GigaOm Radar for Data Security Platforms (DSP) v3

Data is a vital asset for all organizations. Ensuring it remains secure, protected, and used responsibly is a crucial objective. Traditionally, organizations have relied on standalone tools; however, these are becoming less effective as data volumes increase and infrastructure grows more complex. At the same time, the concept of data security has evolved. It is no longer just about finding reliable methods to operationalize data while maintaining security and privacy. Today, the surge in demand for AI-driven solutions ranging from GenAI tools to the development of data lakes and AI pipelines organizations can use to create their own language models and AI platforms is creating new challenges for data security. There is a demand for ways to share data effectively with AI tools while still maintaining security and control. 

Data security platforms (DSPs) aggregate the data protection requirements of an organization into a single solution offering capabilities such as:

• Discovery and classification: The ability to find data, understand its content and sensitivity, and apply classifications where necessary

• Access security: An understanding of who should have access to which data, ensuring it is not overshared

• Auditing: Insight into how data is being used—who accessed it, when, and with whom it was shared

• Usage and risk analysis: An understanding of data usage and identification of situations when usage and usage patterns present a risk to data security

• Secure sharing: Today, data can’t live in a silo, but it must be shared only in an appropriate manner. The guardrails to ensure this may include encryption, rights management, anonymization, and masking techniques.

Poorly managed and secured data exposes organizations to data breaches, and DSPs have emerged to address this. DSP providers include established vendors with a solid reputation for data security and newer vendors that have developed DSP solutions from scratch. This includes DSP vendors offering cloud-based SaaS solutions to enhance adoption options and accessibility.

It is a space that continues to evolve as data infrastructures become more fragmented and the demands on data, especially from the growing use of AI and analytics tools, increase. Solution providers in this space keep developing their offerings, focusing on ensuring smarter security and adopting approaches like zero trust. The vendors use AI tools to improve the accuracy of their data security enforcement and offer better ways to help security professionals handle a wide range of data security threats. They are also leveraging AI to assist security teams and operations staff in more efficiently reviewing incidents and automating responses. Vendors are also exploring ways to ensure their tools help protect AI pipelines so that learning models and AI agents can access and are trained on only appropriate data. 

Implementing a DSP solution is not simple, and although these solutions are accessible to organizations of all sizes, it’s important to understand they are not usually tools for the IT department. Successfully adopting a DSP is a significant project that requires an organization to recognize responsibility for data, identify data owners, and establish policies for data classification, usage, and governance.

DSPs offer comprehensive tools to help ease the burden of data security and enhance its management. The risks posed by poor and overly complex data security solutions are substantial. A data security incident can lead to financial, reputational, and legal consequences. Addressing data security challenges should be a priority, and a DSP solution can deliver significant benefits.

This is our third year evaluating the DSP space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year. 

This GigaOm Radar report examines 19 of the top DSP solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading DSP offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and nonfunctional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector.

To help prospective customers find the best fit for their use case and business requirements, we assess how well DSP solutions are designed to serve specific target markets and deployment models (Table 1).

For this report, we recognize the following market segments:

• Small-to-medium business (SMB): In this category, we assess solutions on their ability to meet the needs of organizations ranging from small businesses to medium-sized companies. Here, ease of use and deployment are more important than extensive management functionality and feature set.

• Large enterprise: Here, offerings are assessed on their ability to support large and business-critical projects. Optimal solutions in this category have a strong focus on flexibility, performance, scalability, and the ability to effectively integrate into existing environments.

• Public sector: While the infrastructure of these environments is likely to be similar to those of SMBs and enterprises, these organizations typically have some constraints, especially around needing suppliers to meet specific requirements laid out in procurement frameworks. Solutions must be able to meet the demands of those frameworks.

• Managed service provider (MSP): Increasingly, organizations across all IT disciplines are looking to managed services to augment in-house capabilities. Here, we assess vendors on how effective they are either in supporting MSPs, both technically and commercially, or in offering their own managed services.

In addition, we recognize the following deployment models:

• Software as a service (SaaS): These solutions are available only in the cloud. Designed, deployed, and managed by the service provider, they are available only from that specific provider. The advantages of this type of solution are its simplicity, ease and speed of scaling, and flexible licensing models. We recognize that some DSP solutions are likely to include endpoint agents or other integration elements, so SaaS relates to the way the core administration and management engines are deployed.

• Self-hosted on-prem: These are deployed as self-hosted solutions in an on-prem data center or colocation facility. The on-prem platform can be an appliance or software installation on a server operating system. In these instances, the primary management platform and assessment and enforcement engines will be delivered from the on-prem solution. Solutions are not shared and are specific to a single customer.

• Self-hosted on cloud: These are deployed and supported on a major public cloud. The image can constitute an “appliance” or can be software and operating system-based. The primary management platform and assessment and enforcement engines will be delivered from the public cloud. These solutions are not shared and are specific to a single customer.

• Managed service: These solutions are fully hosted, operated, and delivered by the vendor directly to customers. They are not delivered by third parties. In this model, the vendor provides resources that oversee the platform, make changes, and take actions based on identified risk. Customers typically are not involved with this unless dictated by an agreement with the customer or delivered as part of a comanaged service. 

Table 1. Vendor Positioning: Target Market and Deployment Model

Table 1 components are evaluated in a binary yes/no manner and do not factor into a vendor’s designation as a Leader, Challenger, or Entrant on the Radar chart (Figure 1). 

“Target market” reflects which use cases each solution is recommended for, not simply whether that group can use it. For example, if an SMB could use a solution but doing so would be cost-prohibitive, that solution would be rated “no” for SMBs.

All solutions included in this Radar report meet the following table stakes—capabilities widely adopted and well implemented in the sector:

• Data discovery

• Risk classification

• Data access assessment

• Baseline reporting

• Data security enforcement

Tables 2, 3, and 4 summarize how each vendor in this research performs in the areas we consider differentiating and critical in this sector. The objective is to give the reader a snapshot of the technical capabilities of available solutions, define the perimeter of the relevant market space, and gauge the potential impact on the business.

• Key features differentiate solutions, highlighting the primary criteria to be considered when evaluating a DSP solution

• Emerging features show how well each vendor implements capabilities that are not yet mainstream but are expected to become more widespread and compelling within the next 12 to 18 months 

• Business criteria provide insight into the nonfunctional requirements that factor into a purchase decision and determine a solution’s impact on an organization

These decision criteria are summarized below. More detailed descriptions can be found in the corresponding report, “GigaOm Key Criteria for Evaluating DSP Solutions.”

Key Features

• Service integrations: Solutions that provide the broadest coverage will offer the most value, so DSPs must be able to integrate with a wide range of products, whether through agents, proxies, APIs, or other methods. These products should be able to handle unstructured, semistructured, and structured data types across cloud, SaaS, and on-prem implementations.

• Encryption and rights management: Organizations must maintain tight security and control over their data, but this must not compromise data accessibility and usability. Encryption and rights management capabilities can keep data safe by ensuring it can be accessed only by specific personas or roles and, at the same time, allow the data to be shared or moved to new locations without compromising security.

• Advanced data security: DSPs need to provide enhanced data security controls, especially for protecting data privacy. This includes the ability to anonymize data, allowing it to be used while safeguarding the security and privacy of the information. There are multiple methods to obscure data so that data sets can be safely reused and shared without risking security or privacy. DSPs should offer ways to prevent unauthorized access to sensitive information such as PII. 

• Compliance reporting: Many organizations develop their data security strategies in order to adhere to specific industry regulations or standards. This can be a complex undertaking. DSP tools should provide support for assessing regulatory readiness, including reports and dashboards that offer guidance to organizations on how their current data usage aligns with specific regulatory criteria and the steps they can take to address any gaps.

• Access security: Data access security involves monitoring user rights and privileges when interacting with data and applications, ensuring users are authorized to access what they need and only what they need. Knowing who has access is key to keeping data secure and appropriate. The best tools not only identify threats but also can quickly take actions to reduce or eliminate risks. 

• Behavioral analytics: Behavioral analytics can be a valuable addition to DSP solutions. Not only can it help spot anomalous behavior and advanced threats that evade other detection techniques, it may be able to offer adaptive security responses. Ideally, solutions should be capable of automating much of this, deriving baselines of behavior and then identifying deviations and either alerting on them or carrying out threat mitigation actions. 

• AI analysis and investigation: The scope of the data security threat is a major operational challenge, leaving security teams to interpret the large volumes of information they encounter. The adoption of LLMs and other natural language models helps in understanding and effectively querying this data, reducing the workload for security analysts. Leading solutions are providing AI tools to boost operational efficiency, from incident investigation to automating policy and threat mitigation.

Table 2. Key Features Comparison

Emerging Features

• AI assistants: While AI/ML and analytics already enhance accuracy behind the scenes, copilot-type technology such as AI-powered assistants that can interact with users and operations teams offers even greater value by guiding operations through tasks, automating routine actions, and streamlining workflows, allowing them to identify and stop threats more effectively.

• Edge and IoT data security: Data is increasingly generated and processed at the edge (including IoT devices, operational technology (OT) systems in industrial settings, smart sensors, and mobile devices) before reaching traditional corporate networks or cloud environments. This creates new blind spots for traditional DSPs, so modern security tools must offer customers ways to manage the risks posed by these devices. 

• Security for AI/ML models and data pipelines: As AI becomes pervasive, it’s essential to safeguard not only the data used by AI but also the AI models themselves, along with the complex pipelines that train and deploy them. Potential threats include tampering, intellectual property theft, and adversarial attacks. Vendors will need to develop strategies to address these issues, including protecting against data poisoning, model inversion attacks, and ensuring the integrity and explainability of AI decisions. 

Table 3. Emerging Features Comparison 

Business Criteria

• Ease of use: Driving effective adoption is crucial for the success of any IT project. Adoption can be facilitated in many ways, including seamless integration with existing platforms and the ability to add new solutions to current workflows. An important aspect of this is ensuring the platform and vendor are easy to work with. Vendors that succeed by making their solutions user friendly, unobtrusive, and part of daily workflows will foster adoption and minimize related friction.

• Ease of management: The challenge of protecting data from ever-increasing threats is complex, and any solution being implemented to reduce the risk shouldn’t add complexity. Businesses welcome tools that make management easy, provide central administration and reporting, and automate repetitive tasks. It’s more than the technology that’s important here. Vendors that provide services such as support, training, and proactive account management will help ease the overall management burden of a solution.

• Flexibility: Customer environments differ and change over time. DSP tools must be flexible as well, offering different deployment models, adoption techniques, and commercial adaptability to fit a broad range of potential customer needs. 

• Cost transparency: Businesses need to understand the full cost of a potential technology investment. This includes the price of a license, as well as adoption and running costs. Vendors that make pricing and licensing clear so that customers can evaluate costs easily are appealing. 

• Ecosystem: A vendor’s ecosystem consists of the products, services, integrations, partners, and communities that support that vendor’s offerings. The breadth of that ecosystem determines how well a solution would fit into an organization’s broader technology landscape, not just immediately but in the long run. When evaluating solutions, organizations should consider the variety of partners within the vendor’s broader ecosystem, which can further enhance flexibility, support, and long-term success.

• Interoperability: An effective DSP strategy cannot be successful in a silo. Therefore, solutions must be able to integrate with the tools customers already use, which may include EDR, NDR, and firewalls, as well as operations tools such as service desk systems and SIEM solutions. 

Table 4. Business Criteria Comparison

The GigaOm Radar plots vendor solutions across a series of concentric rings with those positioned closer to the center being judged as having the most complete solution. The chart characterizes each vendor on two axes—balancing Maturity versus Innovation and Feature Play versus Platform Play—while providing an arrowhead that projects each solution’s expected evolution over the coming 12 to 18 months.

Figure 1. GigaOm Radar for DSP Solutions

As you can see, Figure 1 reflects many vendor changes since last year’s report. While the number of vendors only increased by two, from 17 to 19, there have been substantial changes involving several vendors, including acquisitions by some larger portfolio vendors and some vendors pivoting from data security to specialize in specific areas such as AI security management. This suggests continued interest in addressing ever-increasing data security challenges for customers, and highlights ongoing flux in this market, and it has resulted in the addition of several new vendors in our report. DSP vendors remain attractive targets for acquisition by larger platform companies seeking to strengthen their data security capabilities. 

This trend is also reflected in the much larger proportion of vendors on the Platform Play side of our Radar, indicating that vendors tackling the problem now recognize the importance of addressing it comprehensively—covering all aspects and appealing to a broad market. The Feature Play vendors, in contrast, mainly focus on specific areas of data security, such as cloud-only protection, database security, or response orchestration, instead of offering comprehensive native data security capabilities. More vendors are positioned in the Maturity hemisphere, which is expected in a third report iteration, indicating the focus of most on providing more complete and stable solutions with an emphasis on predictable progress. Nevertheless, the presence of several in the Innovation hemisphere highlights ongoing market volatility. Many of these have been acquired or have acquired others as part of larger data security platform strategies. This trend is likely to continue, especially with the rise of AI, which creates a need to secure data sets from AI access and to manage AI pipelines within organizations. Vendors may seek to acquire specialized AI security companies to meet these demands.

