Table of Contents
Share this entry
If you’re reading this, you might be considering a cloud security solution – maybe an identity and permissions-focused one – maybe even Sonrai.
Potential customers are our best source of knowledge – we get to hear directly from the horse’s mouth how they consider our solution against competing priorities, existing investments, limited resources, and the ever-evolving threat landscape. We want to address some of the most common mentalities or objections we come across in our conversations with potential buyers and how we address these hesitations to help them in their decision-making process. We hope it resonates with you.
1) “I have a CSPM, IAM, or Cloud-Native Solution – I’m all set.”
This one’s a doozy because a lot falls under this bucket, as it’s very common for organizations to think one investment has them covered.
Cloud Security Posture Management (CSPM) tools are an excellent way to maintain proper configuration hygiene. These solutions have a best practice baseline of your environment and continuously monitor cloud configuration changes to then compare back to that baseline and detect deviations that could pose risk. This may be publicly accessible ports, logging enablement, encryption enablement, or just upholding compliance standards.
CSPM is valuable and will absolutely help reduce opportunities for attackers to gain entry into your environment via misconfigurations (a leading cause of breaches) and will detect drift out of compliance using continuous monitoring – BUT CSPMs do nothing for managing identity privilege and how that relates back to data and application protection.
IAM tools (let’s group in IGA and PAM) are all excellent solutions for managing identities in your environment and governing their privilege – all with different specialties.
Identity Governance and Administration (IGA) tools will manage the entire identity lifecycle handling identity inventorying, user provisioning, role assignment, and deprovisioning.
Privileged Access Management (PAM) tools manage the access to privileged accounts – and focus on human ones. They will help control access to privileged accounts, secure the credentials of privileged accounts, and validate that the right users are accessing them.
Finally, IAM tools coming natively from cloud service providers are also a common choice – AWS IAM, or Azure Active Directory. Now this will get a little closer to what Sonrai does, just not to the depth of a Cloud Infrastructure Entitlement Management (CIEM) tool.
Cloud provider solutions will inventory all identities (machine and human), they will authenticate them, and manage access requests to cloud resources taking into account identity-based and resource-based policies.
Now ALL of these solutions are great and necessary for their respective use cases, but NONE of them cover all your bases.
What these solutions do not offer that Sonrai does:
- Machine identity management – service accounts, roles, APIs, serverless functions, etc. Machine identities greatly outnumber your human users and are a critical part of cloud computing. Your identity solution must take them into account.
- Insight into the full effective permissions of any given identity. Not all permissions are directly assigned to an identity. Sonrai takes into account organizational permissions, identity-based permissions, resource-based permissions, and what the actual action the permission translates into (‘read’, ‘copy, ‘delete’, etc.) Trust relationships, conditional statements, groups, and more all work to offer identities inherited privileges you never meant for them to have. Sonrai sees it all. This means Sonrai can tell you what any given identity could do at any given time.
- Continuous attack path analysis with a model that recalculates nightly. Sonrai’s patented identity analytics and graphing technology can map out every possible route to sensitive data or applications from any given identity. This reveals attack paths resulting from the complexity of cloud permissions so that you can shut down these routes to your data before an attacker can exploit them.
- Identification and remediation of toxic combinations of permissions. Again, the advanced permission analytics enables Sonrai to connect the dots and discover how one identity can have access to multiple unrelated permissions that when combined, create an extremely risky ability. Consider a machine identity that via three different permission chains, holds iam:passrole, lambda:createfunction, AND lambda:invokefunction. This combination gives the identity the ability to do quite literally anything an attacker could want – disrupt applications, remove infrastructure, or delete your cloud.
The point is an IGA, PAM, IAM tool, or cloud-native service all do their job, but they alone do not properly secure your cloud. A solution like Sonrai is required to have true insight into the unintended access paths compromising your data or the combinations of privileges that allow attackers to take over your cloud.
2) “We think what Sonrai does is great, but we have other priorities for the year.”
We can’t tell your business what to care about, but we can try and encourage you to consider what’s really at stake here. Some cold hard facts:
The volume of data in your cloud is only growing, leaving you with more and more at stake. Cloud service providers are releasing new permissions every day – Sonrai detects 42k across the four major providers – only giving attackers more surface to exploit and making managing all those permissions more complex. Time is valuable; acting now will save you later.
IBM reported Data from the X-Force Red penetration testing indicates that in 99% of the cases analyzed, cloud identities have been found to be excessively privileged.
