DSPM-revised
Joshua

By Joshua Burgin

Jul 07, 2025

Upwind now offers Data Security features and context that simplify compliance, improve visibility, and protect sensitive data across your cloud environments.  These capabilities continuously monitor and enable data security across multi-cloud storage – supporting automated discovery, visibility, and compliance from a single platform.

Key capabilities include:

  • Automated Data Discovery: Classify sensitive data (PII, PHI, PCI, secrets) across AWS, Azure, and Google Cloud storage.
  • End-to-End Visibility: See where sensitive data lives, how it flows, and who can access it.
  • Real-Time Data Queries & Policies: Control encryption, access, and compliance policies using posture rules and configuration integration.
  • Data Compliance and Reporting: Create high-level reports and executive summaries of data usage, security and compliance.

These new capabilities mark a significant advancement for security and compliance teams, helping them eliminate blind spots, reduce risk, and accelerate regulatory alignment. As sensitive data becomes increasingly distributed across complex cloud architectures, Upwind now offers a streamlined way to monitor and protect it – at rest and in transit. In the sections that follow, we’ll explore how these capabilities help address real cloud risks and strengthen compliance across your data estate.

Why Data Security Matters

As organizations adopt multi-cloud architectures, understanding what sensitive data you have, where it lives, who can access it, and how it’s used becomes increasingly complex. This is where Data Security plays a critical role.

Data Security practices offer a continuous, proactive way to identify, classify, and secure data like PII, PHI, PCI, and other regulated information across your cloud infrastructure. It helps reduce exposure risks such as overly permissive access, unencrypted data, and vulnerable APIs, while supporting continuous compliance with standards like HIPAA, GDPR, and PCI-DSS.

The Risk of Misconfigured Cloud Storage

Cloud storage solutions like AWS S3, Azure Blob Storage, and Google Cloud Storage offer tremendous flexibility – but headlines show how misconfigurations can quickly lead to breaches. For example, in 2023, researchers found thousands of open S3 buckets exposing personal and financial data due to default settings and lack of encryption. Security teams often lack visibility into what data resides in storage buckets or how exposed it may be. Default settings such as public access or missing encryption, as well as overly complex IAM policies, are common culprits. In fact, Gartner has estimated that greater than 95% of cloud security failures through 2025 will be the customer’s fault, often due to simple misconfigurations. Just one misconfigured bucket could expose millions of records.

For example, a healthcare provider might inadvertently expose PHI, leading to HIPAA violations and costly reputational damage. With Data Security, those hidden risks become visible, auditable, and manageable.

How Upwind Addresses This Risk

Upwind’s new Data Security features are designed to eliminate blind spots, providing continuous discovery, visibility, monitoring and compliance for sensitive data. Below, we dive into how Upwind’s capabilities empower organizations across each of these categories.

Automated Data Discovery

Upwind automatically scans cloud storage to detect and classify sensitive data such as PII, PHI, PCI, secrets, and credentials based on context such as file type and path. Upwind’s agentless cloud scanners analyze data at rest, while our eBPF-based scanners observe data in transit through APIs, giving teams real-time, actionable insights.

Sensitive data is discovered and classified automatically. Security teams can then define policies and compliance controls using Upwind’s Configuration Module, which aligns with regulations like GDPR, HIPAA, and PCI based on actual data context.

End-to-End Data Visibility

After discovering and classifying sensitive data, Upwind provides deep runtime visibility of data at rest and in transit. The Upwind “Orbital View” provides a high-level, real-time overview of where sensitive data resides, how it’s connected to applications, and who can access it. This makes it easy to identify hotspots and potential risks.

CleanShot-2025-07-07-at-13.37.57@2x-1-1024x631
The Orbital View now shows a high-level overview of your sensitive data, giving you essential context to understand exposure and access risks. 

