dspm understand module

Author: riswinto

learn-pr/wwl-sci/purview-data-security-posture-management-understand/data-security-workflow-fit.yml

@@ -0,0 +1 @@
+Where DSPM fits in the broader data security workflow

learn-pr/wwl-sci/purview-data-security-posture-management-understand/includes/data-security-posture-ai.md

@@ -6,7 +6,7 @@ This distinction matters. Trust in DSPM depends on understanding where AI assist
 
 DSPM uses AI capabilities like Security Copilot and embedded agents to help analyze information that would otherwise be difficult to interpret manually.
 
-These capabilities operate within the context DSPM already provides. They don't introduce new sources of authority or bypass existing controls. Instead, they help surface insights from posture data, objectives, and signals that are already available.
+These capabilities operate within DSPM’s posture and objectives, rather than alongside them. They don't introduce new sources of authority or bypass existing controls. Instead, they help surface insights from posture data, objectives, and signals that are already available.
 
 AI is used to support understanding, not to decide outcomes.
 

learn-pr/wwl-sci/purview-data-security-posture-management-understand/includes/data-security-workflow-fit.md

@@ -0,0 +1,71 @@
+Data security posture management (DSPM) isn't designed to replace existing security tools. It's designed to help decide how and when those tools should be used.
+
+Throughout the data security lifecycle, different solutions serve different purposes. DSPM sits upstream of that work. It helps identify where risk is concentrated so follow-up actions are intentional, not reactive.
+
+## DSPM and data loss prevention
+
+Data loss prevention (DLP) is where controls are defined and enforced. Policies determine what actions are allowed, blocked, or audited.
+
+DSPM doesn’t create or enforce DLP policies. Instead, it helps surface where sensitive data is most exposed, where protections are inconsistent, or where existing controls may not be sufficient. These insights can inform decisions about creating new policies, refining scope, or adjusting actions.
+
+In practice:
+
+- DSPM helps identify where DLP effort will have the most effect
+- DLP enforces controls based on those decisions
+
+## DSPM and Insider Risk Management
+
+Insider Risk Management focuses on detecting and analyzing risky patterns of behavior.
+
+DSPM complements this by highlighting data-related conditions that may increase insider risk, like broad access to sensitive information or repeated exposure across workloads. When posture insights suggest elevated risk, Insider Risk Management provides the tools to investigate behavior in more detail.
+
+In practice:
+
+- DSPM highlights conditions that increase risk
+- Insider Risk Management supports behavioral analysis
+
+## DSPM and Audit
+
+Audit provides the evidence layer for data activity. It records what happened, when it happened, and who was involved.
+
+DSPM relies on audit signals to understand how data is being used over time. When posture insights raise questions, audit data supports validation and follow-up by providing the underlying activity context.
+
+In practice:
+
+- DSPM helps decide what to look for
+- Audit shows what actually occurred
+
+## DSPM and data security investigations
+
+Data security investigations bring together evidence, context, and analysis when a deeper review is needed.
+
+DSPM doesn’t replace investigations or manage cases. It helps justify when an investigation is warranted by identifying patterns, trends, or exposure that go beyond isolated events.
+
+When posture insights indicate sustained or high-impact risk, investigations provide the structured environment to examine data, activity, and outcomes more closely.
+
+In practice:
+
+- DSPM helps justify when an investigation is needed
+- Investigations provide structured, case-based analysis
+
+## When DSPM insights justify deeper investigation
+
+Not every posture finding requires immediate action. Some indicate emerging risk, others reflect known conditions that are already being addressed.
+
+DSPM helps differentiate between:
+
+- Isolated findings and broader patterns
+- Temporary conditions and sustained exposure
+- Low-impact gaps and high-risk areas
+
+This context helps determine when to adjust controls, when to monitor trends, and when to escalate into investigation or enforcement workflows.
+
+## Why DSPM is a starting point, not an end state
+
+DSPM is designed to guide action, not complete it.
+
+It brings visibility, prioritization, and context together so decisions about data security are informed and focused. The actual work of enforcing policies, investigating activity, and validating outcomes still happens in the appropriate tools.
+
+By starting with posture, data security work becomes more intentional. Effort is directed where it matters most, and actions across DLP, Insider Risk Management, audit, and investigations stay aligned to real risk.
+
+This is how DSPM closes the loop.

learn-pr/wwl-sci/purview-data-security-posture-management-understand/index.yml

@@ -43,10 +43,7 @@ units:
 - learn.wwl.purview-data-security-posture-management-understand.evaluate-risk-posture
 - learn.wwl.purview-data-security-posture-management-understand.data-security-objectives
 - learn.wwl.purview-data-security-posture-management-understand.data-security-posture-ai
-
-
-
-
+- learn.wwl.purview-data-security-posture-management-understand.data-security-workflow-fit
 - learn.wwl.purview-data-security-posture-management-understand.knowledge-check
 - learn.wwl.purview-data-security-posture-management-understand.summary
 badge: