好的,我现在需要帮用户总结这篇文章的内容,控制在100字以内。首先,我得通读全文,抓住主要观点。 文章标题是“超越文件服务器:AI时代无结构数据的安全”。看起来讨论的是数据安全从传统的文件服务器转向现代协作工具和AI系统的变化。 文中提到,虽然文件服务器还在使用,但现代工作流程已经转移到协作工具、代码平台、聊天和AI系统中。传统的数据安全方法如DLP和DSPM虽然有用,但无法有效监控这些新环境中的数据活动。 作者建议整合DSPM、DLP和数据血缘技术,实现实时监控和干预,以应对AI时代的挑战。 接下来,我需要把这些要点浓缩成一段话,不超过100字。要确保涵盖传统方法的不足、现代工具的转变以及解决方案的建议。 最后检查字数,确保符合要求。 </think> 文章讨论了在AI时代,数据安全从传统的文件服务器转向现代协作工具和云环境的趋势。传统方法如DLP和DSPM难以应对动态数据活动的监控与干预需求。作者建议整合DSPM、DLP和数据血缘技术,实现实时监控与精准干预。 2026-3-13 09:1:35 Author: securityaffairs.com(查看原文) 阅读量:10 收藏
Beyond File Servers: Securing Unstructured Data in the Era of AI
File servers still exist for legacy storage and governance, but most modern workflows now happen in collaboration tools, code platforms, chats, and AI systems.
File servers remain, but they are no longer central to operations.
They still appear important on paper: legacy project shares with strict permissions, legal drives with structured folders, and network areas where data loss prevention (DLP), classification, and governance controls have been refined over the years. These remain prominent in legacy consoles, which can be reassuring for those familiar with that environment.
However, current workflows have shifted elsewhere.
Product teams now work in shared documents, kanban boards, and temporary comment threads. Engineering focuses on code review platforms and build systems rather than traditional file servers. Sales and customer success teams exchange sensitive information through tickets, chats, and embedded panels. Increasingly, this information is also processed by AI assistants for summarization, translation, or drafting.
If your tools are designed to monitor files on servers or scan cloud storage for similar patterns, they may detect some activity, providing a sense of control. However, these tools still operate under the assumption that data exists solely as files in specific locations.
The business no longer operates this way.
Data security posture management (DSPM) was introduced to address this shift. Early products promised to scan cloud environments, identify sensitive data in object stores and SaaS platforms, and provide a comprehensive map. For teams used to discovering unexpected S3 buckets through breach reports and incidents, this was a welcome solution.
Initially, this approach was effective. Architects could identify critical data locations, compliance teams could incorporate these findings into risk assessments, and CISOs could confidently discuss coverage with audit committees.
However, DSPM began to conflate awareness with control, similar to previous file-centric DLP solutions.
This is evident in many deployments: scans are performed, issues are reported, and some high-profile remediation projects are initiated. However, the focus soon shifts, and operational challenges continue to arise from familiar sources.
This is not due to negligence; it reflects the limitations of a map-only approach. Knowing a cloud store contains sensitive data is helpful, but it does not address how users or AI systems interact with that data.
Both the traditional DSPM and file-centric models are effective at identifying data locations but lack insight into data activity.
Feedback from those closest to the issue highlights these weaknesses.
CISOs value having an inventory, but they are also responsible when incidents occur involving key accounts or critical projects. In these situations, knowing which stores are sensitive is insufficient; they need to determine whether a specific user, tool, or agent interacted with that data in a way that requires regulatory explanation.
Security architects also appreciate data maps, but they recognize that risk ratings across repositories do not identify which ones are most vulnerable to workflow issues. Static risk scores cannot differentiate between stable and dynamic risk environments.
Engineers are tasked with integrating DSPM findings, DLP rules, and inputs from EDR and IAM systems to create a unified solution. When these components are separate products, engineers often serve as the connectors, which becomes problematic if key personnel transition to other teams.
SOC analysts manage the resulting alerts, which often come in separate formats such as file-based actions and DSPM issues. They are expected to correlate these streams manually. When unusual activity occurs, the effectiveness of the response depends on timely cross-referencing of relevant data.
There is extensive mapping, but limited intervention.
A new approach is emerging among teams seeking more effective solutions.
In this approach, DSPM is not eliminated but repositioned. It serves as a valuable source of information about critical data locations, though it is no longer the central focus of data security.
The primary focus shifts to a more direct question:
“Given that we know which stores and datasets are most important, how do we monitor data activity and intervene appropriately without disrupting workflows?”
Addressing this requires two elements that previous models did not prioritize.
The first is continuous data lineage: maintaining a real-time record of how content from critical stores moves throughout the environment. This includes not only files, but also reports, exports, cached copies, chat messages, and AI prompts that originate from these sources.
The second is implementing controls that recognize data lineage. DLP and related policies should consider the origin of content, not just patterns and paths. For example, treating any data derived from a specific dataset as critical when it moves to certain destinations is a more precise approach than simply blocking content based on pattern recognition.
When DSPM, DLP, and data lineage are integrated within a single platform, the system can automatically adjust how high-risk data is managed across endpoints, browsers, collaboration tools, and AI workflows. Analysts benefit from built-in correlations, reducing manual effort.
When these capabilities exist in separate products that only exchange data through exports and webhooks, it increases complexity and workload for those responsible for maintaining system alignment.
This is not a criticism of any specific vendor. File-centric DLP and map-only DSPM were appropriate solutions for their time and addressed genuine industry needs.
However, industry requirements have evolved.
If your unstructured data security strategy continues to prioritize file servers or static cloud inventories, you will remain unprepared for incidents that occur outside the scope of these tools.
Alternatively, by using a DSPM, that is integrated with DLP that uses data lineage, you gain the ability to detect and respond to potential data exfiltration before it is too late.
About the Author: Franklin Nguyen is a product marketing leader in AI and data security at Cyberhaven. With prior roles spanning Tenable, Zscaler, VMware, and IBM, he brings experience across cloud infrastructure, hyperscalers, and modern security platforms, helping organizations navigate the evolving challenges of protecting data in AI- and cloud-driven environments. Based in the San Francisco Bay Area, Franklin also leads the AI & Data Security Collective, a community of security leaders focused on advancing best practices, collaboration, and innovation in AI and data security.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, File Servers)
如有侵权请联系:admin#unsafe.sh