In each cloud storage bucket, a new Data Tab now offers a summary of sensitive data, details on file types, and sample scanned files containing sensitive content. This allows teams to not only locate sensitive data but also understand how it could be exploited.

AD_4nXfqjRznmNYVN2Z3XBNemEoOFj1qKfV4EhgHoCvTInsCDO6W7wX-Mdi5V7zo1RD6O42ijq1YiWXFmRqnoC5Q0Ers_a0tdEAWPA2zWuFa4rWkUfQGVvqy9Px2Cpu1ahdfG_9_MuH_kw?key=REhiNsg8Ch5BF2HoPp92DQ
The Data Tab provides an overview of sensitive data in an AWS S3 Bucket

Real-Time Data Queries & Policy Creation

With the Upwind Graph, security teams can run powerful, context-aware queries to instantly uncover where sensitive data exists and how it’s exposed. For example, you can search for all AWS S3 buckets in production that contain U.S. Social Security Numbers, or surface cloud resources with unencrypted credentials.

These types of investigations – such as locating unencrypted credentials across production environments or identifying exposed PII in open storage buckets –  used to take hours or even days. With Upwind, they now take seconds. By combining sensitive data findings with cloud resource context, Upwind Graph helps teams move from broad visibility to pinpoint accuracy, accelerating both threat response and compliance workflows.

AD_4nXcRK1Jpcv1AtAERKIY5XABVV0zvVN5bkmQhOhghdr7xslrmuV36o9Tdlq6rBEr9qSWKVt0apHuQlr_dyGsqNQvcz5koPtUNPoLeZeSgnWIT3K8J1H2F89fR33P0VwE4BZyYTkkhdQ?key=REhiNsg8Ch5BF2HoPp92DQ
The Upwind Graph enables quick and actionable searches, saving hours hunting for the right information

Users can also leverage the Upwind Graph to turn data queries into custom posture rules and policies that restrict access to sensitive data, block risky API activity, and align directly with compliance requirements. Sensitive data findings are now part of a dedicated Data Framework in the Configuration Module, where teams can create controls such as “flag access to unencrypted PII” or “show any secrets stored in public buckets”, appearing alongside CSPM misconfigurations with rich context like severity and file path.

AD_4nXdmtqDOu-7Qky_btuCAFsQ2TABdxKglX4BRS3NsQpa0JHXu43PLWQtxv4BO-3KW_4eV9ucrVsjvCkVv4dCltx2rRewZ-sBEE91zTZCXnVM-ewHdJrXt5e8vvNjz7mv93mrekHTTIA?key=REhiNsg8Ch5BF2HoPp92DQ
The Upwind Graph allows you to easily turn query into policy

Data Reporting & Compliance

To complement the core Data Security capabilities, we’ve also introduced a set of enhancements that provide greater control, visibility, and operational efficiency. These features are designed to support day-to-day security workflows, streamline investigations, and simplify compliance reporting.

New enhancements include:

  • Exportable Reports: Generate structured reports by resource, data type, and severity to support audits, stakeholder communication, and ongoing compliance workflows.
  • Centralized Data Module: Access a unified dashboard that aggregates all sensitive data findings across cloud environments. Advanced filtering, search, and dismissal workflows make it easy to triage, investigate, and act.

Together, these additions make it easier for teams to operationalize data protection more effectively. Upwind’s new Data Security features and context enable faster investigations, reduce audit prep time, and lower the risk of compliance violations. This shortens the feedback loop between discovery and action, helping teams stay ahead of risks. 

AD_4nXeoGk9GFd8zv2H0EVOrugWmhxHdwwyv4aHFJXKpKZ6z0bnhesvNU82qqCnPNbQJsKnqmnzLA1jiVRAZi1CrXBZXmLxoU1MlW55yf5Tmzq9b6aBAPIGhs-Hrou2SB7yYmSgj6egX?key=REhiNsg8Ch5BF2HoPp92DQ
The Data Module is a centralized area for all of your sensitive data. It includes a dashboard, a findings tab, and a patterns tab.

