DSPM
Data Security Posture Management: find sensitive data, score risk, drive egress policy.
What it is
DSPM connects to your data stores (managed relational databases, object storage, warehouses) and classifies what's in them (PII, payment cards, health data, secrets, credentials). Findings feed a posture score per store and per project, and can drive egress policy automatically.
When to use it
- Find where PII actually lives — even when nobody documented it.
- Prove to an auditor that PII never leaves a region.
- Block exfil based on classification — not allowlist.
Quickstart
asc shield dspm connect postgres prod --uri postgres://...
asc shield dspm findings list --severity highclient.shield.dspm.connect(kind='postgres', name='prod', uri='postgres://...')
client.shield.dspm.findings.list(severity='high')await client.shield.dspm.findings.list({ severity: 'high' });Limits & quotas
| Limit | Default | Burst | Notes |
|---|---|---|---|
| Connectors | Postgres, MySQL, object storage, warehouse | — | |
| Classifiers | PII, PCI, PHI, secrets, credentials | — | Custom on Enterprise |
Pricing
See pricing. Pay-as-you-go, billed monthly via Stripe.
API surface
POST /v1/shield/dspm/connectionsGET /v1/shield/dspm/findings
Required scope(s): shield:read, shield:write. See Scopes.
Security
All access is authenticated and scoped. See Auth & scopes and Network controls.