Enterprise Strategy Group found that 99% of organizations that experienced a cybersecurity incident recognize that credentials played a role in exposing their cloud environment.
Identity privilege is an undeniably aggressive player in successful cloud breaches. These breaches are violating compliance standards and costing organizations serious monetary fines and disrupting business operations, again, costing organizations thousands if not millions ($4.45M, according to IBM.)
If your organization is not investing in sufficient identity and access solutions (we already discussed the coverage gaps in IGA, PAM, and IAM solutions), then the money and resources spent on other security programs are meaningless. Vulnerability management and cloud posture management cannot be the end-all-be-all as attackers will and are finding their way in – it’s time to have a security plan that strips them of opportunity once the perimeter is breached.
3) “I know this is a problem, but I don’t know how to convince the business this is important.”
We get it. Not everyone in the organization is knee-deep in security alerts or is actually building the cloud architecture. It can be hard to communicate risk or concern when there are a million priorities flying around and the business wants to make money and innovate fast. We’re happy to say we have a really easy answer to this one.
Sonrai offers a free, fast, and nonintrusive report of your cloud – the Cloud Identity Diagnostic. This assessment requires no installations or agents, just a read-only role that analyzes metadata and evaluates all your identity risks. It outputs exactly what issues are present across 6 different areas – overprivileged identities, lateral movement opportunities, trust relationships, access keys, privileged identity distribution, and unused identities. It will give you a risk score and a comparison to industry benchmarks. Lastly, it not only gives you all this intel unique to your cloud but then outlines what you need to do to fix it and how much that will reduce your risk. This is delivered via both strategic and actionable recommendations. Plus, you’ll get access to Sonrai’s tenant for two weeks to then go ahead and see the actual policy violations and remediation options.
The most important part is this is all delivered in an easy-to-share report that is clear, concise, and visual. It is perfect for getting stakeholder buy-in or communicating that there are serious risks active in your cloud.
4) “We don’t have a budget for this.”
We hear you. We know time and resources are money.
Sonrai’s Prioritized Actions helps you fix the most impactful risks first. This helps conserve resources by mitigating alert fatigue and ensuring personnel are not chasing low-impact alerts. Sonrai calculates its own unique risk score taking into account not just the severity of the violation itself, but also the sensitivity of the environment the risk is in and if the risk ties back to business-critical assets. This helps your team do more with less.
Implementing Sonrai can also negate the need for a current solution you use. Maybe you use an IGA for identity inventorying like Sailpoint or a traditional CSPM tool like Prisma – but when Sonrai can offer both those use cases, in addition to the granular insight into unintended attack paths via permissions and remediation options, you may consider centralizing your efforts into one tool.
Many of our customers replaced another tool upon purchasing Sonrai.
If you’re looking for a way to justify spend to address identity, access, and permission concerns in your environment, consider running a quick Cloud Identity Diagnostic to give yourself collateral to support the spend need.
5) “We don’t have the bandwidth or personnel to support another product.”
This is an increasing reality with tight headcounts and the ever-present cloud security skills gap. A few points to consider:
Sonrai is highly automated and comes with prebuilt options.
We offer 1,300 prebuilt security policies, and compliance frameworks for common mandates like HIPAA, HITRUST, NIST, GDPR, PCI-DSS, and more. This means less time for your team to properly configure and enforce security in your cloud.
Monitoring for new risks is continuous and automated. When issues are detected, we offer bot remediation to take the burden off manual efforts.
Take a moment to reflect on your current security efforts. Are there manual processes that could actually become more efficient? Leveraging a product like Sonrai may actually take workload off of manual attempts to control and secure identity privileges.
There is also an option to leverage our APIs and exfiltrate our analytics and findings into your own data warehouse. This saves your teams the time and effort of learning a new tool and consolidates your security data into one place for streamlined operations.
Finally, speaking of streamlined operations – we integrate with a lot of workflows or incident reporting processes you may already be using, like Jira, SIEMs, ServiceNow, Slack, etc, so your team doesn’t need to spend more time on a different tool.
—If any of this resonated with you or you’ve got further objections you want answers to, consider reaching out, and any of our experts would be happy to talk things over.
The Newsletter for Cloud Security Leaders. 1x a month.
Get a Comprehensive Cloud Identity AuditRequest Your Audit
- Cloud Security Platform
- By Use Case