Posture Control (DSPM)
Step-by-Step Configuration Guide for DSPM
This guide explains the configuration steps that you need to complete to begin using Data Security Posture Management (DSPM) for your organization.
Before you begin configuring DSPM, Zscaler recommends reading the following articles:
Configuring DSPM
To configure DSPM, complete the following steps:
- Step 1: Log in to the DSPM Admin Portal
After your organization is provisioned for DSPM, you receive an email with a link to create your password. Click the link to set the password. Log in to the DSPM Admin Portal with your registered email ID and the newly created password.
Close - Step 2: Set up the DLP Engines and Define Sensitive Data
DSPM uses predefined DLP engines and dictionaries that are synced from Zscaler Internet Access (ZIA) to classify data types. To learn more, see Understanding DLP Engines and Dictionaries.
Close - Step 3: Onboard Cloud Accounts
You can onboard the Amazon Web Services (AWS) organizations or Microsoft Azure tenants into DSPM. When onboarded, DSPM monitors the data in your cloud accounts for any vulnerabilities and threats and provides comprehensive reports of your data's security posture. To learn more, see About Cloud Accounts.
Close - Step 4: Configure Scan Settings
After you have onboarded the cloud accounts, you need to configure the scan settings. DSPM scans the resources (data stores, cloud storage, virtual machines, etc.) in your onboarded cloud accounts, classifies the data, detects vulnerabilities, and generates alerts so you can evaluate the issue and take necessary action. To learn more, see About Scan Settings.
Close - Step 5: Configure Users, User Groups, and Roles
DSPM implements role-based access control (RBAC) and enables you to add users and user groups, assign roles, and control their level of access to specific modules in the DSPM Admin Portal. You can add users, groups, business units, and assign predefined or custom roles as applicable. To learn more, see About Users.
Close - Step 6: Configure Business Units
You can onboard your cloud accounts and map them to business units. You can restrict user access to specific business units. For example, you might want to restrict a group to the Amazon Web Services (AWS) accounts or restrict partners to view resources only in a specific account. To learn more, see About Business Units.
Close - Step 7: Configure the Data Posture Policies
DSPM offers predefined data posture policies to meet your organization's compliance requirements across multiple cloud service providers (CSPs). You can also create custom policies. To learn more, see About Data Posture Policies.
Close - Step 8: Configure Alert Rules
You can configure and manage alert rules and notifications, so individuals in your organization can receive notifications for any security policy violations that occur in your cloud resources. To learn more, see About Alerts.
Close - Step 9: Configure 3rd-Party Integrations and Notifications
DSPM offers incident management by integrating with IT Service Management (ITSM) tools and cloud storage services. You can send alert data to these tools for further investigation and remediation. To learn more, see About Third-Party Integrations.
Close - Step 10: Configure SSO Authentication
DSPM provides support for adding multiple identity providers (IdPs) to provision and authenticate users. To learn more, see About Identity Providers.
Close