IBMs Polar Buy Creates Focus on a New Shadow Data Cloud Security Area

The purchase gives IBM access to a new category of products called data security posture management for security data in cloud and SaaS repositories.

IBMs purchase of Polar Security for an undisclosed sum on May 16 has focused attention on an emerging market space that, until recently, didnt even have a formal name associated with it.
Polar is among an increasing number of startups — many based in Israel — that offer a new class of tools, built to accomplish data security posture management (DSPM). They help organizations discover, monitor, and secure sensitive data across hybrid and multi-cloud environments. To that end, IBM will integrate Polars technology with its Guardium portfolio of data security products.
The Polar acquisition is the companys fifth so far this year.
The key selling point of products from Polar and companies like it, is their ability to automatically classify discovered data in these environments (in addition to monitoring user access and discovering threats to the data) — so security teams can protect it better. Many of the technologies, including Polar Securitys DSPM platforms, are agentless and have the claimed ability to automatically discover sensitive data in minutes and to classify them into categories such as PII, PHI, and PCI.
Gartner, which gave the category its name last year,
describes DSPM
products as enabling organizations to discover
shadow data
— structured and unstructured — in repositories across cloud service providers, data lakes, and SaaS environments. The analyst firm has predicted that more than 20% of organizations will deploy a DSPM capability by 2026 because of urgent requirements to identify and locate previously unknown data repositories and to mitigate associated security and privacy risks.”
IBMs purchase of Polar
gives the company immediate access to technology that will help it compete in the market segment with a growing number of pureplay vendors, and vendors expanding into the space from other markets such as cloud security posture management and cloud DLP. Examples of pureplay DSPM vendors include
Laminar
,
Cyera,
and
Dig
, while Wiz, Varonis, Orca — and now IBM — are all vendors that have added DSPM to their technology portfolio over the past year.
Richard Stiennon, chief research analyst at IT-Harvest, says his firm currently tracks over a dozen vendors in the market. DSPM is a vibrant space with at least 16 players, Stiennon says.
Polar, which launched in 2021, was in the middle of the pack with about 30 employees at time of purchase he notes, adding, IBM Tech Fund had participated in the $8 million seed funding, so they have had visibility into Polar for at least 16 months. Among the larger vendors in the space are Wiz, Laminar with about 95 employees, and Cyera with a headcount of some 75, Stiennon says.
A lot of the enterprise interest in the space stems from growing concerns over data exposure in cloud and SaaS environments. Just like shadow IT is a problem, shadow data — or sensitive data in cloud databases, AWS S3 buckets, and other repositories stored across multiple environments — has become a real and pressing problem for many organizations.
Sensitive data discovery and classification has become a top priority [for organizations], says Justin Lam, an analyst with S&P Global Market Intelligence. A recent survey of technology decision makers that the analyst firm conducted showed that for many organizations, DSPM has become a top technology priority for 2023, he adds.
A lot of enterprises are waking up to the fact they need to find out what data they have in the cloud, Lam says. How do I find out what it is, how risky it is, what kind of non-public info is out there in the cloud. These are all huge concerns.
Analyst firm Omdia expects the IBM acquisition of Polar to push other technology heavyweights into the space as well. As has often been the case with new technologies, a lot of the initial proponents of DSPM are startups. But that could change quickly as bigger players move into the space.
We have seen such landgrabs before — in data leak prevention in the mid-2000s, cloud access security brokers in the mid-2101s, and cloud security posture management later in the last decade, says Rik Turner, analyst with Omdia.
Turner describes the DSPM market as still largely immature or moving just beyond that phase. To date, it has been all about startups, many of them from Israel, raising early rounds of venture capital money and starting to evangelize about DSPM. Until Gartner came up with a name for the category, many of the players in the space were positioning themselves as providing cloud data posture management and DSPM together, he says.
IBMs purchase has raised the profile of DSPM as a technology and potentially puts other cyber industry majors in the market to buy one of Polars competitors. Already, there are some rumors that Laminar is in talks with a potential buyer or two, Turner says.
Now, alongside the startups, we have not only Big Blue jumping in but also CSP vendors like Orca and Wiz, both of whom are adding some DSPM capabilities, Turner notes. It may be too early to see IBMs acquisition of Polar as the tipping point, but if Laminar does indeed go to one of the bigger beasts, the land grab really will have begun.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
IBMs Polar Buy Creates Focus on a New Shadow Data Cloud Security Area