Upwind Data Security Framework-

Secure Data in Rest and Transit with Upwind’s Runtime-Powered Data Security Posture Framework

A person wearing a dark t-shirt and a baseball cap stands with arms crossed. The background is a plain, light-colored wall.

By Chris Lentricchia

Aug 07, 2025

Sensitive data is the crown jewel of every organization and the primary target for attackers. But in modern cloud environments, it’s increasingly difficult to answer key questions, like, “Where is our data? How is it used? What’s putting it at risk?”

Consider the example shown below – an organization has security tooling in place, but still has trouble identifying how sensitive data could be exposed. Meanwhile, they have a vulnerable containerized resource that can be accessed by machine identities with high privileges, contains PII data, and is vulnerable to broad internet exposure.

Screenshot-2025-08-01-at-2.53.10-PM

With the speed of cloud development and the increasing sophistication of bad actors, situations like the one above are incredibly common – leaving security teams scrambling to identify exploit paths and remediate them before sensitive information can be extracted.

Upwind is actively empowering organizations to avoid open exploit paths. We recently released expanded data security capabilities, and now – we’re excited to introduce the Upwind Data Security Framework, giving teams a structured, context-rich way to detect and respond to real-world data risks in production.

A Smarter Foundation for Cloud Security and Compliance


“Upwind’s Data Security Framework gives us a real-time view of how sensitive data is exposed in production, not just at rest. It correlates runtime behavior, access patterns, and cloud misconfigurations to show us real attack paths, not hypothetical ones. That helps our team focus on issues that are exploitable right now, not just theoretically risky.”

-Josiah Nosek, Security Architect at Audacy, Inc.

Upwind Frameworks are pre-built, customizable, and constantly adapting collections of “policy checks”s designed to help organizations quickly establish and mature their cloud security posture. Each framework maps to real-world risk, surfacing only the exposures that matter, based on live cloud activity across compute, storage, networking, and identity layers.

photo_2025-08-01-15.05.57

We built Upwind Frameworks based on extensive feedback from our customers, combined with ongoing research and hands-on customization from our industry-leading security research team. Upwind Frameworks evolve in step with the threat landscape, going beyond the scope and depth of traditional industry frameworks.

“We don’t just want to tick compliance boxes. We want to build real security for the specific risks our business faces. Upwind makes that possible.”

-Wojciech Syrkiewicz-Trepiak, VP Security, Spacelift

What sets Upwind Frameworks further apart are their focus on emerging and often overlooked risks. As a result, security teams can:

  • Proactively defend against real-world attack patterns
  • Easily adopt advanced security strategies
  • Strengthen resilience while maintaining compliance and auditability

Whether you’re aligning with internal policies or meeting external requirements, Upwind Frameworks give you a clear starting point with built-in flexibility to adjust based on your environment and risk tolerance.

AD_4nXdKP-RwTod0cqLLRChTy-RmqJWNgrehMR070DfQ0D1Wyk2EPydVU3Fh30_NwFFMdXtXgUvtrUq73AQSq0URdGbT39oY0cQ3UrnFpyudprrT-cU2WZMdLIN4eaZBOwcZo20j9rhDZA?key=mVuW2yD386oc2eU4h0M_Zg
Upwind offers a range of pre-configured, dynamic, and adaptable frameworks to help organizations rapidly define their security posture.

Bringing Context to Cloud Data Risk

Most data security tools and frameworks rely on static scans or point-in-time assessments. They might tell you where a secret was found or what kind of data a storage bucket contains, but they can’t answer whether that data is actively accessed, transmitted over insecure channels, or exposed by misconfigured workloads.

CleanShot-2025-07-28-at-18.00.47@2x

The Upwind Data Security Framework fills that critical gap. By combining storage-level discovery with real-time runtime behavior, it connects the dots between where sensitive data lives, how it’s being accessed, and how it’s at risk. Instead of surfacing generic findings, it reveals exploitable issues rooted in how your cloud environment actually behaves. This helps you prioritize and respond to the risks that matter most.