There is also a clear distinction between Leaders and Challengers. A strong group of Leaders in this report distinguish themselves in areas such as behavioral analytics, AI investigation, access security, and a wide range of service integrations. However, Challengers are likely to continue developing their offerings in these areas to bridge the gaps. The report also highlights three Outperformers, standout vendors that have shown notable leadership in using AI assistants and integrating their tools with AI and machine learning pipelines. These vendors have also made significant improvements over the past year and support their advancements with a solid and comprehensive roadmap. 

In reviewing solutions, it’s important to keep in mind that there are no universal “best” or “worst” offerings; every solution has aspects that might make it a better or worse fit for specific customer requirements. Prospective customers should consider their current and future needs when comparing solutions and vendor roadmaps.

INSIDE THE GIGAOM RADAR

To create the GigaOm Radar graphic, key features, emerging features, and business criteria are scored and weighted. Key features and business criteria receive the highest weighting and have the most impact on vendor positioning on the Radar graphic. Emerging features receive a lower weighting and have a lower impact on vendor positioning on the Radar graphic. The resulting chart is a forward-looking perspective on all the vendors in this report, based on their products’ technical capabilities and roadmaps.

Note that the Radar is technology-focused, and business considerations such as vendor market share, customer share, spend, recency or longevity in the market, and so on are not considered in our evaluations. As such, these factors do not impact scoring and positioning on the Radar graphic.

For more information, please visit our Methodology.

Bedrock Data: Bedrock Data Security Platform

Solution Overview
Bedrock Data helps customers discover, classify, and protect sensitive data across distributed infrastructure. The solution is aimed at solving the data security challenges in modern hybrid environments.

The Bedrock Data Security Platform is cloud-native with two main parts: Bedrock Outpost (deployed in customer environments) and Bedrock Console, which includes modules for data discovery, classification, entitlement analysis, risk detection, and policy enforcement. Customers deploy a lightweight, serverless Outpost within their environment, integrating with SaaS, PaaS, and IaaS systems via native APIs. Outpost collects metadata on data assets, access, identity, and behavior, which is sent to the control plane for analysis and policy enforcement. Bedrock Data’s metadata lake correlates sensitivity, access, movement, and configuration across the data environment, enabling real-time risk detection, policy enforcement, and automation. Bedrock Data identifies risks by analyzing data sensitivity, access, entitlements, lineage, data ownership and behavioral signals to detect overshared datasets, stale or over-permissioned access, policy violations, and shadow data in unmanaged SaaS or cloud storage. Responses can enforce security controls via APIs into protected apps, with prebuilt Tines-based orchestrations provided.

The solution’s strength lies in its ability to understand data and its lineage using correlation based on its patented data fingerprinting and content similarity analysis. It accurately shows customers the data types they hold and the potential risks, providing detailed lineage to reveal points where data exposure or risk occurs.

Bedrock Data invested heavily in AI, allowing analysts to query data and create policies via natural language. The platform targets customers handling petabyte-scale data. It is sold as a single solution.

Bedrock Data is positioned as a Challenger and Fast Mover in the Innovation/Feature Play quadrant of the DSP Radar chart.

Strengths
Bedrock Data scored well on a number of decision criteria, including:

• Compliance reporting: Bedrock Data enables customers to analyze their data security posture against key regulatory frameworks, including GDPR, CCPA, HIPAA, SOC 2, and ISO 27001. The solution provides customizable dashboards and formal reports, designed to align with the requirements of various compliance frameworks, offering a real-time view of an organization's security posture. The reports are designed for interoperability and can integrate with external governance, risk management, and compliance solutions. 

• AI analysis and investigation: Bedrock Data uses AI directly in the analyst and operations workflow to simplify investigations, prioritize risks, and provide guided insights. It is surfaced in the platform through a built-in copilot assistant and metadata-driven investigation tools. These help analysts to investigate specific incidents, validate policy compliance, and understand data lineage. 

• Access security: The solution provides continuous visibility into data access activity, analyzing the places where users access data from, how they access it, and whether that activity introduces risk. This context enables customers to move beyond static classification and apply dynamic protections based on real-world usage. It provides access visibility across SaaS, PaaS, and IaaS repositories. 

Opportunities
Bedrock Data has room for improvement in a few decision criteria, including:

• Service integrations: Bedrock Data offers good coverage of cloud-based SaaS, IaaS, PaaS platforms. Extending that coverage to other types of repositories, such as endpoints, would heighten its appeal.

• Encryption and rights management: Bedrock Data has limited native capability in this area. It can add a label to data to be marked for encryption and rights management, but it can’t natively apply such controls and requires integration with a third-party tool to do so. Delivering native encryption capabilities and rights management could help simplify this type of advanced data security for customers, removing the reliance on third-party tools.

• Advanced data security: Bedrock Data doesn’t provide advanced privacy options natively in its product. While it is capable of identifying data that is not masked but should be, and can then trigger a workflow to address the issue, this is done externally via integration. Adding this capability natively would help reduce complexity for customers, removing the need for external integration and orchestration. 

Purchase Considerations
Bedrock Data is licensed on a subscription basis, typically priced by the size of data assets (files, objects, records) in the infrastructure (IaaS/PaaS) under management rather than per user or device, though licensing for SaaS-based apps is per user. The minimum commitment is 12 months. Pricing is available directly through Bedrock Data’s sales team or authorized partners. Pricing is not publicly listed online.

Bedrock’s SaaS model and API integrations enable a straightforward deployment. In some use cases, such as those needing highly customized data governance policies, multicloud or multi-business-unit segmentation, or complex migration from existing platforms, professional services will prove helpful. Customers should plan for some upfront effort to normalize metadata and align policy structures.

This is a solution designed for large, multi-petabyte enterprises; it is not aimed at SMBs.

Use Cases
Bedrock Data’s Data Security Platform addresses several use cases. It helps organizations reduce data exposure, preventing leaks and fixing risks. It ensures responsible AI and GenAI adoption by detecting and controlling the way sensitive data is used in AI pipelines, protecting regulated content and maintaining compliance. And it supports compliance and governance by continuously collecting audit evidence and enforcing regulatory data controls, making audits easier and reducing manual work. 

BigID: BigID Next

Solution Overview
BigID provides customers with solutions that secure enterprise data and helps them manage privacy, compliance, and governance and address the challenges that AI innovation has brought to organizations.

BigID Next enables enterprises to discover, classify, and secure sensitive, personal, and high-risk data across cloud, SaaS, and on-prem environments. The extensible platform offers modular apps for security, privacy, data governance, and AI risk management and can be deployed as SaaS or self-hosted in the cloud or on-prem. It uses in-place, agentless scanning so data never leaves customer environments and supports structured, unstructured, and semistructured sources. After the core deployment, customers can easily add modules to address specific needs such as data protection, governance, privacy, compliance, and AI security posture management (AI-SPM).

BigID creates a real-time, identity-aware map of data. This helps customers understand context, sensitivity, and risk. Once risks are detected, the solution offers native remediation options. Customers can delete outdated or redundant data, quarantine exposed files, revoke access rights, enforce retention or masking policies, and trigger automated external workflows for actions such as encryption.

Management is via a single console with unified dashboards for policy setup, alerting, investigation, and reporting. BigID uses RBAC, ABAC, and PBAC to enforce dynamic, contextual access decisions based on user role, business unit, geography, or sensitivity classification, allowing different teams to work with the same data sets while maintaining individual views.

The vendor continues to develop at a pace, adding new features to the platform. Customers can expect to see continued high-paced innovation, some of which may lead to requirements for additional training or process change. 

BigID is positioned as a Leader and Outperformer in the Innovation/Platform Play quadrant of the DSP Radar chart.

Strengths
BigID scored well on a number of decision criteria, including:

• Service integrations: BigID not only offers an excellent selection of prebuilt integrations, it also enables customers to develop custom integrations via its APIs. The solution provides comprehensive service protection across all data types, whether in the cloud, on-prem, or as SaaS applications, including data from mainframes, messaging apps, pipelines, big data, and NoSQL environments. 

• Compliance reporting: BigID provides compliance-centric reporting and dashboards that map an organization’s data security posture directly to regulatory and industry frameworks. It presents an aggregated, framework-level view so customers can assess their position against regulations like GDPR, CCPA/CPRA, HIPAA, PCI, and SOX. These reports highlight the ways data discovery, classification, exposure, and remediation outcomes align with key framework requirements.

• Access security: BigID provides organizations with deep visibility into who has access to sensitive data across all environments. Its insights and reporting uncover excessive or inappropriate permissions, monitor access patterns, and track key security metrics over time. The platform integrates access intelligence and governance capabilities to support identity access reviews, verify attestations, and enforce remediation actions. Automated workflows can also trigger incident response processes, such as opening ITSM tickets or launching SOAR playbooks, to quickly contain and resolve access-related risks.

BigID was classified as an Outperformer because of its strong development performance over the last 12 months. In particular, its strong focus on AI security and the development of AI across its platform has enhanced investigation and operational efficiency. Moreover, the company shows  a strong roadmap looking forward, which we anticipate it will deliver against. 

Opportunities
BigID has room for improvement in a few decision criteria, including:

• Encryption and rights management: BigID doesn’t provide advanced data security options natively, but it does act as the essential control plane. It discovers and classifies sensitive data, then integrates with external solutions that will enforce security controls, like manual or automated encryption. Building some of these capabilities directly into the product would further enhance it and reduce customers' reliance on additional tools and integrations. 

• Advanced data security: While BigID has added advanced capabilities like native data obfuscation features for Kafka and S3 and it can also activate built-in functions in third-party repositories like Snowflake and Databricks, providing more native features to support a broader range of data repositories would help customers improve data privacy and security controls. 

• Behavior analytics: While its data activity monitoring capability allows customers to gather contextual insights into data access patterns, it is currently limited to unstructured datasets only. Extending this feature to other datasets it protects would help customers gain a more comprehensive view of user and data interactions.

Purchase Considerations
BigID is offered as a subscription-based license, priced primarily by data volume and modules selected. The minimum commitment is typically annual. Pricing is not listed publicly; it is provided through direct engagement with BigID or authorized partners.

BigID’s agentless, in-place deployment, along with out-of-the-box policies, connectors, and classifiers, should simplify the deployment process, though customers who self-host will need the necessary skills to set up the system. For customers requiring additional support, including those self-hosting, professional services are available, allowing them to request assistance with initial configuration, policy tuning, and integration with downstream tools. Additional training is available through BigID University. For SMBs, BigID offers BigID Express, a quick-start version with minimal setup, focused features, and fast deployment. 

Use Cases
BigID Next addresses several use cases, including reducing risks to sensitive data by automating remediation (deletion, masking, quarantine, and access revocation). It also helps customers govern data access to prevent insider threats and enforce zero trust. It can be a core aspect of AI adoption by protecting data used in cloud and AI workflows, identifying toxic data combinations, and enforcing compliance policies. Its modular composition is ideal for customers looking to take a structured approach to data security, addressing specific use cases but still able to handle additional issues easily with the same vendor. 

Cyera: Cyera Data Security Platform (DSP)

Solution Overview
Cyera offers a leading AI-native data security platform that enables organizations to discover, monitor, and safeguard their data across a wide range of environments. 

The Cyera Data Security Platform is available as SaaS or an “outpost” deployment for those needing local processing. The platform is modular, built around its core data security posture management (DSPM) component, with additional modules, such as data loss prevention (DLP), identity, and privacy, that can be added to extend the solution.

Cyera connects to data sources via API to scan cloud and SaaS repositories agentlessly. It aggregates telemetry from the integrated platforms and uses AI to analyze security telemetry. This provides high-fidelity risk identification that combines sensitivity, access rights, and usage patterns to highlight oversharing, dormant high-privilege accounts, excessive access, and AI misuse. When risk is identified, the platform uses AI to summarize the risk, provide guided remediation, and assist in building dynamic response policies. Responses are then triggered, via integration directly into the applications where the data loss risk has been identified. The platform is managed with a single web console for discovery, policy creation, reporting, alerting, and investigation.

The vendor has made significant investments in AI, with plans to soon release specialized security tools in this area. In addition, its Dataport solution provides a managed Snowflake instance of Cyera metadata in well-structured and documented tables for querying and integration with customer stacks (AI, SOC, GRC, and so forth), allowing customer AI stacks to provide natural language queries that do not affect production performance.

Cyera is continuing to develop its platform through both internal means and strategic acquisitions. Customers should be aware that such acquisitions can lead to additional costs for training and workflow adjustments. 

Cyera is positioned as a Leader and Fast Mover in the Innovation/Platform Play quadrant of the DSP Radar chart.

Strengths
Cyera scored well on a number of decision criteria, including:

• Service integrations: Cyera primarily uses native APIs for agentless, in-place scanning and metadata analysis, ensuring rapid deployment without disrupting production systems. It offers broad support for services across cloud, SaaS, and on-prem infrastructure. For on-prem systems, lightweight connectors or secure onboarding with PKCS1-encrypted credentials are supported. Its Outpost deployments provide sovereignty and hybrid coverage by deploying the Data Analysis Service inside a customer’s environment.

