General Dynamics Information Technology Vendor Cyber Rating & Cyber Score

None

**The Critical Gap in Data Security: Governing Data in Motion** Organizations have made significant progress in mapping their data landscapes, leveraging **Data Security Posture Management (DSPM)** tools to identify sensitive information, regulated records, and high-risk data concentrations. While visibility into **data at rest** has improved, a persistent blind spot remains: **data in motion**. Once information leaves secure repositories—via email, file-sharing platforms, APIs, or web forms—governance often becomes fragmented. This disconnect stems from legacy architectures where storage and transmission systems evolved independently, each with distinct security models and workflows. ### **The Core Challenge: Decentralized Movement and Fragmented Policies** Three key factors exacerbate this gap: 1. **Decentralized Movement** – Data flows through disparate channels (email, collaboration tools, automated workflows) without a unified control layer. 2. **System-Centric Policies** – Organizations enforce separate rules for email, file transfers, and partner access, but sensitive data doesn’t adhere to these boundaries. 3. **Fractured Auditability** – Tracking data movement requires piecing together logs from multiple systems, each with varying retention and detail levels. ### **A Shift Toward Data-Centric Governance** A promising solution lies in treating **data labels as actionable policy signals**. Traditionally, classification (via MIP labels, custom taxonomies, or DSPM insights) has been confined to storage systems. However, for labels to mitigate risk, they must **travel with the data** and influence decisions across transmission platforms. Recent integrations, such as the collaboration between **BigID and Kiteworks**, exemplify this shift. By connecting DSPM-driven classification with enforcement frameworks spanning email, file transfers, APIs, and web forms, organizations can enforce consistent policies regardless of how data moves. ### **Impact on Managed Security Service Providers (MSSPs)** For MSSPs, this evolution presents opportunities to: - **Transform assessments into continuous programs** by leveraging classification-driven enforcement for ongoing policy orchestration. - **Reduce policy sprawl** by defining data-centric rules (e.g., "encryption required for external sharing of sensitive data") that apply uniformly across channels. - **Enhance third-party oversight** with controls that persist beyond enterprise boundaries, improving supply-chain security. - **Accelerate incident response** by providing immutable logs tied to data classifications, reducing investigation time and regulatory uncertainty. ### **Real-World Applications** Connecting classification with enforcement addresses critical scenarios: - **Outbound sharing of regulated data** – Applying consistent controls (encryption, watermarking, or blocking) when sensitive data leaves via email or file-sharing. - **Secure collaboration with partners** – Retaining predictable controls for intellectual property, legal documents, or engineering files crossing organizational boundaries. - **High-risk data intake** – Routing web form submissions through governed channels to enforce access, encryption, and audit requirements. - **Post-incident reconstruction** – Using immutable logs to clarify data movement, reducing notification costs and regulatory friction. ### **The Path Forward** Data governance is transitioning from a **system-centric model** ("protect the repository") to a **data-centric approach** ("protect the information wherever it goes"). While DSPM has advanced visibility, the next phase involves integrating classification with enforcement across communication, transfer, and collaboration channels. The **BigID-Kiteworks partnership** reflects this broader industry trend, demonstrating how discovery and enforcement can work together to create a more coherent, auditable, and scalable approach to data movement governance.