Netskope DSPM FAQs

What is DSPM?

DSPM is a Data Security Posture Management from the Netskope One platform that automates security and governance for data, whether on-premises or in the cloud, with end-to-end protection. It delivers real-time visibility, control, and remediation for structured (like SQL databases), semi-structured (such as JSON logs), and unstructured data (including emails and documents) across databases, data lakes, and warehouses. Powered by Data Access Governance (DAG) and Data Detection and Response (DDR), the platform enforces compliance and ensures continuous audit readiness.

What problems can DSPM solve?

Today’s complex data environments create critical security gaps. DSPM addresses these key challenges:

Data sprawl with no visibility (increases breach risks): DSPM auto-discovers data stores across hybrid environments for full visibility.
Error-prone manual data classification: the platform auto-classifies sensitive data, assigns sensitivity levels, business purpose tags, and maps them to known regulations.
Sensitive data exposure from misconfiguration: identifies data stores with issues to prevent leaks.
Overprivileged access challenges: detects excessive user privileges to sensitive data automatically.
Undetected risky data interactions: profiles user behavior via query analysis to mitigate risks at scale and ensure regulatory compliance.
Overwhelming security issue management: prioritizes remediation with risk scoring and policy-based workflows.

What makes DSPM unique?

DSPM delivers comprehensive data security through these differentiated technical capabilities:

Context-Aware Data Security: provides correlated visibility into all data interactions by continuously analyzing four critical dimensions: infrastructure (data location), data (type/sensitivity), users (access patterns), and usage (interaction methods). This contextual monitoring identifies anomalies like unauthorized access or suspicious queries in real time.
Continuous Data Risk Monitoring: performs uninterrupted scanning across databases, file shares, and cloud storage to detect risks including misconfigurations, outdated permissions, and suspicious activity. Automatically evaluates security control effectiveness and recommends adjustments.
Core-Data Security Automation: utilizes machine learning to classify data by sensitivity (50+ predefined types, including PHI and PCI) and enforces granular, classification-specific controls. Monitors active data usage to track query patterns and data movement, reducing insider threats.
On-Prem & Cloud Coverage: supports all major structured and unstructured data stores across on-premises, IaaS, PaaS, and SaaS environments. Automated workflows identify misconfigurations and optimize resources without manual intervention.
Real-Time Compliance Monitoring: continuously analyzes data access and usage patterns to immediately detect violations of GDPR, HIPAA, or CCPA requirements. Triggers alerts for risky activities like unauthorized sensitive data exports.
Data Query and Risk Analysis: analyzes query logs in real time to identify misuse patterns such as excessive data sampling. Generates prioritized risk scores (0-100) based on factors like privilege staleness and data sensitivity levels.
Cross-Functional Workflows: automates incident response by alerting designated teams to potential data misuse or leaks, significantly reducing remediation time while ensuring proper mitigation actions.
Cross-Platform Orchestration: enables unified monitoring through SIEM, SOAR, and Active Directory systems integration via API/metadata exchange. Delivers granular privilege analysis at the object level (e.g., database table permissions) across hybrid cloud environments.

What can I customize within DSPM?

You can configure these key elements of the platform:

Sensitive Data Types: define custom classifications for your organization’s data. The platform automatically assigns sensitivity levels, business purpose tags, and maps them to regulations like HIPAA or GDPR. Create custom tags and data types to monitor your most critical sensitive information at scale.
Data Store Scanning: adjust scan frequency, schedule timing, and sampling rates for your data stores. Use regex patterns to fine-tune scanning parameters, ensuring your security insights remain current and accurate.
Security Policies: create and modify policies to enforce your organization’s data protection standards. Implement access controls and encryption rules to prevent unauthorized data exposure. Customize alert conditions that integrate with existing notification workflows.
Remediation Workflows: modify built-in workflows or design new ones with specific notification settings. Automate risk mitigation processes by linking workflows to your customized policies for efficient security management.

What are the deployment options available for DSPM?

DSPM offers two deployment models:

SaaS-Hosted Deployment
The standard SaaS model operates entirely within Netskope’s environment, requiring read-only access to your data stores for scanning and analysis.

Hybrid Architecture
For customers who prefer not to whitelist SaaS IPs, this option combines:

A central SaaS application in Netskope’s environment.
Customer-deployed sidecars installed near data stores.

The sidecars handle local discovery and processing, transmitting only essential metadata to the central application while keeping sensitive data within your infrastructure.

How does DSPM handle large-scale data environments?

DSPM supports scaling through organization-level onboarding. When you onboard an Organization, the platform automatically detects all child Accounts and Data Stores within them, enabling rapid connection and scanning across large volumes of data resources.

Does DSPM impact the performance of my data warehouse or databases?

No. The platform minimizes performance impact by periodically copying queries from data store logs (when data-in-use monitoring is enabled) and sampling new columns during non-peak times (configurable). All operations are designed to maintain typical database/warehouse performance.

Does DSPM store any customer data?

No. DSPM only stores metadata and does not retain copies of sensitive data samples. This ensures customer data remains secure and private. Some customers deploy via Sidecar to keep computing and sampling within their environment.

Which file types can DSPM find sensitive data in? Does it support image files?