• Behavior analytics: Cyera offers behavior analytics by correlating data sensitivity, identity context, and activity patterns to detect unusual or risky actions in real time. It establishes behavioral baselines, and its identity module maps both human and nonhuman identities (such as service accounts, APIs, AI copilots), enabling it to identify anomalies like “non-HR identities accessing employee records” or “contractors downloading sensitive R&D data.” Cyera can take adaptive actions instantly, such as blocking exfiltration, redacting sensitive information, revoking shared links, or stopping dangerous AI agent activities before they occur.

• Access security: Cyera improves access security by continuously linking sensitive data with authorized identities, monitoring usage patterns, and enforcing least privilege access across cloud, SaaS, on-prem, and AI environments. It associates human, machine, and AI identities with the data they can access, enriched with signals like MFA status, HR role, contractor status, and usage history. Cyera also highlights changes in access over time, including privilege creep, inherited entitlements, and stale admin accounts. The upcoming release of its “access audit” feature will enhance this further with forensic-level visibility into exactly what data identities are accessed, when, and under what circumstances.

Opportunities
Cyera has room for improvement in a few decision criteria, including:

• Encryption and rights management: Cyera does help customers address secure sharing challenges today through integrations with third-party rights management tools. This is also the case with encryption, which, while not natively provided, is orchestrated with tools that have native controls, such as Snowflake dynamic masking. There are two areas where Cyera could add more value: building native capabilities to provide these services where existing applications and repositories do not support them, and continuing to expand its integrations library to support encryption and rights management orchestration across a broader range of repositories.

• Compliance reporting: Cyera recently launched its compliance-focused reporting dashboard, which provides customers with a view of their compliance status. Cyera has an opportunity to enhance this further and deliver significant value to customers by expanding the range of supported frameworks and the controls customers can evaluate and enforce. 

Purchase Considerations
Cyera’s licensing is subscription-based with a 12-month minimum term. Licensing depends on modules; for example, its DSPM and DLP modules are licensed by data volume for IaaS, DBaaS, and on-prem, and by user or seat for SaaS. Pricing is available through direct sales and partners rather than being published online.

As a SaaS solution that uses API integration, the system should not be difficult to deploy. However, professional services are available if needed, although they are mainly used for large-scale enterprise onboarding or to integrate Cyera’s remediation workflows into customer ticketing and automation systems. For those needing additional support, DataWatcher is Cyera’s 24/7 managed data detection and response service.

Cyera’s solution is designed for larger organizations and is probably not suitable for SMBs.

Use Cases
Cyera’s rapid petabyte-scale scanning and precise classification enable organizations to quickly analyze extensive datasets, allowing them to put data security and policy enforcement in place much faster than with traditional solutions. Discovering and classifying sensitive data also helps companies meet regulatory compliance goals.

Data Dynamics: Zubin

Solution Overview
Data Dynamics is a software company specializing in delivering enterprise-level solutions for data management and security. Its AI-powered self-service data management software, Zubin, enables organizations to efficiently manage data across hybrid cloud environments.

Zubin is an integrated solution designed to manage and secure unstructured data. It is a self-hosted enterprise solution that can be installed on-prem or on cloud-based IaaS. It aims to address areas such as risk assessment, DSPM, privacy compliance, data residency and sovereignty, and sustainable data lifecycle management. The core Zubin platform includes modules for data discovery, classification, and risk analysis, as well as a management console. It integrates with the services it protects, including endpoints, servers, SMB, NFS, and S3 via protocol-driven connectors. 

Zubin detects threats and risks through metadata analysis and statistical sampling of file content, utilizing AI to evaluate factors like permission risks, dark data, duplicates, and regulatory compliance. Heat maps visualize risk concentrations across geographic locations, data centers, and departments. Data Dynamics continues to develop the product, adding enhanced capabilities for behavior analysis to better identify risks. The solution also provides data security and access controls, along with a data policy creation and workflow orchestration engine to automate the classification and enforcement of data compliance rules.

The solution is modular, although the core Zubin platform will meet DSP needs outlined in this report. 

Data Dynamics is positioned as a Challenger and Fast Mover in the Maturity/Platform Play quadrant of the DSP  Radar chart.

Strengths
Data Dynamics scored well on a number of decision criteria, including:

• Access security: Data Dynamics provides comprehensive threat analysis and risk remediation across all repositories it supports. This includes quarantining data at risk, policy enforcement to restrict access, and adjusting user permissions dynamically based on real-time analysis of user activity. Rules are customizable, and access security is enhanced by integration with a range of third-party identity providers (IdPs).

• Compliance reporting: Data Dynamics’ comprehensive dashboard displays access control, data redundancy, data sensitivity, and data retention risk scores. While it doesn’t ship with prebuilt specific framework reports, customers can use the telemetry gathered to build custom reports to understand their compliance position. They can also use its APIs to integrate with enterprise governance, risk, and compliance (GRC) tools to centralize compliance reporting. 

• AI analysis and investigation: Zubin’s AI prioritizes risks within the console by ranking heat map insights based on severity and exposure levels, guiding analysts to focus on critical areas. The AI simplifies investigations by providing pre-analyzed summaries of file access patterns and metadata changes, reducing the manual effort needed to explore potential threats.

Opportunities
Data Dynamics has room for improvement in a few decision criteria, including:

• Advanced data security: Zubin currently does not offer detailed data masking or obfuscation. However, it has expanded its capabilities by supporting the classification of files where privacy preservation techniques (like masking or obfuscation) have already been applied. By identifying these files as low-risk via  pre-applied techniques, Zubin ensures proper labeling and management, enabling secure use in applications and testing environments. There is potential for improvement by adding native support for advanced obfuscation and privacy techniques, as well as the ability to utilize and orchestrate these features across other data repositories. 

• Service integrations: Data Dynamics provides integrations for a variety of platforms such as Azure Blob, S3, and Google. It also connects with on-prem file services. However, the solution is currently limited to unstructured data types. Expanding support to include structured types like databases would help them achieve more comprehensive data security coverage, enabling customers to better manage risks within a single platform.

• Behavior analytics: Zubin applies behavioral analytics by using metadata (such as location information) to help organizations identify when data access events present potential sovereignty issues, even when those events aren’t occurring in real time. There is an opportunity for Data Dynamics to broaden behavior analytics and include metrics about devices and authentication methods for a fuller picture. 

Purchase Considerations
Licensing for Zubin is based on the amount (in terabytes) of unstructured data managed, providing a scalable model tailored to large-scale data environments. Licensing is subscription-based with a minimum commitment of one year. Pricing is not available on the website; customers must request it directly through the Data Dynamics sales team or authorized partner channels.

Zubin is a self-hosted platform, so it requires more effort compared to SaaS platforms. This includes managing and maintaining the necessary infrastructure. However, its API integration architecture is designed to ease deployment complexity. Standard implementation support is available for customers who need assistance. Data Dynamics also offers a managed service deployment model, whereby end customers own the devices and Data Dynamics manages Zubin on their behalf.

While technically this is a solution that would work for SMBs, Data Dynamics’ focus is on customers with over 5,000 users. 

Use Cases
Data Dynamics Zubin addresses various use cases for its customers, including helping them gain visibility into unstructured data repositories, identifying volume, age, and access patterns to establish a solid data security foundation for large enterprises. It also helps detect sensitive data and usage risks through AI-driven metadata and content analysis, enabling proactive protection and remediation. Additionally, it supports data owner-led actions, such as reclassification, deletion, data pipeline integration, and data migrations, to effectively handle these risks.

Forcepoint: Forcepoint Data Security

Solution Overview
Forcepoint is a cybersecurity company that provides a data security everywhere solution, protecting data across endpoints, cloud applications, email, web, and networks with unified and adaptive behavior-based policy enforcement.

Forcepoint Data Security is a unified solution designed to protect sensitive data across endpoints, cloud apps, networks, and email. Deployed as a SaaS solution (although on-prem deployments remain supported), its AI-powered engine continuously monitors data-in-motion, data-at-rest, and data-in-use, applying real-time classification and adaptive risk scoring to identify potential threats. Forcepoint’s DSPM and DLP capabilities leverage behavioral analytics and over 1,700 prebuilt compliance policies to detect anomalous activity and enforce granular controls. The platform enables automated policy enforcement, forensic logging, and dynamic remediation, reducing breach risk while supporting audit readiness. Its modular architecture, combining DSPM, DLP, and data detection and response (DDR), allows for flexible deployment.

The platform identifies data risk using AI mesh technology for rapid and accurate classification of sensitive information. It continuously monitors to detect risky behavior and overexposed data. This visibility enables the platform to dynamically enforce data security controls through its Risk-Adaptive Protection technology that automatically adjusts policies based on user actions and contextual risk. A single management console streamlines policy creation and incident response, simplifying operations for technical teams.

Forcepoint is positioned as a Challenger and Fast Mover in the Maturity/Platform Play quadrant of the DSP Radar chart.

Strengths
Forcepoint scored well on a number of decision criteria, including:

• Behavior analytics: Forcepoint’s dedicated activity monitoring is designed to look at risky behaviors and trends over time. The solution provides additional analysis to understand threats and prioritize risks. It can then use its Risk Adaptive Protection to adjust policy enforcement based on the real-time scoring of each user. Scores of info (zero), low, medium, high, and critical risk help drive more accurate and specific threat discovery and risk reduction.

• Advanced data security: Forcepoint offers comprehensive capabilities that are natively integrated into the platform. This includes the ability to apply advanced techniques like pseudonymization, tokenization, and generalization. It can enforce customizable data anonymization policies to meet specific needs, such as ensuring compliance and reducing data breach risks.

• Encryption and rights management: Forcepoint provides native encryption of the datasets it supports, which is beneficial for its customers, enabling them to enhance the security of data at rest and in transit. However, it lacks rights management capabilities.

Opportunities
Forcepoint has room for improvement in a few decision criteria, including:

• AI analysis and investigation: While the solution uses AI well in the background to drive accuracy and classification and to automate some tasks, it is not being used to the same extent to help security analysts better interrogate data and prioritize potential risks. As with its competitors, this should be an area of focus. The use of AI tools to help summarize and prioritize risk analysis and investigation is becoming increasingly crucial in improving operational efficiency and driving more value from the solution. 

• Compliance reporting: Forcepoint offers a broad range of classifiers (some 1700 out of the box), using these to identify data that would be categorized against certain compliance types. However, the solution does not provide a compliance-centric view of regulatory frameworks, which would enable compliance teams to understand how data security impacts business compliance. 

• Service integrations: Currently, Forcepoint’s data security coverage is provided through multiple products. Consolidating them into a single platform would benefit customers technically and financially. Extending data security features to structured data sets would also enable customers to achieve more complete data protection from one platform. Support for structured data is on the vendor's roadmap. 

Purchase Considerations
Forcepoint does not publish pricing on its website; however, it provides information on the different license modules that are available for both SaaS and on-prem solutions. Public information suggests licensing is subscription-based and can be per user or per device, depending on the module.

Deployment complexity varies depending on whether the deployment is SaaS or on-prem, and on the selected modules. Customers will need to assess this scenario when purchasing required modules. Forcepoint has a large partner channel as well as a professional services organization to support customers as needed.

Use Cases
Forcepoint’s Data Security platform addresses various customer use cases by automatically discovering and classifying sensitive data across cloud and on-prem environments. Its AI engine enables risk-adaptive controls that adjust security based on user behavior and context. The centralized console streamlines policy creation and incident response, effectively protecting data, simplifying operations, and reducing the risk of breaches. Its flexible deployment offers alternatives to its SaaS model, making it attractive for those looking to self-host. 

IBM: Guardium Data Security Center

Solution Overview
IBM Guardium Data Security Center (GDSC) is a unified platform designed to give enterprises full visibility and control over sensitive data across hybrid and multicloud environments. It takes advantage of architectural containerized microservices whether deployed on-prem, in private or public clouds, or consumed as SaaS. GDSC offers a range of modules that provide data discovery, classification, and vulnerability assessment across structured and unstructured sources, including databases, files, SaaS, and cloud storage. It continuously monitors data activity, establishes normal behavior baselines, and uses anomaly detection to identify insider threats, misconfigurations, and policy violations. Integrated data protection services such as encryption, tokenization, masking, and redaction work to secure data at rest, in transit, and in use.

For proactive security, GDSC provides compliance dashboards, risk scoring, and automated policy enforcement aligned with frameworks like GDPR, PCI DSS, and HIPAA. For incident response, it integrates with SIEM and SOAR platforms, enabling automated containment actions such as blocking queries, quarantining sessions, or escalating tickets.

Centralized management offers a single view for policy, monitoring, and reporting, reducing operational effort. With its modular design, AI‑driven insights, and automation, GDSC helps technical buyers improve data security, simplify compliance, and speed up responses across the enterprise.

