs of business stakeholders.  

The cloud has completely changed how organizations use and secure data. With cloud development, dev and devops teams use data in a very decentralized way compared to centralized management when data is on-prem or owned by Corporate IT. This has led to the significant proliferation of data across cloud service providers, regions, architectures, and applications, resulting in shadow data and the risk of unintentional data exposure. Organizations are looking for a solution that helps them discover and classify unknown data and identify the most important security and privacy risks. 

Why Wiz built data security capabilities within our CNAPP 

This is a very similar problem to what we heard about proliferating cloud environments that led us to build Wiz initially. Customers asked us to identify critical cloud risks before they became threats, which led to us building automated attack path analysis to illustrate how an attacker can reach high-value assets. It became clear that we would need to go a step further and also correlate sensitive data to complete the full attack path. 

By having integrated data exposure protection in our CNAPP, Wiz for DSPM automatically correlates data risks with other cloud risks such as public exposure, vulnerabilities, and lateral movement on the Wiz Security Graph to uncover complex attack paths that pose the greatest threat to your sensitive data. For example, financial services customers want to not only answer the question of what PCI or PII data is stored where, but also be able to correlate their data risks with other cloud risks to uncover complex attack paths that pose the greatest threat to their sensitive data. 

Having all capabilities in one platform allows enterprises to protect their cloud data every time a developer creates a new database to ensure PII fields are encrypted, regardless of the underlying infrastructure. The focus on cloud data helps to secure the data regardless of the storage infrastructure because as the data moves or is copied, its security controls and policies move with the data. 

This also allows for assessing CIS compliance frameworks covering both the database and storage level agentlessly, providing better compliance. For instance, healthcare customers need to ensure the security of electronic health records to reduce the risk of unauthorized access of patient privacy to meet HIPAA compliance requirements.

Having a CNAPP instead of a siloed data security tool is critical in both use cases to reduce the risk of cyber-attacks and meet compliance requirements. 

The days of siloed data security tools are over 

Like many other siloed tools, data security is increasingly becoming part of the cloud security consolidation trend. Enterprises want to secure cloud-native applications and their underlying data from development to production using a unified platform across all teams including security, DevOps, and data protection. According to Gartner’s 2023 Market Guide for CNAPP, 80% of enterprises will have consolidated security tooling for the life cycle protection of cloud-native applications to three or fewer vendors. Organizations need an integrated approach across the development lifecycle and be able to discover data that might be compromised before shifting left towards developers. By using a cloud-native application protection platform (CNAPP) that has integrated data security capabilities, companies can protect their sensitive data and reduce the risk of data breaches. 

Gartner recently included Wiz as a DSPM vendor in their 2023 DSPM Innovation Insight report. In the same report, it's cited that by 2026, more than 26% of organizations will deploy DSPM technology, due to the urgent requirements of identifying and finding previously unknown data repositories. As the only CNAPP on that list, we got there by listening to our customers. They wanted a comprehensive security platform that also understands data. By adding discovery and classification capabilities to include sensitive data, our CNAPP can assess policies, permissions, and risks to help organizations protect their sensitive data assets in the cloud via detection, automation, remediation, and proactive incident response. The discovery applies to PaaS, IaaS, and DBaaS across the clouds.  

For more information on how Wiz can help your organization discover and protect your cloud data, please visit

Continue reading

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management