With the Upwind Data Security Framework, security teams can:

  • Focus on what’s exploitable: Static gaps are less important than live risks. For example: a dormant workload with a secret might not be urgent, but a live service with internet ingress, cloud permissions, and local credentials is a real threat.
  • See risk in context: Understand how signals like exposed secrets, open ingress, and known vulnerabilities interact to create real attack paths. Upwind correlates these factors to expose high-risk scenarios that traditional tools overlook.
  • Follow data in motion: Track how sensitive data flows across workloads, databases, and APIs, revealing active exposure paths that posture-only tools can’t see.
Screenshot-2025-08-01-at-2.59.34-PM

What’s Included in the Initial Release

By correlating sensitive data with live runtime context, Upwind provides security teams with a prioritized, attack-path-aware view of their cloud data exposure. This helps teams focus remediation efforts where they’ll have the greatest impact, whether that means locking down credentials, re-architecting risky data flows, or tightening workload access policies.

The Upwind Data Security Framework’s initial release highlights critical, real-world cloud data exposures often missed by other frameworks. It detects when workloads exposed to the internet store access secrets. It also flags when those workloads are vulnerable to high-severity remote code execution, as well as when workloads hold CI/CD credentials under similar risky conditions.

This release can identify cases where workloads suffer from server-side request forgery (SSRF) vulnerabilities combined with exposed secrets, or when compute instances possess broad cloud permissions alongside local secret storage and unrestricted internet access, creating prime attack vectors. Additionally, the framework surfaces risks involving sensitive data processing workloads connected to backend databases over exposed network paths, as well as public S3 buckets containing sensitive information actively accessible on the internet.

AD_4nXdMwblHKvAToWQ9CkzX9WepW52tADGQK5EsMBj1LXN2wVJVqE0hLTOvi4Z_ce04kslHP6aWZRD1vN_julGpShkYQEr5ZeMuJte-HHjHqP3Fhk4MV5en_TaZkLJu78Qhfgc7QKn8WA?key=mVuW2yD386oc2eU4h0M_Zg

Final Thoughts

What makes the Upwind Data Security Framework different is its ability to connect the dots across static findings, runtime behavior, and cloud architecture. Rather than flooding teams with thousands of low-context alerts, it surfaces the small number of exposures that truly matter. It’s not enough to know that sensitive data exists. You need to know how it’s being handled, who can access it, and where the weak links are, in real time. Without that, you’re flying blind.  That’s the power of the Upwind Data Security Framework.

Ready to see how your sensitive data is being exposed in the cloud, and what to do about it? Schedule a demo with us to explore the Upwind Data Security Framework in action.

Secure Data in Rest and Transit with Upwind’s Runtime-Powered Data Security Posture Framework

Further Reading

GitLab CICD
Product

Upwind Brings Runtime Context to GitLab CI/CD Security

Joshua

By Joshua Burgin

Aug 12, 2025

Traditional CI/CD scanning tools often generate noisy results and miss what’s actually risky in production. That’s where Upwind comes in. Upwind Security now supports GitLab for CI/CD scanning, bringing real-time security insights to GitLab pipelines, just like we do with other leading  CI/CD platforms. This integration was driven by growing demand from customers standardizing on […]

upwind-Cloud-Scanners-2-0
Product

Upwind Cloud Scanners 2.0 Redefine the Cloud Security Standards. Now 10X Faster, 93% Leaner.

Joshua

By Joshua Burgin

Aug 06, 2025

Cloud Security should be effortless to deploy, seamless to operate, and architected for maximum efficiency. We are excited to announce that we have made groundbreaking technological advancements to Upwind Agentless Cloud Scanners — the technology that powers Upwind Agentless and Sensor-based scanning — resulting in industry-leading performance and accuracy. Starting today, Upwind Scanners 2.0 are […]

Upwind-Nyx-full-1600x960-Feed
Product

Upwind + Nyx: Advancing Runtime Security into the Application Layer

Denise Ashur

By Denise Ashur

Aug 05, 2025

Cloud-native infrastructure has become more dynamic and distributed, but application behavior at runtime remains one of the most overlooked aspects of cloud security. Attackers increasingly exploit logic flaws and runtime gaps that static analysis can’t catch. Following our acquisition of Nyx in April 2025, we’ve now fully integrated its technology into the Upwind platform. This […]

Footer-Logo-07_03_2025

Stay In Touch

This field is for validation purposes and should be left unchanged.

Product

CNAPP
CSPM
CWPP
Container Security
Identity Security
Vulnerability Management
DSPM
CADR
API Security
GenAI Security

General

About
Contact
Careers
We are hiring!
Events
Case Studies
Get A Demo

Social

X
LinkedIn
Instagram

Resources

UpwindTV
Feed
Glossary
Newsroom

Documentation

Privacy Policy
Terms of Use

© 2025 Upwind Security