IBM is positioned as a Leader and Fast Mover in the Maturity/Platform Play quadrant of the DSP Radar chart.

Strengths
IBM scored well on a number of decision criteria, including:

• Service integrations: The platform offers comprehensive coverage in on‑prem, cloud, and hybrid environments. It secures relational databases (Db2, Oracle, SQL Server), NoSQL and big data platforms (like MongoDB, Cassandra, Snowflake), and unstructured repositories, like file servers, and cloud storage (S3, OneDrive, Box, Google Drive). It also extends to SaaS applications, mainframe datasets, and custom applications, providing enterprises with unified coverage across virtually all critical data estates.

• Advanced data security: IBM GDSC delivers a broad set of data privacy techniques. This includes format-preserving tokenization, dynamic masking, and static masking to transform datasets for testing, development, or analytics. Redaction rules remove or obfuscate sensitive patterns (such as regex‑based SSNs) in SQL traffic or logs. These are enforced through inline interception, policy engines, and encryption APIs, with centralized key management ensuring consistent, auditable control across databases, files, applications, and cloud environments.

• Behavior analytics: IBM Guardium provides native user and entity behavior analytics (UEBA) by baselining normal access patterns, detecting anomalies, highlighting overprivileged or dormant accounts, and scoring risk based on user, data sensitivity, and environmental context. Guardium DDR enhances this analysis with AI/ML‑driven anomaly detection, long‑term behavioral analysis, contextual risk scoring, and automated response through SIEM/SOAR integration, accelerating detection‑to‑response cycles.

Opportunities
IBM has room for improvement in a few decision criteria, including:

• Compliance reporting: GDSC offers comprehensive, prebuilt compliance coverage for common regulations and also enables customers to customize templates or create new ones. It does not offer a full compliance-centric capability, however. Instead, it provides insight into which data types might impact regulation and when. To more effectively support compliance teams, providing a compliance-centric dashboard that allows customers to see data risks that can impact compliance and offers regulation gap analysis would provide significant value to compliance-centric customers. 

• Encryption and rights management: Guardiam offers native transparent file and database encryption, application‑level encryption, tokenization, dynamic and static masking, and centralized multicloud key management. However, it does not natively offer persistent digital rights management or enterprise‑wide data labeling. IBM could add further value by providing integration with rights management platforms or, ideally, by building native capabilities into the platform to avoid the need to use additional tools. 

• AI analysis and investigation: GDSC already leverages AI effectively for operational efficiency, alleviating SecOps workloads by establishing normal activity baselines, detecting anomalies, and prioritizing high-risk events with contextual scoring. However, it could expand its use of AI to enable other capabilities, such as AI-driven policy management and AI-developed automation. 

Purchase Considerations
IBM Guardium Data Security Center contains features that are available either on-prem or as SaaS. It can be licensed under either a subscription or perpetual license model. Licenses are purchased using resource units (RUs), with licenses consumed under an enterprise or usage-based model. There are several considerations for licensing Guardium and its modules. Customers should seek advice from IBM or its partners.

Depending on whether the solution is self-hosted or SaaS-based, deployment complexity will vary. However, IBM offers a broad range of professional services support for those who need it. 

Use Cases
IBM addresses several use cases with this solution. Its flexible deployment options, which include self-hosting and SaaS solutions, help organizations overcome the challenges of adopting a DSP, especially those who require the greater security and control that self-hosting provides. Moreover, its broad range of capabilities enables it to handle data discovery, DSPM, compliance, and AI security, all within a single vendor platform. It’s ideal for those looking to consolidate vendors.

Informatica: Intelligent Data Management Cloud (IDMC)

Solution Overview
Informatica’s Intelligent Data Management Cloud (IDMC) provides a data governance and privacy solution that secures sensitive information across hybrid and multicloud environments.

IDMC is designed to help enterprises enable secure access to sensitive data, including real-time and self-service access. The flexible platform can be deployed on-prem, as a cloud-native container, or as a SaaS platform. Agentless connectors and API-based integrations enable rapid deployment across diverse environments, while preconfigured templates accelerate time to value. IDMC continuously discovers and classifies sensitive data, applies context-aware policies, and detects anomalies that may indicate insider threats, ransomware, or exfiltration attempts. Risk scoring and prioritization help security teams focus on the most critical exposures, while remediation actions such as encryption, masking, tokenization, or quarantine are enforced in real time. This includes instances where native controls don’t exist, as the solution can apply its own.

Informatica’s cloud data marketplace allows organizations to submit self-service data access requests, automating access to reduce operational overhead. The vendor has invested heavily in its AI engine, CLAIRE, which drives automated discovery, classification, and policy recommendations. CLAIRE also boosts customer AI adoption by providing trusted, well-governed data pipelines that ensure models are trained on secure, high-quality data.

IDMC is a comprehensive data management platform with data security as a key feature, but this solution targets those with large data environments that need cataloging and management.

Informatica is positioned as a Leader and Fast Mover in the Maturity/Platform Play quadrant of the DSP Radar chart.

Strengths
Informatica scored well on a number of decision criteria, including:

• Advanced data security: Informatica’s extensive anonymization and obfuscation features include redaction, substitution, and tokenization. The solution can use an application’s built-in capabilities or, when these are absent, provide them natively.

• Access security: Informatica’s consumer access platform provides comprehensive visibility into data access. This is a core capability that also supports full data access lifecycle management, including granting access from requests, maintaining secure access, and removing access when no longer required. 

• AI analysis and investigation: It uses AI to assist security teams by summarizing incidents, highlighting the scope and impact of sensitive data exposure, and offering AI‑driven remediation guidance. It enables analysts to prioritize threats, automate responses, and reduce risks.

Opportunities
Informatica has room for improvement in a few decision criteria, including:

• Behavior analytics: The solution actively monitors user and system actions to create behavioral baselines. However, this is predominantly based on data access monitoring. Expanding the scope to include more user- and identity-based telemetry would provide a more comprehensive and richer view of behavior. 

• Compliance reporting: The platform’s catalog and data governance capabilities provide customers with flexibility in discovering and cataloging data, including identifying where and when data may impact regulatory frameworks. However, this is not a compliance-centric view, highlighting potential gaps in data security configuration and management and the way these gaps would impact regulatory compliance. Extending capabilities here to show regulatory compliance status within dashboards and reports would be helpful to customers focused on compliance. 

• Encryption and rights management: The solution does provide comprehensive native encryption types. This has been driven by its traditional data security integrations and platform capabilities. However, as it extends coverage with support for a broader array of platforms, customers would find capabilities in areas such as rights management useful. Developing the ability to orchestrate third-party rights management platforms would be a good starting place for the vendor. 

Purchase Considerations
Informatica does not publish its license structure or pricing; however, pricing is consumption-based, with a flexible subscription plan based on Informatica Purchasing Units (IPUs). Usage is tracked automatically within the product. A dashboard is available within the platform, allowing customers to view their own IPU usage in real time. 

This solution targets large enterprises, especially those in highly regulated markets. The extensive platform provides robust data security and may replace existing investments. Due to its comprehensive nature, deployment might be complex, so customers should consider this when making their purchase decision.

Use Cases
Informatica serves multiple use cases. This solution is tailored to meet the needs of customers with large, complex data environments, especially those managing structured data in highly regulated industries such as healthcare, finance, and government. It also supports those working on cloud migrations, providing trusted data for use in a wide range of cloud-based tools, including reporting, analytics, data science, machine learning, and AI. Its automation and self-service features can assist those aiming to automate data lifecycle management.

Lepide: Lepide Data Security Platform

Solution Overview
Lepide helps organizations simplify directory and data security by providing real-time visibility, threat detection, and compliance automation across Active Directory, file servers, and cloud platforms.

The Lepide Data Security Platform (LDSP) has five core elements: Identify, Trust, Detect, Auditor, and Protect. It's modular, allowing customers to deploy components either individually or all together. LDSP is available both as SaaS and as a self-hosted solution, though the SaaS version lacks feature parity with the more established self-hosted option. LDSP integrates with Active Directory and file servers using lightweight agents and uses APIs for cloud platform integration. It focuses only on unstructured data and does not protect data stored on endpoints. Once integrated, it uses AI to establish a baseline behavior and detect risks such as ransomware, privilege abuse, and insider threats. Managed from a single console, it offers real-time alerts, dashboards, customizable reports, permissions analysis, and automated remediation.

To reduce operational burden, Lepide has invested in AI. For example, Lepide Protect uses AI to analyze access patterns, identify anomalies, and understand user roles within the organizational hierarchy, enabling a context-aware approach to data security hardening without relying on the creation of manual policies.

To deliver basic DSP capabilities, customers deploy the LDSP core platform with at least one licensed data source, such as Active Directory or a file server. Additional modules can be added as needed.

Lepide is positioned as a Challenger and Fast Mover in the Maturity/Platform Play quadrant of the DSP Radar chart.

Strengths
Lepide scored well on a number of decision criteria, including:

• Service integrations: Lepide offers a wide range of integrations and enables customers to develop custom integrations using APIs. These include connections to on-prem unstructured data sources, such as files stored on servers and data in SharePoint, as well as cloud-based SaaS applications like Microsoft 365, Dropbox, and, soon, Salesforce.

• Compliance reporting: Lepide offers compliance dashboards and prebuilt reports for GDPR, HIPAA, SOX, PCI-DSS, CCPA, and NIST CSF. Its reports align security posture directly with regulatory frameworks, highlighting places where controls are effective or at risk.

• Access security: Lepide integrates IDP into its access security evaluations. It can establish baseline access activity across AD, file servers, and Microsoft 365 and can detect unusual logins, privilege escalation, and abnormal file activity. When suspicious activity is identified, it can enforce controls such as disabling the user, revoking access, or terminating the process. 

Opportunities
Lepide has room for improvement in a few decision criteria, including:

• Encryption and rights management: Lepide offers some encryption capabilities via a small number of integrations with encryption vendors but requires customers to acquire these solutions separately. Adding native capabilities would simplify the process for customers and remove the need for external tools. 

• AI analysis and investigation: The vendor is preparing to introduce several new features, including AI-generated incident summaries, risk prioritization, natural language investigation, and automated recommendations to improve remediation. However, these are not yet available in the product. While this is a great opportunity to significantly enhance the platform's management experience, it is crucial that Lepide deliver this successfully.  

• Behavior analytics: Lepide offers UEBA, but it is based on user activities and lacks additional context. Adding more context to this behavior analysis, such as evaluating the sensitivity of information being handled, would enhance the usefulness of the product, giving customers a much richer view of behavior and improving their ability to identify potential behavioral risks. 

Purchase Considerations
Lepide’s license for LDSP is per enabled Active Directory user (not per device or target host) and offers tiered pricing based on customer size (SMB through enterprise). Licenses are available as subscriptions with 1-, 2-, or 3-year commitments, and discounts are offered for multiyear contracts. Lepide also retains perpetual licensing options for specific cases. Pricing can be obtained through direct sales and partner channels.

Deployment complexity varies depending on whether a customer chooses the SaaS or self-hosting option. The use of agents and APIs should not be complicated for most IT teams. Lepide’s support team provides assistance with initial setup and configuration at no additional cost.

Use Cases
Suitable for SMBs and above, Lepide helps customers address several use cases. For those focused on data access governance, security, and compliance, the platform streamlines visibility into data permissions, simplifies permission reviews, and automates remediation, enabling enforcement of least privilege. It also assists customers needing compliance reporting against standards like GDPR, HIPAA, SOX, and CCPA, providing prebuilt reports and dashboards to reduce manual effort and ensure audit readiness. 

Netwrix: Netwrix 1Secure

Solution Overview
Netwrix is a provider of security solutions that help customers meet data discovery, classification, protection, and compliance needs.

Netwrix 1Secure addresses the dual risks of identity and data security. Its approach is centered on the importance of posture management as the foundation of strong data security. This is implemented through its Netwrix DSPM capability, which can be deployed as a self-hosted solution or SaaS. The platform uses an agentless integration model and offers over 40 prebuilt data collectors to help customers connect with existing infrastructure. 

Netwrix DSPM allows users to identify critical data, understand access patterns, and detect and block unauthorized access. It helps enhance data security posture by removing redundant, obsolete, and trivial (ROT) data; securing identities with appropriate access; and protecting the infrastructure that stores the data. Netwrix DSPM includes several ready-to-use action modules and templates that easily safeguard sensitive data and address risky conditions. Its broad coverage enables organizations to monitor user activity across cloud and on-prem data stores, supporting both structured and unstructured data repositories.

Netwrix continues to enhance its platform by adding features such as sensitive data posture dashboards, enabling customers to quickly identify and reduce risks, including AI-guided remediation. It also maintains a strong roadmap for future capabilities that will expand AI usage and improve automation. 

Customers should expect to see continued change, particularly to its SaaS platform, as it continues to address the remaining feature gaps between it and the self-hosted solutions. 

Netwrix is positioned as a Challenger and Outperformer in the Maturity/Platform Play quadrant of the DSP Radar chart.

