Updated on April 14, 2025

Integrating Cohesity with DSPM

Integrating Cohesity with DSPM

Overview

DSPM is a Data Security Posture Management from the Netskope One platform that automates security and governance for data, whether on-premises or in the cloud, with end-to-end protection. It delivers real-time visibility, control, and remediation for structured (like SQL databases), semi-structured (such as JSON logs), and unstructured data (including emails and documents) across databases, data lakes, and warehouses. Powered by Data Access Governance (DAG) and Data Detection and Response (DDR), the platform enforces compliance and ensures continuous audit readiness.

This guide walks you through integrating Cohesity with our DSPM to identify gaps in your data protection program and safeguard sensitive assets.

Note
For additional resources, visit the Cohesity Marketplace.

Integration Overview and Benefits

Managing and securing data across dispersed environments is a complex challenge. As part of Cohesity’s Data Security Alliance, DSPM delivers a unified solution that enhances data security posture management (DSPM) and protection across multi-cloud and on-premises infrastructures.

By integrating DSPM with Cohesity’s AI-powered data security and management platform, organizations gain a centralized view of their data estate, improving compliance and risk mitigation. For example, this integration can uncover previously unprotected data assets containing personally identifiable information (PII). With this visibility, IT backup administrators can prioritize data protection more effectively, while security teams gain the insights needed to meet their protection mandates.

  • This integration empowers organizations with advanced capabilities to secure and manage their data effectively, including:

    • Automated Data Discovery: detect and classify sensitive data across cloud, on-prem, and hybrid environments, improving oversight and control.

    • Stronger Data Security Posture: identify and address vulnerabilities proactively, ensuring comprehensive protection and rapid incident recovery.

    • Advanced Risk & Compliance Reporting: strengthen cybersecurity frameworks with enhanced risk assessments and compliance reporting, reinforcing regulatory adherence.

  • Beyond immediate benefits, this collaboration delivers strategic advantages that enhance long-term data governance and protection, such as:

    • Unified Data Visibility & Control: centralized monitoring of data assets enhances governance and risk management.

    • Enhanced Security & Compliance: strengthens defenses against cyber threats while simplifying compliance with regulations such as GDPR and CCPA.

    • Optimized Data Protection: Cohesity’s scalable backup and disaster recovery solutions complement DSPM’s classification and protection of overlooked data assets.

    • Proactive Risk Management: detect and remediate misconfigurations and security gaps in real time to ensure data integrity.

    • Improved Operational Efficiency: reduce manual effort and minimize risks, accelerating the time-to-value for data security initiatives.

    • Supported Services

    The DSPM and Cohesity integration supports the following services:

    • Databases: AWS RDS, MariaDB, MySQL, Oracle, PostgreSQL, SQL Server, and Aurora

    • Cloud Storage: AWS S3

      Setting Up DSPM

      If you don’t have access to DSPM, please email support@netskope.com with the following details:

      • The request to create a new DSPM-hosted application
      • The full name and email address of the designated application administrator

      Then, your assigned support representative will provide:

      • Details on how to access your new DSPM application.  
      • The link to our private knowledge base for additional resources

    Generate a Cohesity API Key

    To generate a Cohesity API key, follow these steps:

  • In Netskope DSPM

    1. Go to Administration > Integrations.

    2. Click Cohesity Console link.

  • In the Cohesity Console

    1. Go to Settings > Access Management > API Keys.

    2. Click Add API Key > Enter a name (e.g., Example_API_Key) > Click Save.

    3. Copy the API key value

  • Complete the Connection

    1. Return to Netskope DSPM.

    2. Paste the key into the Cohesity API Key field.

    3. Click Connect.

    • To disconnect later, edit the connection at the Integrations page and click Disconnect.

    Configuring Netskope DSPM

  • Now you have access to Netskope DSPM, complete these two key configuration steps to enable data flow between systems:

    1. Onboard your AWS infrastructure connections

    2. Connect your data stores

    • For detailed instructions, refer to the knowledge base articles linked below or contact your Customer Success Manager for assistance.

    Onboard Infrastructure Connections

    Unlike Cohesity, which connects to AWS using AWS KMS keys, DSPM connects via IAM roles. This approach ensures the necessary permissions for comprehensive data analysis and accurate classification. You can create these roles using CloudFormation or Terraform.

  • For each AWS account onboarded as a Cohesity Source, you must also onboard a matching Netskope DSPM Infrastructure Connection. Follow the specific steps in the articles below, depending on your preferred method (be sure to log in to our knowledge base using the link provided by the Netskope DSPM support team):

    • Once your AWS accounts are connected, our DSPM will automatically discover your AWS data stores and ingest any associated AWS tags.

    Connect Data Stores

  • To monitor a data store in the Cohesity Security Center, you must also connect it as a matching DSPM Data Store in Netskope. Follow the step-by-step instructions in the articles below (ensure you authenticate to our Knowledge Base using the link provided by DSPM support from Netskope):

    • Once connected, our DSPM will analyze and classify data fields using multiple signals and inputs. This process includes applying Data Tags to categorize your data stores. For example, if healthcare-related data is detected, the system may tag the store with “HIPAA” and “PHI” for compliance tracking.

    For more details on classification methods, refer to our Classification Management article.

    Monitoring Your Sensitive Data Posture

    DSPM’s classification data appears in Cohesity’s Security Center under:
    Data Classification > Sensitive Data Posture.

    This page displays workloads containing sensitive data identified by our DSPM, and the protection status of these workloads. This information lets you protect sensitive workloads using Cohesity DataProtect as a Service.

    The Sensitive Data Posture page only includes objects registered in Cohesity DataProtect with DSPM Tags from the Netskope DSPM. Infrastructure tags (applied directly in AWS for purposes beyond data security) are not published as DSPM Tags.

    Note
    The Netskope DSPM tags automatically sync with Cohesity every 24 hours, and the tags are synced each time your data stores are scanned.

    Troubleshooting

    If your latest tag assignments are not appearing in Cohesity, please contact support by emailing support@netskope.com to open a ticket.

    Share this Doc

    Integrating Cohesity with DSPM

    Or copy link

    In this topic ...