Coming Soon: From Data in Motion to Complete Data at Rest Coverage

Upwind’s Data Security journey began with securing data in motion – leveraging our API security capabilities and eBPF-powered sensors to detect and classify sensitive data as it flows through your environment. Now, we’re extending that visibility and control into data at rest, beginning with object storage and expanding deeper across the data stack.

Following this initial data security release, our roadmap includes:

  • Block Storage: Support for AWS EBS scanning via snapshots, enabling sensitive data detection at the file system level.
  • Multi-Cloud Object Storage: Expansion into Azure Blob and GCP Cloud Storage for unified object storage visibility across all major providers.
  • Databases: Scanning of structured data within services like Amazon RDS, Azure SQL, and GCP Cloud SQL, with deep column-level inspection.
  • Cloud Data Platforms: Integrations with large-scale data services like Snowflake and Databricks to identify sensitive data and access patterns in enterprise data lakes and analytics environments.

This phased expansion moves Upwind from real-time data inspection to full-stack data visibility and protection – securing data wherever it lives or moves.

Learn More

With Upwind’s new Data Security capabilities, Security teams gain the tools to prevent incidents early and protect sensitive data across its entire lifecycle. With automated discovery, context, and intelligent enforcement, Upwind empowers organizations – whether fintech, healthcare, or enterprise – to take control of their sensitive data and compliance obligations. Schedule a personalized demo or reach out at [email protected] to learn how Upwind can help you discover, classify, and secure sensitive data – whether at rest or in transit.

Upwind Eliminates Data Blind Spots by Detecting and Securing Sensitive Data Across Cloud Environments

Further Reading

Harbor and registry scanning
Product

Upwind Brings The Power of Runtime To Container Registry Scanning

A person wearing a dark t-shirt and a baseball cap stands with arms crossed. The background is a plain, light-colored wall.

By Chris Lentricchia

Jun 30, 2025

Imagine you’re Mike, a security engineer at a fast-growing fintech startup. One morning, you are notified of a zero-day vulnerability in a popular open-source library used across multiple containers. You drop everything, messaging developers, digging through logs, mapping services – only to realize the vulnerable code never actually runs in production. You’ve just spent days […]

Azure_Functions
Product

Upwind Delivers Automatic Protection for Azure Functions, Accelerating Time to Value

A person wearing a dark t-shirt and a baseball cap stands with arms crossed. The background is a plain, light-colored wall.

By Chris Lentricchia

Jun 26, 2025

As serverless computing continues to gain momentum, developers and DevOps teams are increasingly turning to Microsoft Azure Functions to build scalable, event-driven applications with minimal infrastructure overhead. However, the very benefits of serverless – rapid deployment, fine-grained event handling, and abstracted infrastructure – introduce new challenges for security teams. These environments are harder to monitor […]

OpenAI Risks
Product

Mitigating GenAI Data Exposure in Light of OpenAI’s New Data Retention Policy

Denise Ashur

By Denise Ashur

Jun 18, 2025

On June 6, 2025, Reuters reported that OpenAI is appealing a U.S. court order requiring the company to preserve all user interactions with ChatGPT and its API, including conversations that users deleted. This legal mandate stems from an ongoing copyright lawsuit filed by The New York Times and has effectively suspended OpenAI’s standard data deletion […]

Footer-Logo-07_03_2025

Stay In Touch

This field is for validation purposes and should be left unchanged.

Product

CNAPP
CSPM
CWPP
Container Security
Identity Security
Vulnerability Management
DSPM
CADR
API Security
GenAI Security

General

About
Contact
Careers
We are hiring!
Events
Case Studies
Get A Demo

Social

X
LinkedIn
Instagram

Resources

Feed
Glossary
Newsroom

Documentation

Privacy Policy
Terms of Use

© 2025 Upwind Security