Strengths
Netwrix scored well on a number of decision criteria, including:

• Service integrations: Netwrix offers more than 40 data collection modules for both cloud and on-prem environments, including file shares, Microsoft 365, Azure, and AWS databases, and SQL and Oracle databases. 

• Compliance reporting: Netwrix offers a wide range of ready-made reports that cover many frameworks. These reports deliver thorough analysis and information, and users can customize them for more tailored insights. Its capabilities are further enhanced with the addition of posture reporting through the DSPM module, which provides extensive premade compliance reports aligned with major regulatory and industry frameworks such as GDPR, HIPAA, SOX, PCI DSS, NIST, and ISO.

• Behavior analytics: Netwrix enhanced its behavioral analytics with the addition of AI analysis and guidance, helping customers to more quickly and accurately identify risks and apply remediation. Its analytics provides actionable recommendations tailored to the organization’s environment when risky conditions are detected. 

Netwrix was classified as an Outperformer because of its great progress in platform development since our last report. This is followed with a strong roadmap for the upcoming 12 months, which we expect to see it execute as well as it has its previous plans.

Opportunities
Netwrix has room for improvement in a few decision criteria, including:

• AI analysis and investigation: Currently, Netwrix offers some useful basic features, such as using AI to make findings more actionable by providing risk remediation guidance for analyst and operations teams. There is plenty of room for the vendor to improve upon this with more automated prioritization, policy automation, and automated response actions. Netwrix recognizes this and has such plans in its roadmap. Delivering successfully on this will provide significant value to its customers.

• Encryption and rights management: Netwrix supports encryption and rights management by integrating with existing investments and third-party solutions. It could simplify customer operations by leveraging native encryption and rights management features, reducing the need for customers to rely on additional tools for data security capabilities.

• Advanced data security: This feature can be delivered only through integration with external tools. Offering advanced security and privacy options, such as anonymization, masking, and redaction, adds value for customers. Making native capabilities available would simplify the experience and reduce dependence on additional tools. 

Purchase Considerations
Netwrix adopts a modular approach, offering a variety of product solution suites, based on the customer's level of maturity. Solutions are primarily licensed by application suite package, through a subscription model. Solution suites are licensed based on the number of governed identities, ensuring organizations can grow their deployments without incurring additional costs.

Deployment complexity varies depending on whether solutions are self-hosted or SaaS-based. The platform can scale from SMBs to enterprise. Support and education are included with the solution purchase, and customers have access to extensive documentation, training, and support services to assist with adoption.

Use Cases
Netwrix addresses several use cases for its customers. For those needing data access governance, the solution offers insights into who can effectively access specific data by analyzing direct permissions, nested groups, inheritance, and shared links. It also assists with sensitive data discovery by locating regulated or business-critical information across on-prem and cloud repositories, correlating it with access context to determine whether the data is truly at risk. Additionally, it helps organizations strengthen AD and Entra ID security, ensuring that the accounts granted access to data are properly governed and secured. 

Privacera

Solution Overview
Privacera is a unified data security and access governance platform built by the creators of Apache Ranger and Atlas. It is designed to enable companies to enforce the secure use of data and ensure compliance with stringent regulations.

The Privacera solution is designed to manage the entire data security lifecycle from a single console. The platform combines four core capabilities: sensitive data discovery, comprehensive data access management, data encryption and masking, and real-time observability and reporting, all unified under a single console. It is built on Apache Ranger and Apache Atlas, which enables seamless and native integration with various applications to enforce fine-grained access and data security controls at the row and column levels in supported applications. This approach allows enterprises to centralize policy management for over 50 data sources, automating the discovery, classification, and enforcement of sensitive data through tag-based and attribute-based access control (TBAC and ABAC). The platform can be deployed as SaaS or self-hosted in cloud or data center environments. Privacera has expanded its governance to AI workloads with Trust3 AI, which secures training data and manages LLM responses. The challenges of complex policy development are significantly eased thanks to its policy studio, which enables operations teams to define policy requirements in natural language that are then transformed into technical policies and enforced within supported applications.

The solution is a single platform with individual connectors to extend platform coverage across data, AI, and SaaS.

The vendor's product development approach is based on continuous improvement, demonstrated in areas such as AI governance. Customers can expect to see ongoing updates and new features added to the platform. 

Privacera is positioned as a Challenger and Fast Mover in the Innovation/Feature Play quadrant of the DSP Radar chart.

Strengths
Privacera scored well on a number of decision criteria, including:

• Advanced data security: Privacera delivers strong native capabilities. It offers fine-grained data masking and anonymization at the field/column/row level to provide customers with very granular advanced security and privacy controls. 

• Access security: Privacera supports the ability to build a single policy that it then transforms and enforces across all the platforms it protects. Customers can author policies once and synchronize them across different systems, pushing native platform controls to enforce access restrictions. This allows customers to provide granular and consistent access security across all protected data sets. 

• Service integrations: Privacera specializes in protecting cloud-native data workloads. It provides broad support with over 50 supported data sources across Azure, AWS, and Google Cloud. It provides customers with an open API to build additional custom integrations as needed. 

Opportunities
Privacera has room for improvement in a few decision criteria, including:

• Compliance reporting: Privacera does provide some box reports and dashboards to support its customers' compliance requirements. The company could expand this by supporting more frameworks to ensure Privacera becomes a tool that is as valuable to compliance teams as it is to data security teams.

• AI analysis and investigation: Privacera currently uses AI to better understand risks and identify threats. It also offers specific AI security analysis through its Trust3 AI module evaluation and observability framework, which visualizes model interactions, detects PII leakage, and flags prompt injection or off-topic responses for analyst review. However, Privacera is not currently providing analysts with AI-powered tools within the console to assist them with their investigations. 

• Encryption and rights management: While it offers native data encryption technology, Privacera lacks native rights management. Implementing this capability in its solution would deliver value to customers, especially those seeking to protect datasets as they are shared and moved outside their control. 

Purchase Considerations
Privacera's licensing is subscription-based, with contracts available for 12, 24, or 36 months. It offers public pricing on AWS Marketplace for its starter pack, although other pricing options are not publicly available on its website. Licensing is based on a platform license plus the number of connectors needed to protect an organization's data sources.

Privacera offers optional professional services for those who need support with advanced configurations. While Privacera does not require the use of its professional services, customers might need to engage with them, especially during the initial deployment phase. The platform's implementation can be complex when integrating with intricate data ecosystems, particularly for teams who are unfamiliar with open source frameworks like Apache Ranger. However, the SaaS option, PrivaceraCloud, and its SaaS connectors significantly reduce deployment complexity and minimize the need for professional services. 

While technically this is a solution that can be deployed in an SMB, it is likely best suited for those with more complex data estates and some operational maturity in data security. 

Use Cases
Privacera addresses multiple use cases. The solution enables large enterprises to migrate hybrid data to the cloud using open standards that build upon existing security policies. It maintains consistent data security and governance by enabling central teams to establish a single global policy that applies across all data. It also supports the adoption of GenAI and machine learning by safeguarding training data, managing access to models, and governing data in vector databases for retrieval augmented generation (RAG) systems. This includes model output filtering, context validation, and RAG governance across vector databases. 

Proofpoint: Proofpoint Data Security

Solution Overview
Proofpoint delivers a modern human-centric cybersecurity platform focused on protecting organizations’ people and data. Its solutions cover threat protection, data security and governance, security awareness, and data and SaaS security posture. Key components of its data security portfolio have been enhanced by the recent acquisitions of Tessian (email security) and Normalyze (data security).

Proofpoint’s data security platform includes DSPM, DLP, insider threat management, and security for the AI agentic workspace, built on a cloud-native, modular architecture supporting rapid deployment and scalability. Available as SaaS or self-hosted, it offers unified management through a single console, featuring data detectors, policy templates, workflows, and reporting. Threat detection relies on analytics, behavioral AI, and threat intelligence. The Human Risk Explorer assesses user risk by integrating data from multiple products, utilizing proprietary models that consider threat exposure, behaviors, and training, and provides mitigation recommendations. The relationship graph maps user-data interactions, and lineage capabilities track data flows for quick investigation and policy enforcement. This allows the accurate identification of risk and the ability to apply appropriate remediation actions, such as blocking access, stopping sharing, and enforcing DLP controls.

The solution is modular, but customers can gain initial data security capabilities through a single DLP or DSPM module.

The vendor remains acquisitive. Customers should be aware that this can lead to new capabilities or changes introduced during the procurement lifecycle. Some changes may necessitate additional training or adjustments to existing workflows. 

Proofpoint is positioned as a Leader and Outperformer in the Innovation/Platform Play quadrant of the DSP Radar chart.

Strengths
Proofpoint scored well on a number of decision criteria, including:

• Compliance reporting: Proofpoint offers compliance reporting and dashboards that map data security posture against key regulatory frameworks, such as GDPR, HIPAA, NIST, and SOC-2. The platform provides comprehensive compliance insights, enabling users to see how their data security posture aligns with specific frameworks. It not only identifies sensitive data but also shows compliance gaps, helping users take corrective actions to meet regulatory standards.

• Access security: Proofpoint provides comprehensive access governance and monitoring tools that map access to sensitive data, offering detailed insights through dashboards and reports. Its continuous access permissions auditing enables operations teams to react to alerts in real time. Users can visualize data security posture and the way it impacts compliance with various regulatory frameworks in real time.

• Behavior analytics: Proofpoint offers behavioral analytics capabilities to address insider risk and detect anomalous user activity that may indicate advanced threats or data exfiltration attempts. The solution provides a real-time, human-centric timeline view of user activity, allowing security teams to understand what a user was doing before, during, and after an incident. This contextual visibility enables analysts to assess user intentions and motivations, which is crucial for determining the most effective response to potential threats.

Proofpoint was rated as an Outperformer because of its significant progress since our last report and the acquisition of Normalyze to further strengthen its data security platform. With a clear roadmap and strong performance in emerging AI fields, Proofpoint is expected to continue evolving rapidly. 

Opportunities
Proofpoint has room for improvement in a few decision criteria, including:

• Encryption and rights management: Proofpoint offers native encryption with Proofpoint Email DLP. It also integrates with third parties such as MIP, Google, and Snowflake to help customers label their data and enable encryption and rights management in these environments. However, providing native capabilities here would help reduce complexity. The need for such capabilities continues to grow as customers seek ways to secure data from AI learning models and AI agents. Doing so would further improve the value of the Proofpoint approach.

• Advanced data security: Proofpoint provides some capabilities around data masking. This is mainly in SaaS apps and supported by its browser extension. It can also offer some ability to orchestrate controls in applications that support advanced data security capabilities such as Snowflake. Expanding support for additional applications and considering alternative real-time encryption methods that go beyond its browser extension would be useful for customers. 

• AI analysis and investigation: Proofpoint uses AI to analyze large datasets in real time, spotting patterns and anomalies that could indicate a security breach. This helps operations teams get clear summaries of risks and practical advice on how to manage them. While this offers a solid level of AI enhancement to operations, Proofpoint can further improve efficiency by offering features like AI-driven guidance and automated policy creation. 

Purchase Considerations
Proofpoint licensing is typically subscription-based, per user and/or data volume-based, with a typical minimum commitment of one year. Pricing is not listed on the website and must be obtained directly from Proofpoint or through partners. Pricing depends on the modules deployed.

Deployment complexity depends on the model chosen (SaaS or self-hosted), the modules selected, and the required integrations. However, since it is a platform driven by API connectors and a user-mode endpoint agent, it should not be burdensome. Proofpoint offers professional services to help customers, based on factors like solution complexity, internal expertise, integration needs, or specific business requirements. For customers needing additional resources, it also provides managed services for its solution and for those using Microsoft Purview or legacy DLP tools. 

While technically suitable for SMBs, this is a solution suite better suited for larger organizations. However, the vendor's recent acquisition of Hornet Security is likely to introduce increased offerings in the SMB space. 

Use Cases
Proofpoint helps enterprises reduce data loss and insider threats by protecting sensitive information and ensuring compliance. It provides visibility into data storage and sharing, enabling organizations to identify and address risks proactively. Proofpoint also supports responsible AI use by monitoring data in AI workflows, promoting secure innovation with governance and trust. 

Satori (Commvault): Satori Data Security Platform 

Solution Overview
Satori, acquired by Commvault in August 2025, provides a data and AI security platform that unifies real-time data protection and security. That acquisition expands its reach into Commvault's user base.

The Satori Data Security Platform is an agentless solution designed to provide comprehensive protection for sensitive data across various environments. It can be deployed as SaaS or self-hosted on-prem or in the cloud; it also supports native Kubernetes deployment. The vendor also offers a fully managed version of its data access controller, delivered from its data center, managed and maintained by the vendor.

The platform covers multiple data security aspects, including data discovery and classification, posture management, activity monitoring, and granular access control. It safeguards data across a variety of repositories, from production databases to analytics platforms, data science environments, and AI workloads. Supported technologies include Snowflake, Databricks, Amazon S3, Redshift, Athena, SQL Server, PostgreSQL, and MongoDB.

