
Upwind now offers Data Security features and context that simplify compliance, improve visibility, and protect sensitive data across your cloud environments. These capabilities continuously monitor and enable data security across multi-cloud storage – supporting automated discovery, visibility, and compliance from a single platform.
Key capabilities include:
- Automated Data Discovery: Classify sensitive data (PII, PHI, PCI, secrets) across AWS, Azure, and Google Cloud storage.
- End-to-End Visibility: See where sensitive data lives, how it flows, and who can access it.
- Real-Time Data Queries & Policies: Control encryption, access, and compliance policies using posture rules and configuration integration.
- Data Compliance and Reporting: Create high-level reports and executive summaries of data usage, security and compliance.
These new capabilities mark a significant advancement for security and compliance teams, helping them eliminate blind spots, reduce risk, and accelerate regulatory alignment. As sensitive data becomes increasingly distributed across complex cloud architectures, Upwind now offers a streamlined way to monitor and protect it – at rest and in transit. In the sections that follow, we’ll explore how these capabilities help address real cloud risks and strengthen compliance across your data estate.
Why Data Security Matters
As organizations adopt multi-cloud architectures, understanding what sensitive data you have, where it lives, who can access it, and how it’s used becomes increasingly complex. This is where Data Security plays a critical role.
Data Security practices offer a continuous, proactive way to identify, classify, and secure data like PII, PHI, PCI, and other regulated information across your cloud infrastructure. It helps reduce exposure risks such as overly permissive access, unencrypted data, and vulnerable APIs, while supporting continuous compliance with standards like HIPAA, GDPR, and PCI-DSS.
The Risk of Misconfigured Cloud Storage
Cloud storage solutions like AWS S3, Azure Blob Storage, and Google Cloud Storage offer tremendous flexibility – but headlines show how misconfigurations can quickly lead to breaches. For example, in 2023, researchers found thousands of open S3 buckets exposing personal and financial data due to default settings and lack of encryption. Security teams often lack visibility into what data resides in storage buckets or how exposed it may be. Default settings such as public access or missing encryption, as well as overly complex IAM policies, are common culprits. In fact, Gartner has estimated that greater than 95% of cloud security failures through 2025 will be the customer’s fault, often due to simple misconfigurations. Just one misconfigured bucket could expose millions of records.
For example, a healthcare provider might inadvertently expose PHI, leading to HIPAA violations and costly reputational damage. With Data Security, those hidden risks become visible, auditable, and manageable.
How Upwind Addresses This Risk
Upwind’s new Data Security features are designed to eliminate blind spots, providing continuous discovery, visibility, monitoring and compliance for sensitive data. Below, we dive into how Upwind’s capabilities empower organizations across each of these categories.
Automated Data Discovery
Upwind automatically scans cloud storage to detect and classify sensitive data such as PII, PHI, PCI, secrets, and credentials based on context such as file type and path. Upwind’s agentless cloud scanners analyze data at rest, while our eBPF-based scanners observe data in transit through APIs, giving teams real-time, actionable insights.
Sensitive data is discovered and classified automatically. Security teams can then define policies and compliance controls using Upwind’s Configuration Module, which aligns with regulations like GDPR, HIPAA, and PCI based on actual data context.
End-to-End Data Visibility
After discovering and classifying sensitive data, Upwind provides deep runtime visibility of data at rest and in transit. The Upwind “Orbital View” provides a high-level, real-time overview of where sensitive data resides, how it’s connected to applications, and who can access it. This makes it easy to identify hotspots and potential risks.

In each cloud storage bucket, a new Data Tab now offers a summary of sensitive data, details on file types, and sample scanned files containing sensitive content. This allows teams to not only locate sensitive data but also understand how it could be exploited.
Real-Time Data Queries & Policy Creation
With the Upwind Graph, security teams can run powerful, context-aware queries to instantly uncover where sensitive data exists and how it’s exposed. For example, you can search for all AWS S3 buckets in production that contain U.S. Social Security Numbers, or surface cloud resources with unencrypted credentials.
These types of investigations – such as locating unencrypted credentials across production environments or identifying exposed PII in open storage buckets – used to take hours or even days. With Upwind, they now take seconds. By combining sensitive data findings with cloud resource context, Upwind Graph helps teams move from broad visibility to pinpoint accuracy, accelerating both threat response and compliance workflows.
Users can also leverage the Upwind Graph to turn data queries into custom posture rules and policies that restrict access to sensitive data, block risky API activity, and align directly with compliance requirements. Sensitive data findings are now part of a dedicated Data Framework in the Configuration Module, where teams can create controls such as “flag access to unencrypted PII” or “show any secrets stored in public buckets”, appearing alongside CSPM misconfigurations with rich context like severity and file path.
Data Reporting & Compliance
To complement the core Data Security capabilities, we’ve also introduced a set of enhancements that provide greater control, visibility, and operational efficiency. These features are designed to support day-to-day security workflows, streamline investigations, and simplify compliance reporting.
New enhancements include:
- Exportable Reports: Generate structured reports by resource, data type, and severity to support audits, stakeholder communication, and ongoing compliance workflows.
- Centralized Data Module: Access a unified dashboard that aggregates all sensitive data findings across cloud environments. Advanced filtering, search, and dismissal workflows make it easy to triage, investigate, and act.
Together, these additions make it easier for teams to operationalize data protection more effectively. Upwind’s new Data Security features and context enable faster investigations, reduce audit prep time, and lower the risk of compliance violations. This shortens the feedback loop between discovery and action, helping teams stay ahead of risks.
Coming Soon: From Data in Motion to Complete Data at Rest Coverage
Upwind’s Data Security journey began with securing data in motion – leveraging our API security capabilities and eBPF-powered sensors to detect and classify sensitive data as it flows through your environment. Now, we’re extending that visibility and control into data at rest, beginning with object storage and expanding deeper across the data stack.
Following this initial data security release, our roadmap includes:
- Block Storage: Support for AWS EBS scanning via snapshots, enabling sensitive data detection at the file system level.
- Multi-Cloud Object Storage: Expansion into Azure Blob and GCP Cloud Storage for unified object storage visibility across all major providers.
- Databases: Scanning of structured data within services like Amazon RDS, Azure SQL, and GCP Cloud SQL, with deep column-level inspection.
- Cloud Data Platforms: Integrations with large-scale data services like Snowflake and Databricks to identify sensitive data and access patterns in enterprise data lakes and analytics environments.
This phased expansion moves Upwind from real-time data inspection to full-stack data visibility and protection – securing data wherever it lives or moves.
Learn More
With Upwind’s new Data Security capabilities, Security teams gain the tools to prevent incidents early and protect sensitive data across its entire lifecycle. With automated discovery, context, and intelligent enforcement, Upwind empowers organizations – whether fintech, healthcare, or enterprise – to take control of their sensitive data and compliance obligations. Schedule a personalized demo or reach out at [email protected] to learn how Upwind can help you discover, classify, and secure sensitive data – whether at rest or in transit.