Category	Extensions	Format / Description
Image Files:	.png, .jpeg, .jpg	Raster image formats (PNG for lossless, JPEG/JPG for lossy compression).
Archive Files:	.zip, .tar, .tar.gz	Compression/packaging formats (ZIP for general use, TAR for bundling, TAR.GZ for TAR + Gzip compression).
Plain Text Files:	.txt, .pem, .crt, .cer, .key, .p7b, .p7c	Unformatted text or encoded certificates (TXT for raw text, PEM/CRT for SSL certificates).
Other Files: (Text portions only)	.avro, .csv, .doc, .docx, .eml, .htm, .html, .js, .json, .jsonl, .parquet, .pdf, .ppt1, .pptx1, .tsv, .xls, .xlsx, .xml, .yaml, .yml	Files containing structured/textual data (e.g., DOCX for Word, PDF for documents, JSON/XML for data interchange).

Files without identifiable types are labeled in the Classifiable File Types field as “Unknown.”

How does DSPM classify my data?

DSPM classifies your data through the following process:

Scanning: examines data stores across your environments.
Machine Learning Analysis: uses heuristic signals to identify data sensitivity levels, specific data types, and confidence scores for each classification.
Configuration Options: allows adjustment of scan frequency, schedule timing, and sampling rate (for unstructured data).

What types of risks does DSPM detect, and how are risk scores calculated?

DSPM detects five core risk types with automated scoring (0-100 scale):

Misconfiguration risk: the score reflects the vulnerability level of data store security configurations.
Overprivileged risk: aggregated score for data stores showing multiple users with stale, excessive privileges to sensitive data. Flag users when they haven’t accessed data stores for extended periods or retain access to large amounts of sensitive data.
Data store sensitive access risk: aggregated score for data stores where multiple users can access sensitive data.
User behavior risk rating: score based on the severity of the user’s policy and data-in-use violations (30-day window).
User-sensitive data access risk: score increases when users access higher-sensitivity data.

All risk scores (0-100) derive from the Last Accessed Timestamps (inactivity duration), Data Sensitivity Levels (higher sensitivity = higher risk weighting), and the Access Scope (volume of sensitive data accessible).

Higher scores indicate longer periods of unused access privileges, broader exposure to critical data types, or more severe policy violations.

Can DSPM determine which users have access to sensitive data?

Yes. It goes beyond basic role retrieval to detect field or file-level user access. It provides granular insights into which users can access sensitive data, helping prioritize access issues based on true sensitive data exposure.

Can DSPM detect real-time violations?

DSPM’s real-time detection capability depends on your configured scan frequency (adjustable from hourly to monthly) – for query-based policy violations, detection occurs when the system processes the query logs during its next scan cycle, meaning alerts trigger immediately upon identifying violations within an active scanning window but aren’t instantaneous for queries executed between scheduled scans.

How does DSPM provide remediation?

DSPM provides remediation through:

Automated workflows that send alerts via Slack, PagerDuty, SNS, Google Pub/Sub, and email.
Native integrations with SOAR solutions like Splunk and Sumo Logic.
Ticketing system alerts for platforms including Jira and ServiceNow – enabling rapid response to detected incidents through your existing operational channels.

How does DSPM help with regulatory compliance?

It automates compliance with major regulations like GDPR, HIPAA, and CCPA. It integrates with existing tools to simplify audits and ensure continuous compliance.

How can DSPM integrate with my product or systems?

DSPM integrates with a wide range of products and systems through standard integrations and custom workflows. You can review all current platform integrations here. In addition to native integrations with leading data warehouses, data lakes, BI tools, SIEM solutions, alerting systems, and SSO providers, custom workflows can be configured using open APIs, webhooks, and lambda functions. Please contact your account representative for questions about custom integrations with a specific tool.

What certifications does DSPM hold?

The platform has achieved SOC 2 Type 2 attestation and demonstrated HIPAA compliance. Read more about DSPM approach to Trust and Security.

What support is available for onboarding and long-term success?

You’ll receive comprehensive support through our Premium Onboarding and Long-Term Success Plan, designed to help you maximize the value of DSPM. From day one, you’ll have a dedicated team of experts, including a Customer Success Manager, Solutions Engineer, and Account Manager, working closely with you to ensure success.

Here’s what you can expect:

Kickoff and Tailored Planning: we’ll start with a kickoff session to understand your unique priorities and goals, and your success team will create a customized roadmap aligned with your use cases and business objectives.
Ongoing Training and Adoption Support: receive personalized training sessions, 1:1 coaching, and resources to drive user adoption across your organization. Examples include hands-on workshops and best practices tailored to your workflows.
Proactive Account Reviews: at 90 days and 6 months, we’ll review your progress, identify new value opportunities, and optimize your configurations. These check-ins ensure you’re on track to meet your goals.
Workflow Optimization and Integrations: we’ll help you streamline workflows, integrate with existing systems, and configure custom solutions for maximum impact.
Executive Updates and ROI Tracking: regular updates for leadership will showcase the return on investment (ROI) and progress toward your objectives. This ensures alignment between technical implementation and business outcomes.

With the Premium Onboarding and Long-Term Success Plan, your success team becomes an extension of your organization, providing continuous support and expertise, and together, we’ll ensure high user adoption, ongoing optimization, and sustained value to meet your evolving business needs.