Threats and risks are identified by assessing data store configurations and permissions, with additional context from monitoring data usage to enforce least privilege access through just-in-time and fine-grained controls. All features are managed through a single console for creation, reporting, alerting, and investigation, with full REST API and Terraform support for automation.

The vendor continues to add new features, including improved compliance reporting and enhanced behavioral analytics for more precise risk detection. It also integrates Microsoft Copilot capabilities to provide AI-driven analysis for investigations and AI assistant features to simplify operational tasks.

The vendor's recent acquisition by Commvault will strengthen unified data protection and security capabilities, particularly for unstructured and backup data. This may lead to accelerated change as Commvault works to integrate Satori into its broader portfolio.

Satori is positioned as a Challenger and Fast Mover in the Innovation/Platform Play quadrant of the DSP Radar chart.

Strengths
Satori scored well on a number of decision criteria, including:

• Advanced data security: Satori’s broad range of advanced capabilities includes data masking, redaction, hashing, and other transformations that can be applied to structured and semistructured data types. In Snowflake and Databricks, this is done by leveraging native capabilities, and in other platforms (including those that don’t have such native capabilities), it’s done using the Satori Data Access Controller.

• Access security: Satori takes a flexible and granular approach to access security. Access is defined for datasets and managed centrally or by the different teams or data products. Access security covers structured, semistructured, and unstructured data (S3 buckets only). Controls are granular, including masking, temporary access, ABAC, and row-level security. Satori can act on security access violations, depending on the use case and the exact capability required. It also enables just-in-time data access, allowing users to access data only when needed.

• Service integrations: Satori offers extensive coverage of supported data types and has recently improved its capabilities with the addition of a sidescanning option for databases. This feature enables risk assessment using database copies instead of production data, reducing the need to interfere with production workflows.

Opportunities
Satori has room for improvement in a few decision criteria, including:

• Encryption and rights management: Satori offers native policy-based encryption and transformation at the access layer, ensuring sensitive values can be masked, redacted, or hashed before reaching the user. These features can be integrated with repository-native tools (such as the data-sharing mechanisms of Snowflake or Databricks) to enable end-to-end secure data sharing. Adding support for more repositories and expanding native features to develop it into a robust platform capability would provide additional value for customers.

• Behavior analytics: Satori has effectively enhanced this capability with the addition of its data activity monitoring (DAM) audit rules, which can be used to detect and alert on unusual or suspicious activity. This builds on its previous log sharing feature. Satori could add more user-based telemetry to provide a more complete view of behavior and potential risks. 

• Compliance reporting: Although the vendor doesn’t provide comprehensive coverage at present, it has created several dashboards and reports that help users adopt a compliance-focused view of data security. Continuing to develop this area and expanding coverage with additional framework support and more detailed dashboards will assist customers with a compliance-centric focus.

Purchase Considerations
Satori uses a subscription-based licensing model, primarily based on the number of active data consumers. Additional factors, such as data store integrations and deployment options, can be added as required. Customers are encouraged to procure through AWS or Azure marketplaces for simplicity and flexibility.

Deployment is generally straightforward with minimal or no professional services needed. Satori is an agentless, Kubernetes-based solution; there are no agents to install on endpoints or repositories. Customers who choose self-hosting will require the necessary skills to deploy, whereas SaaS and managed controller customers can quickly start using the service. Typically, administrators and operations teams complete one to three onboarding sessions to become fully proficient. Additional documentation, videos, and ongoing support are available at no extra cost.

Satori supports customers both large and small.

Use Cases
Satori addresses a number of use cases, including helping customers implement just-in-time access for sensitive customer and production data, ensuring least privilege security and regulatory compliance while supporting agile development. Satori has a strong presence in the healthcare sector, with its ability to classify and protect large volumes of PHI in the cloud, streamlining adherence to HIPAA and safeguarding patient information. 

SecuPi

Solution Overview
SecuPi is a data security company that enables organizations to use data securely, compliantly, and responsibly. 

SecuPi encompasses three main functions: data discovery and mapping, monitoring and auditing, and controlling and safeguarding data to meet regulations. It offers a single platform with modules that can be purchased separately or in combination. Its deployment architecture relies on policy enforcement points (PEPs), which are installed as transparent agents, gateways, native integrations, SDKs, or APIs. Management occurs via the SecuPi central platform, with deployment options on-prem, in the cloud, or hybrid.

SecuPi's data security platform provides data protection for cloud and on-prem environments. It features sensitive data discovery, classification, real-time activity monitoring, fine-grained access control, and can enforce data de-identification methods like masking, filtering, and client-side encryption for any protected workload. Its privileged access brokering (PAB) enables identity access brokering, providing multifactor authentication and credential vaulting to enforce least privilege and just-in-time access on any protected application.

SecuPi offers real-time visibility into data access, detecting suspicious activity and compliance risks. It enforces dynamic, fine-grained policies to ensure proper access, controlling both human and nonhuman (including AI agents) access with context-aware activity-specific permissions. 

The addition of a comprehensive Model Context Protocol (MCP) server allows AI integration, supporting data queries and policy management, enabling AI agents to query data and policies and define and implement new policies. The deployment ensures AI agents are restricted so sensitive data is not compromised 

SecuPi is positioned as a Leader and Fast Mover in the Maturity/Platform Play quadrant of the DSP Radar chart.

Strengths
SecuPi scored well on a number of decision criteria, including:

• Advanced data security: SecuPi provides extensive anonymization features across all covered repositories for both structured and semistructured data. It offers a variety of advanced options, including physical masking, logical deletion, replacement, and removal. Its policies and controls enable detailed enforcement to address diverse needs.

• Access security: SecuPi constantly monitors and compares user behavior to identify risks and anomalies, creating an ongoing baseline for each user. It detects unusual activities and combines peer comparison with self-comparison. When it detects suspicious activities, it triggers an alert or prevents further action or access.

• Behavior analytics: SecuPi has significantly enhanced its data security capabilities with increased identity-based context. The solution continuously audits user access to sensitive information and uses this data to establish a baseline. It can then detect abnormal or unauthorized data access, leveraging multiple weighted metrics to provide accurate insights into potential high-risk actions. The solution also integrates data from external sources to enrich its analysis. All analytical data can be shared with other enterprise SIEM or SOC platforms to ensure SecuPi is seamlessly integrated into overall security efforts.

Opportunities
SecuPi has room for improvement in a few decision criteria, including:

• AI analysis and investigation: SecuPi currently lacks native AI analysis capabilities to assist operations teams. However, it has introduced an MCP server that provides third-party AI agent access to its datasets, enabling operations teams to use natural language prompts to identify high-risk events and conduct incident analysis. While the use of MCP opens up AI interrogation of data, it still requires external tools. Adding native AI investigation tools to offer seamless analysis capabilities without relying on external tools would reduce complexity for users. 

• Service integrations: SecuPi’s specific focus on structured and semistructured data types means the platform can’t protect some common enterprise platforms. While the solution offers a comprehensive range of data protection capabilities, customers should be aware it doesn’t support many unstructured data stores. Adding these would help extend the appeal and coverage of the SecuPi solution. 

• Encryption and rights management: SecuPi does provide native encryption, including format preserving, type safe, AEAD, and AES encryption of data sets. It lacks the ability to offer native rights management capabilities or integration with such tools. Adding this would help deliver a comprehensive solution to its customers, especially as demands for encryption and rights management grow and organizations find it an effective way to build controls around AI model access. 

Purchase Considerations
The vendor doesn’t publish its pricing and licensing information on its website. The solution is modular, with pricing based on an annual subscription that varies depending on factors such as the modules adopted, the type of enforcement needed, whether encryption features are required, and the number of applications that need protection. 

Its deployment model consists of a central management platform, self-hosted on-prem or in the customer's cloud. Deployment does not require any code changes, development, or changes to business processes. This should simplify adoption and reduce deployment risks. The solution is suitable for a range of businesses, from SMBs to large enterprises. 

Use Cases
SecuPi addresses several use cases. It offers a flexible approach to providing granular and advanced data security to a wide range of businesses. It’s particularly suitable for fine-grained access control; data security; and data-loss prevention and data de-identification projects that require encryption, tokenization, or other advanced capabilities. The solution can also support securing of IoT and OT data sources, as its enforcers can be transparently deployed on edge components, ensuring data captured or created at the edge is transmitted to the corporate network in a secure and protected manner. The MCP server will be helpful for companies working to allow agentic AI access to and management of data and data control policies. 

Sentra: Data Security Platform

Solution Overview
Sentra’s Data Security Platform, available as SaaS or self-hosted in a customer's cloud, allows organizations to protect data across cloud and on-prem repositories.  It combines data discovery, classification, DSPM, data access governance (DAG), and data detection and response (DDR), offering integrations across cloud, SaaS, and on-prem environments for both structured and unstructured data. It uses discovery and DSPM to address data risk and provides real-time monitoring with DAG and DDR, enabling better data access management, threat detection, and risk mitigation.

The platform features several data security capabilities, including accurately tagging data sensitivity, which allows other applications to enforce more confident automated remediation. It can also revoke data access via API integration IDP, DLP, and CNAPP tools. It can enforce data encryption and masking through API integrations with Microsoft MIP and invoke Snowflake Dynamic Data Masking.

The solution also provides a detailed compliance dashboard to help organizations align with leading data security and privacy frameworks. It is making large investments in AI governance, with a soon-to-be-released DSPM for AI tool (its release was not in time for this report), which will help customers in the growing risk areas of AI adoption. 

Sentra is positioned as a Challenger and Fast Mover in the Maturity/Platform Play quadrant of the DSP Radar chart.

Strengths
Sentra  scored well on a number of decision criteria, including:

• Service integrations: Sentra’s broad repository coverage includes on-prem file shares and NAS, all major CSPs (AWS, GCP, Azure), the Snowflake and Databricks data warehouses, and SaaS apps (Microsoft 365, Sharepoint Online, and OneDrive). The solution supports unstructured, semistructured, and structured data types.

• Access security: Sentra data access governance monitors and enforces access permissions for users, third parties, and applications. It ensures correct controls are applied to data, continually monitoring access for anomalies and alerting to suspicious activity. It can implement mitigation measures to reduce risks from excessive permissions, unauthorized access, or improper provisioning.

• Compliance reporting: The solution offers a compliance report dashboard that visualizes organizational performance against framework controls. It supports over a dozen frameworks for policy enforcement and reporting and automates identifying violations and maintaining compliance through prebuilt policies that update with regulatory changes.

Opportunities
Sentra has room for improvement in a few decision criteria, including:

• Encryption and rights management: Sentra lacks native capability in this area, though it can support these requirements via integration. It offers a good range of integrations, allowing it to enforce controls via tools such as Okta, Microsoft DLP, and Check Point CloudGuard CNAPP, and can invoke Snowflake Dynamic Data Masking (DDM) to de-identify sensitive data requests from data warehouses. Delivering native features in this area would help reduce complexity for customers and the need to rely on additional data security tools. 

• Advanced data security: Sentra doesn't have this feature but can support anonymization via integrations. It can anonymize small samples of sensitive data, like masking SSNs, to help security analysts share findings securely. Extending this would give customers additional options for sharing data while maintaining the security and privacy of their information.

• AI analysis and investigation: Currently, the use of AI is in the background of the platform and is not surfaced within the operation consoles. Increasingly, customers will look to AI-driven assistance, which helps operational efficiency by summarizing incidents, helping to prioritize actions, and automating repetitive processes. Adding these capabilities to the platform would help drive Sentra’s value proposition to customers. 

Purchase Considerations
Sentra doesn’t publish its licensing information. However, its licensing model is based on the volume of data to be scanned. The company offers an “all-inclusive” subscription model, meaning customers don’t have to consider additional modules, which simplifies licensing for them.

Sentra’s onboarding process includes a short installation by DevOps engineers, after which scanning starts generating results immediately. Onboarding includes the training of all relevant employees in the use of the application. Training covers the different components of the UI and configuring certain settings, such as those for scanning, custom data classes, and custom policies.

The solution is targeted at SMBs and above. Customers should be aware that the vendor is primarily focused on the North American market, but it has plans to extend into other regions. 

Use Cases
Sentra addresses a variety of use cases by implementing robust data access governance and preventing data loss. Automated governance ensures minimal privilege access for all users, third parties, and applications, reducing risks from excessive permissions, unauthorized access, and mismanaged identities. Integrated with endpoint DLP solutions, Sentra provides real-time monitoring of sensitive data activities, detects and blocks suspicious access from external networks, and assigns contextual classification labels. This proactive approach safeguards critical information across cloud and on-prem environments, supporting compliance and operational resilience without disrupting user experience.

Thales: CipherTrust Data Security Platform

Solution Overview
Thales helps enterprise organizations address data security challenges and protect their most sensitive data and all paths to it with products and platforms that help reduce risk. It offers a comprehensive portfolio of solutions to address data security challenges.

The CipherTrust Data Security Platform (CDSP) is Thales’s primary data security tool. It centralizes the discovery, classification, activity monitoring, access control, and protection of sensitive data across on-prem, cloud, and SaaS environments. It can be deployed self-hosted, cloud, or SaaS, integrating with databases, file systems, and cloud storage to enforce security policies without disrupting operations.

