Are You Ready for Web 3.0? How DSPM helps you move at the speed of AI

All cybersecurity practitioners know about the CIA triad. The ultimate goal of cybersecurity is to protect the Confidentiality, Integrity, and Availability of information assets. But according to cybersecurity expert and bestselling author Bruce Schneier, different elements of the CIA triad have been more salient at different points in history.

From the early ‘90s to the early 2000s, Availability was top of mind. “This era saw organizations and individuals rush to digitize their content, creating what has become an unprecedented repository of human knowledge,” Schneier says. He calls this era Web 1.0.

But from the mid-2000s to the present day, we’ve been living in Web 2.0, where Confidentiality has been key. Once all that data had gotten out there, and as new tools to enable e-commerce and social media evolved, businesses and governments became preoccupied with devising solutions to protect their information assets. 

Early solutions focused on protecting the network perimeter and the organizations’ on-premises data centers. Like a castle and moat, they focused on policing access to data. But as operations began moving to the cloud, and more and more users logged on remotely (especially after the pandemic), controls had to evolve. 

The Secure Access Service Edge (SASE, pronounced “sassy”) has become the state-of-the-art. Combining a cloud access security broker (CASB), secure web gateway (SWG), and zero trust network access (ZTNA), and supported by a software-defined wide area network (SD-WAN) architecture, SASE is a cloud-native solution to the problem of data’s migration beyond the reach of traditional security controls. 

But even as industry leaders were perfecting SASE, a new security challenge was bubbling to the surface: AI. Schneier thinks AI is going to fundamentally change how we experience the internet, ushering in the era of Web 3.0.

“This is a distributed, decentralized, intelligent Web. Peer-to-peer social-networking systems promise to break the tech monopolies’ control on how we interact with each other…. A future filled with AI agents requires verifiable, trustworthy personal data and computation. In this world, data integrity takes center stage.”

Why will Integrity be king in the age of AI? Simply put, because data is the lifeblood of AI. Building trustworthy AI models and validating their trustworthiness over time is essential to the goal of aligning AI’s behavior with human values and interests. This isn’t just a security challenge. It’s an existential one. And it all starts with ensuring the quality of the data AI feeds upon.

But how do we do that? The challenge feels overwhelming, and for good reason. This year the world is producing over 180 zettabytes of data, one byte for every star in the known universe. This virtual universe of data, or  “dataverse,” is having its own Big Bang, and if current projections hold, it’s only just beginning. Because AI doesn’t just consume data, it generates it as well. And as AI adoption grows, so too will its work product.

Make no mistake: in the era of Web 3.0 SASE will still be necessary, but it won’t be sufficient. A cloud-native solution for cloud-generated problems, SASE set the bar for the era of Web 2.0. But the unique challenges of AI require an AI-native solution. That’s where DSPM comes in. 

Safeguarding data integrity starts with identifying and classifying that data. You can’t protect what you can’t see or control. But manually classifying data in the age of AI is like a couch potato trying to keep pace with a champion marathon runner. The most likely outcome is a faceplant.

Automated tools using regex also aren’t up to the challenge. Traditional DLP solutions - a common feature of many SASE offerings - have been plagued by false positives, to such an extent that many security teams turn them off or water them down to the point of irrelevance. 

By contrast, DSPM leverages large language models and natural language processing to recognize different categories of data based on their meaning and context. If traditional DLP and regex are looking for fingerprint matches, DSPM is doing a full DNA analysis of data and finding patterns that older tools never could. 

DSPM can classify even unstructured data with 95 percent precision or better, an essential capability when so much of the data used to train AI models consists of documents in various file formats. It also discovers data across IaaS, SaaS, PaaS, DBaaS, and on-prem datastores, continuously monitoring the entire data estate for newly created, removed, or modified data.

But DSPM doesn’t just create a precise and thorough inventory of data assets. It also discovers the users - both human and AI agents - who have access to this data, the privileges they enjoy, and the applications they’re sharing data with. This helps organizations better understand who their riskiest users are, and which unmanaged applications, including “Shadow AI” applications, have access to their data.

Finally, DSPM can enforce policies to protect data assets, such as encrypting sensitive data or revoking access for stale users.

In other words, you can’t really do AI governance without DSPM. When we look at something like Gartner’s TRiSM framework (Trust, Risk, and Security in AI Models), we see that DSPM ticks all the boxes. 

Discover and inventory AI applications in the organization? Check.

Enhance AI data classification, protection, and access management? Check.

Implement AI technology to support and enforce policies? Check.

Conduct ongoing governance, monitoring, validation, testing, and compliance? Check.

AI is going to change how we think about the internet. Web 3.0 will be a different world from the one we’ve known, and will require a paradigm shift in information security thinking as well. Protecting the networks and endpoints where data lives and moves will still be essential, but it won’t be enough. 

The dataverse’s Big Bang will swamp the controls of Web 2.0 unless we supplement them with controls that are fast enough, agile enough, and smart enough to keep up with the data explosion. When Web 3.0 dawns, DSPM won’t just be a nice-to-have add-on to your security stack. It will be the standard of care for any organization that wants to move at the speed of AI. Will you be ready?

‍