CDSP automates the discovery, classification, and risk analysis of sensitive data and vulnerabilities. Continuous monitoring detects unusual access and breaches. Transparent encryption, tokenization, and access controls reduce threats and prevent unauthorized use. A single dashboard provides visibility, simplifies compliance, and supports investigations with detailed logs for faster incident response. Thales has also added data risk intelligence to help companies meet encryption goals and file activity monitoring, offering real-time visibility into data access.

Thales also offers its Data Security Fabric (DSF), which can be used in conjunction with CipherTrust encryption and data protection capabilities. This enables unified visibility and control, including comprehensive monitoring, threat analytics, and risk detection, and compliance reporting. Together, these solutions secure data across cloud services (SaaS, IaaS, PaaS, and data lakes), along with on-prem stores like network file shares.

Customers can expect further development to integrate these solutions into a single platform, which may necessitate adjustments to workflow and platform management. 

Thales is positioned as a Leader and Fast Mover in the Innovation/Platform Play quadrant of the DSP Radar chart.

Strengths
Thales scored well on a number of decision criteria, including:

• Compliance reporting: CDSP offers a wide range of out-of-the-box reports for regulations like SOX, PCI, NYDFS, HIPAA, GDPR, and CPRA, helping organizations respond to auditors and demonstrate compliance quickly. It also includes over 1,500 predefined vulnerability tests based on CIS and DISA STIG benchmarks, along with research from Thales database experts. This helps administrators avoid vulnerabilities such as missed data repositories, misconfigurations, and undetected sensitive data, which could affect framework readiness.

• Access security: DSF Data Activity Monitoring helps organizations demonstrate compliance by tracking and auditing data access and usage within the cloud environment. The solution provides centralized management and reporting through a single data service or dashboard for overseeing and monitoring data security controls. DSF enables users to configure and manage security policies, view alerts and incidents, and monitor the status of data protection measures. It also analyzes metadata to identify file owner, data type, data category, and other details, consolidating findings for quick assessment of current access profiles.

• Service integrations: Thales provides extensive support for all data types, including structured, semistructured, and unstructured data. Its data security solutions are built to safeguard data in cloud-native settings, including IaaS, PaaS, and SaaS, ensuring consistent data security and compliance whether data is stored on-prem or in the cloud. 

Opportunities
Thales has room for improvement in a few decision criteria, including:

• Behavior analytics: Thales has continued to improve capabilities here, adding both activity monitoring and data risk intelligence to its behavior analytics offering. Thales's data protection platform uses AI and machine learning to analyze user, process, and file activity. It establishes normal behavior baselines to detect and alert on anomalies. Thales can further build on these improvements by gathering broader user behavior information such as logon details, device states, locations, and information from external sources to create a comprehensive view of user behavior and associated risks. 

• AI analysis and investigation: CipherTrustData Risk Intelligence (DRI) consolidates posture and behavioral risk indicators from its combined platforms to provide a single view of threats. It generates precise, customized risk scores and actionable remediation recommendations. This could be extended to exploit the use of AI within the operations console to provide more specific guidance, summarize threat information, and assist operations teams in areas such as policy development and threat mitigation workflows. 

• Advanced data security: Thales provides a broad range of capabilities in this area for its customers, including static and dynamic data masking and batch data transformation. It also offers tokenization management with convenient configuration workflows that occur in a graphical user interface. The vendor could develop this even further, in areas such as synthetic data creation, to not only increase data security options but also provide additional flexibility for customers looking to share data with teams or partners while maintaining security and privacy. 

Purchase Considerations
Thales provides some public pricing, including for its CDSP products in its Data Protection on Demand marketplace. CDSP pricing depends on the cost of the appliance or service, as well as the connectors used to address a specific use case. CDSP pricing may also be based on the volume tier, with larger discounts for per-unit prices applied based on purchase volume. 

With any portfolio solution, deployment can be complex depending on the modules purchased and integrations required. Thales offers professional services and a training subscription to help customers adopt the solution.

Thales’s solutions cater to customers large and small and across multiple sectors, though it may prove too complex for smaller businesses.

Use Cases
With such a broad portfolio of solutions, Thales can help customers address a wide range of use cases. CDSP serves organizations that use hundreds of data stores and cloud repositories and are looking to reduce data breaches, data risks, and compliance incidents. It also helps to address gaps in both traditional data security approaches that are left by perimeter security and native data security approaches.

Trellix: Trellix Data Security 

Solution Overview
Trellix provides a broad set of security tools, which includes endpoint detection and response (EDR), network detection and response (NDR), advanced security operations (SecOps), and threat intelligence. It also offers individual products that can help its customers address specific threats, including data security.

The Trellix Data Security platform delivers an integrated, adaptive approach to enterprise data protection, combining discovery, classification, and enforcement capabilities with advanced analytics. It can be deployed flexibly across hybrid environments, supporting on-prem, cloud, and SaaS deployment models. The solution can protect data on-prem, including endpoints and databases, as well as in the cloud. The platform continuously scans structured and unstructured data sources to identify potential threats.

Trellix applies policy-driven controls to prevent data loss, enforce endpoint encryption, and restrict the movement of risky data. Its real-time monitoring and automated response mechanisms enable it to contain incidents as they occur, such as blocking exfiltration attempts. The solution integrates with broader security ecosystems, providing enriched telemetry that feeds into SIEM and SOAR platforms to accelerate investigation and response.

Management is centralized through a unified console, providing administrators with granular visibility, compliance reporting, and orchestration of policies across diverse environments. AI-driven analytics enhances detection accuracy, reduces false positives, and surfaces hidden risks. Its Trellix Wise AI agent also assists in reducing operational overhead by providing capabilities like guided remediation.

Customers can take advantage of further capabilities through investment in Trellix’s  Security Platform, which extends both security coverage and remediation features.

Trellix offers a modular platform that allows customers to consume specific modules as needed to deliver tailored data security tools. 

Trellix is positioned as a Challenger and Fast Mover in the Maturity/Feature Play quadrant of the DSP Radar chart.

Strengths
Trellix scored well on a number of decision criteria, including:

• Service integrations: Trellix provides good coverage across a range of data sets, including endpoint, file servers, and native cloud storage accessed through the endpoint. Trellix can extend data security protection to the cloud through SaaS-based integrations with Trellix Email Security Cloud and Trellix IVX Enterprise Cloud, as well as an integration between the on-prem DLP Endpoint and sister company Skyhigh Security’s SSE solution. It also offers APIs for customers who wish to build custom integrations. 

• Encryption and rights management: The solution supports the encryption of data with its local endpoint agent, encrypting data placed on drives, for example. It can also integrate with MIP, Boldon James, and Titus to apply additional rights management controls. 

• AI analysis and investigation: Trellix’s AI tools provide valuable support to operations teams. Trellix Wise can analyze events and triage them, create cases, and assign a severity level based on contextual factors like the user's business unit, location, and the frequency of similar events. This helps security teams focus on the most critical alerts, reducing false positives. It can also generate event summaries with nontechnical explanations suitable for end user coaching or investigation steps. 

Opportunities
Trellix has room for improvement in a few decision criteria, including:

• Advanced data security: Trellix provides limited native anonymization within its database security module, which can enforce data masking based on access requests. Developing this feature could offer customers additional capabilities for data sharing while maintaining security and privacy. 

• Compliance reporting: Compliance reporting is limited, and while the solution can identify data types that fall under sensitive data regulation coverage, it lacks more formal, compliance-centric views. Building this would help organizations address compliance issues, allowing Trellix to become a central tool for data security and compliance control. 

• Behavior analytics: Currently, risk behaviors are based on data access and do not consider broader user behavior to provide a more comprehensive insight. For customers of the Trellix Security Platform, this capability is more extensive. Trellix has the opportunity to expand these capabilities into its data security products, providing its customers with more comprehensive behavioral analysis. 

Purchase Considerations
Trellix does not publish its pricing, but it offers flexible options for pricing and licensing. All Trellix Data Security products can be purchased individually or as part of a bundle. Pricing is based on each endpoint (or node), except for Database Security, which is priced per instance. Products are available through subscriptions or perpetual licenses, accompanied by support. 

The vendor also provides the Trellix Thrive program. Thrive Essential, included at no cost with every software subscription, is used to help customers adopt the product and gain value from their investment. However, the company recommends customers consider the Trellix Thrive Advanced or Trellix Thrive Elite programs, which offer premium support, as well as Flex Credits for custom training and access to Trellix cyber experts for professional services engagements.

Trellix solutions are designed for larger enterprises and are unlikely to be suitable for SMBs.

Use Cases
Trellix helps its customers address several use cases. The solution is aimed at larger enterprises to provide a single data security solution that unifies threat defense, compliance, and operations to protect data across endpoints, cloud, and networks. Its integrated DLP and encryption help to maintain privacy and reduce the threat of malicious loss. Its flexible deployment options will also be attractive to those looking for a self-hosted data security platform. 

TrustLogix: Data Security Platform

Solution Overview
TrustLogix is a data security platform designed to address modern risks across cloud, hybrid, and regulated environments, with a focus on security, trust, and privacy for enterprise data.

TrustLogix’s DSP consists of three modules: TrustAccess, which provides fine-grained access controls; TrustDSPM, which offers data access risk assessment and remediation; and TrustAI, which applies data security for AI agents. TrustLogix can be deployed as SaaS or via TrustLet Private Cloud, which is deployed in the customer’s private cloud. It is agentless and works via APIs, integrating with customers' CI/CD processes and enabling automated policy provisioning and authorization decisions. TrustLogix integrates with various data sources, including cloud storage (S3, Azure Blob storage), databases (MySQL, SQL Server, Oracle), data lakes (Snowflake, Databricks, Redshift), and on-prem data. The platform offers comprehensive access controls that combine RBAC and ABAC, and has added relationship-based access control (RelBAC) for cloud data platforms, which dynamically enforce access based on organizational hierarchies, such as cost centers or regional sales structures, allowing policies to automatically adapt to business changes. Threats and potential risks are identified through the TrustDSPM module, which continuously monitors for data risks, including overly granted permissions and unused roles. The platform also detects security gaps when sensitive data flows into downstream analytics tools like Power BI, and it now includes security for vector databases and GenAI data pipelines.  Policies are enforced natively within the underlying data platforms, ensuring controls remain intact even if TrustLogix is removed. Management is via its central console, enhanced with the addition of an AI policy engine that provides an overview and recommendations on key security risks. This year, TrustLogix also announced its AI-based data security enhancements for Snowflake, which automate Snowflake Network Policy creation.

The solution contains three modules: policy-based access controls, security posture management, and AI Data Security and Governance, all of which are supplied under a single solution license.

TrustLogix is positioned as a Leader and Fast Mover in the Maturity/Feature Play quadrant of the DSP Radar chart.

Strengths
TrustLogix scored well on a number of decision criteria, including:

• Advanced data security: TrustLogix can deploy granular data anonymization and obfuscation. It primarily uses the target data store’s own capabilities to deliver this but can also use plug-ins to apply anonymization at query time, ensuring consistent, no‑code, least privilege anonymization across multicloud environments with unified compliance reporting and auditability. 

• Compliance reporting: TrustLogix’s comprehensive compliance capabilities include SOX, SOC 2, and GDPR. Its Data Security Posture Dashboard alerts to any unexpected data sharing, data exfiltration risks, overly privileged roles, shadow IT usage, and other noncompliant data usage, and it evaluates controls defined by Center for Information Security (CIS) benchmarks to help customers with shared responsibility in cloud data security. It includes out-of-the-box monitoring policies and the ability to create custom ones.

• Access security: TrustLogix delivers strong access security by centralizing visibility, enabling detailed access reviews, and integrating with IdPs to enrich policies with user attributes for ABAC and least privilege enforcement. It has also added ReBAC, enabling dynamic, context-aware authorization based on real-world organizational hierarchies such as departments, cost centers, and reporting lines. Its extension of these fine-grained access controls natively into Microsoft Power BI makes it the first data security platform to deliver end-to-end, policy-based governance within Power BI visualizations. Automated insights can trigger policy recommendations or direct enforcement, helping organizations remediate risks quickly. 

Opportunities
TrustLogix has room for improvement in a few decision criteria, including:

• Service integrations: TrustLogix’s integrations are comprehensive for its primary target repositories, which is data stored in databases both in the cloud and on-prem. It has also extended its coverage with support for Microsoft Power BI and security for vector databases and GenAI data pipelines. These extensions will add further appeal to the platform for its customers. However, the solution does not protect unstructured data or SaaS apps. Expanding coverage would enable customers to manage all data security within a single platform. The vendor has recognized this with a beta version Authorization module for custom and SaaS applications. Delivering this into production will help customers have consistent access governance across internal business tools. 

• Encryption and rights management: TrustLogix has limited native capabilities in this area. While it can identify risks, it depends on third-party tools to enforce the necessary security controls. Although this is likely to remain TrustLogix’s strategic position, adding some native capabilities here would be valuable. Customers are increasingly demanding these controls, especially as they look to build secure data pipelines for AI tool usage.

Purchase Considerations
TrustLogix doesn’t publish pricing. However, it uses an annual subscription license model. Licensing is calculated per data source and is not impacted by the number of data users, policy users, or the amount of data stored in the data source.

The solution is agentless and proxyless, reducing deployment risk and complexity. It is unclear from the publicly available information whether the vendor offers professional services to aid with implementation for those who want it.       

This is a solution that can be deployed into SMBs and above. 

Use Cases
The TrustLogix solution is ideal for those with structured data security requirements who are looking to monitor for misconfigurations, shadow access, exfiltration risk, and policy violations to reduce threats to data. It also helps those looking to enhance data security in those platforms via proactive masking and anonymization of data to allow the safe sharing of data in platforms while preserving privacy.

Varonis: Varonis Data Security Platform

Solution Overview
Varonis offers a well-established and comprehensive data security platform. It is a single, modular cloud-native SaaS solution that protects data within the largest and most complex data environments. Its solutions are designed to deliver quick, automated security results for users.

The Varonis Data Security Platform automates data discovery, classification, and protection across cloud and on-prem environments. The platform is available as SaaS. Its architecture includes collectors for both cloud and on-prem sources, supporting metadata processing and dashboard alerts. Deployment involves installing collectors, scanning data, and integrating via APIs. Once configured, the solution addresses data security through multiple methods, including automated permission remediation, real-time data access monitoring, compliance management, and user behavior analytics. It can also enforce additional controls, such as masking and anonymization, and coordinate with third-party tools to enforce privacy controls. Additionally, it helps ensure compliance with regulations through automated data governance. Its management console consolidates policy settings and user access controls.

Its investment in Athena AI is helping to improve operational efficiency by enabling prioritization of risks, assisting with investigations, and guiding responses. The introduction of an MCP server is also beneficial for organizations that want to use their own AI agents to interact with Varonis.

Varonis is positioned as a Leader and Fast Mover in the Maturity/Platform Play quadrant of the DSP Radar chart.

Strengths
Varonis scored well on a number of decision criteria, including:

• Service integrations: Varonis offers comprehensive coverage of protected repositories, safeguarding both structured and unstructured datasets across on-prem and cloud environments, including file servers, NAS, SaaS, cloud object stores, identity platforms, databases, and cloud databases such as Snowflake. Customers can also build custom integrations where prebuilt coverage does not exist. 

• Access security: Varonis provides data access reviews across multiple repository types to highlight places where data is exposed organization-wide, publicly, externally, and in personal accounts. It can identify points where data is overshared, both internally and externally, where it’s improperly stored, and where there is stale or orphaned data. Varonis applies its automated remediation policies, which can be customized and run continuously, to ensure data remains secure.

• AI analysis and investigation: Varonis’s AI SOC assistant (Athena AI) streamlines risk prioritization and investigations by using models trained on enterprise-specific data to generate context-rich alert playbooks, identify high-risk behaviors, and surface actionable insights. It enables natural language search across environments, simplifying threat analysis for users of all skill levels, while offering executive summaries, automated remediation suggestions, and collaborative case management. 

Opportunities
Varonis has room for improvement in a few decision criteria, including:

• Advanced data security: Varonis provides dynamic data masking to conceal and redact data in databases. Its masking process automatically activates when a user attempts to retrieve data, and it masks information according to the policy for that user or role. However, it currently does not expand beyond this capability natively, although it can orchestrate third-party functionalities. Varonis could enhance this by extending native capabilities to other data sets, reducing customer reliance on other tools and strengthening security and privacy in datasets that currently do not support it.

• Encryption and rights management: Varonis provides encryption natively (like in GCP and Databricks) and through integration with data stores (for example: MIP encryption, Box file encryption, AWS S3 bucket encryption, and Salesforce Shield) depending on customer preference. Encryption is applied to data at rest at the file, object, database, or email level, not in motion or in use. This is also true for its rights management capabilities, which rely on orchestrating features in other tools. Extending native capabilities here would be valuable for its customers, reducing reliance on third-party tools.

• Security for AI/ML models and data pipelines: Varonis does not yet offer native protection for AI models or direct integration with MLOps platforms. It does provide capabilities for securing training data at rest across cloud repositories like AWS, Azure, and GCP.  By enforcing least privilege access, it automates remediation of excessive permissions and monitors for abnormal interactions.  However, as the use of AI models continues to grow, customers will look to their solution to deliver further integration with data pipelines, and there is an opportunity for Varonis to deliver it and be a core part of AI development for its customers. 

Purchase Considerations
Varonis is licensed per data store and the users within it, except for IaaS platforms, which are licensed based on dataset size. Licenses are available as an annual subscription that can be canceled at any time. Pricing is available directly or through the partner channel.

The Varonis deployment model is SaaS-based for management, with the deployment of local collectors and API integrations for data security delivery. Varonis account teams work with customers on deployment to identify any specific requirements where additional support may be needed. Professional services are available to assist with this if necessary.

For those needing additional resources, the vendor also offers fully managed services.

This is a solution designed for larger enterprises and is likely to be unsuitable for SMBs. 

Use Cases
Varonis delivers robust business outcomes by safeguarding sensitive data, reducing risk, and ensuring compliance. It continuously identifies and remediates data exposure, automates risk reduction by limiting unnecessary access, and helps organizations respond swiftly to threats through real-time monitoring and incident support. Varonis empowers businesses to maintain regulatory compliance with comprehensive reporting, streamlined audit trails, and privacy-by-design controls. Its managed detection services further augment security, offering expert investigation and response. 

Velotix: Data Security Platform

Solution Overview
Velotix’s Data Security Platform uses AI to scale their data security operations, supporting many data consumers and ensuring holistic data protection. It offers automated data discovery, sensitive data classification, policy management, and continuous compliance monitoring.

Velotix is available as SaaS or self-hosted, connecting to various data repositories such as databases, file storage, data catalogs, and metadata sources. It features a unified interface for operational consistency, seamless communication between components, and rapid deployment on cloud or on-prem infrastructure.

The solution automatically maps data and uses AI to apply sensitivity labels to all data formats; no scripts or manual tagging are needed. It also maps data access based on user attributes and highlights patterns and anomalies to inform tighter controls, reduce risk, and create actionable policies. It supports policy-based and attribute-based access control (PBAC and ABAC), replacing static RBAC models with dynamic, context-aware policies. It provides a real-time view of data activity, including data lineage tracking, to see how data is accessed, transformed, and applied. It detects schema changes and new data sources, automatically updating classifications, policies, and access controls.

The solution is available as a single platform and does not offer individual modules. 

The vendor continues to deliver new features to the product and aims to expand to meet customer needs and market demands, and to enter new areas. This can lead to customers experiencing regular platform changes during the product's lifecycle. 

Velotix is positioned as a Challenger and Fast Mover in the Innovation/Platform Play quadrant of the DSP Radar chart.

Strengths
Velotix scored well on a number of decision criteria, including:

• Service integrations: Velotix discovers, monitors, and protects data in file storage (like NetApp and Dell Power Scale), cloud file storage (like SharePoint and OneDrive), RDBMS (like Oracle, SQL Server, and Postgresql), big data (like Teradata, Cloudera), cloud data lakes (like Redshift, Lake Formation, Synapse, BigQuery, Snowflake, Databricks), BI tools (like Tableau, Power BI), SaaS platforms (like Salesforce), and others. All integrations are achieved by remote connection using the data platform's preferred integration method, such as JDBC and the REST API. No agents or proxy technologies are used. Customers can also build custom integrations.

• Advanced data security: Velotix manages data permissions and also enforces data access restrictions. These include row and column-level protections, such as full masking, partial masking, hashing, encryption, format-preserving encryption/tokenization, and hiding. The solution also provides cell-level security, such as conditional masking. While it relies on the native capabilities of the target data platforms for these enforcements, it offers strong flexibility and a range of granular controls.

• Access security: Velotix offers data activity monitoring for all supported databases and unstructured data repositories. It collects activity logs from data platforms, correlates them with user and data metadata, and stores the information in a searchable database. It then provides various dashboards to view and analyze data access patterns and highlights anomalies in data access.

Opportunities
Velotix has room for improvement in a few decision criteria, including:

• Encryption and rights management: While the solution provides the ability to leverage the native capabilities of protected repositories, it does not offer its own native capability to encrypt or provide information rights management. Adding this would help customers adopt these additional data security capabilities and reduce the need to use third-party tools.

• Behavioral analytics: Velotix learns the usage and activity profiles of users based on data such as time of day, day of week, and the number of rows retrieved from each table, then creates a baseline. Velotix analyzes each data access activity against this baseline and assigns an anomaly score. Exceptions are highlighted to indicate insiders accessing data outside their usual pattern, which may suggest potential data leakage, theft, or credential compromise. Currently, this is limited to database access, but extending this capability to other datasets would offer significant value to Velotix customers.  

• AI analysis and investigation: Velotix uses AI to generate recommendations for operations staff on how to respond to data access requests or what constitutes an exception that should be remediated. However, much of its AI capability provides value "behind the scenes" of the application. Adding additional AI-powered tools to help users understand and investigate risks more quickly through features like summarization and natural language queries would help customers reduce operational overhead. 

Purchase Considerations
Velotix licensing is subscription-based and is composed of a per-installation fee, plus a fee based on the number of connected technologies. For example, Oracle, Snowflake, Tableau, and SharePoint would all count as individual instances. Pricing information is available through the Velotix sales force or through partners.

Velotix introduces a high level of automation into the deployment phase, simplifying deployment complexity significantly and reducing its time to value. On-prem deployment requires some additional work, as is to be expected when compared to a SaaS offering.

This is a solution designed for larger SMBs and enterprises, although the vendor has recently released a more SMB-focused version of its product to extend its appeal. 

Use Cases
Velotix addresses enterprise challenges by centralizing data governance, automating compliance, and accelerating secure data access. It unifies control for consistent policy enforcement and simplifies permissions, vital for regulation. Its self-service interface removes access bottlenecks, allowing teams real-time data access. With visibility and anomaly detection, Velotix safeguards sensitive information and reduces dark data risks. Automated permission management streamlines user changes, maintaining current access and compliance in complex environments.

Data security should be a top priority for leaders in all organizations. Data is a vital asset at the core of daily business activities. Any data breach could significantly affect an organization. In a world where AI operations are central to many strategic plans, modern tools must safeguard data from misuse during AI interactions. Additionally, when organizations develop their own AI models, it is crucial to keep datasets and pipelines secure to maintain the integrity of custom AI projects. 

Traditionally, the approach to data security involved using multiple tools; however, today, DSPs aim to consolidate these tools, offering businesses better insights while reducing complexity and risk.

This report highlights a strong DSP market that continues to grow. There has been some consolidation as larger portfolio vendors acquire technology to fill gaps in their data security platforms. This trend is likely to persist because the demand for AI security will push more vendors to find suitable technology solutions for this challenging area. 

Vendors are offering more complete solutions that cover a wider range of data security risks across different market segments. While some specialty vendors remain and are expected to continue in that orientation, their share is likely to keep decreasing as a percentage of the overall market. In all cases discussed in this report, vendors demonstrate strong capabilities within their areas of focus, giving customers a good selection of potential solutions when evaluating the market. 

Before embarking on a DSP project, organizations must have clarity in three areas: 

• The impact of DSP adoption

• The data sets to be protected

• The overall project goal

Implementing a DSP is not a simple task. It often requires a cultural shift in how an organization manages data and needs buy-in from all stakeholders. To encourage adoption, organizations must therefore communicate clearly both the changes a DSP brings and its benefits.

As demands for data, its management, use, and security continue to grow, the DSP market will evolve accordingly. The use of AI is expected to play a key role in this development. AI can improve the management, classification, and security of data. It can also boost operational efficiency by summarizing data incidents and helping to improve policies and automation processes. This trend is evident in the market, with vendors exploring ways they can enable organizations to leverage AI and how AI can support operations teams securely.

This is a strong market, with multiple vendors providing comprehensive data security solutions. We anticipate DSPs will continue evolving to address the challenges of safeguarding the growing volumes and types of data.

*Vendors marked with an asterisk did not participate in our research process for the Radar report, and their capsules and scoring were compiled via desk research.

For more information about our research process for Radar reports, please visit our Methodology.

Paul Stringfellow has more than 25 years of experience in the IT industry helping organizations of all kinds and sizes use technology to deliver strong business outcomes. Today, that work focuses mainly on helping enterprises understand how to manage their data to ensure it is protected, secure, compliant, and available. He is still very much a “hands-on” practitioner and continues to be involved in a diverse range of data projects. Paul has been recognized across the industry and has spoken at many industry, vendor, and community events. He writes for a number of industry publications to share his enthusiasm for technology and to help others realize its value.

Paul hosts his own enterprise technology webcast and writes regularly on his blog.

GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.

GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.

GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.

© Knowingly, Inc. 2025 "GigaOm Radar for Data Security Platforms (DSP)" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact sales@gigaom.com.