View article in it's entirety on vmblog.com
From VMBlog: "For enterprise organizations, public cloud expansion quickly leads to hundreds of cloud accounts, thousands of data stores and tens of thousands of ephemeral pieces of compute involving multitudes of development teams. Improperly set up, this growing array of interdependencies and inheritances can open up many security risks such as over-permissioned identities, separation of duties risks and excessive access paths to critical data. Legacy cloud security tools have failed to address identity and data complexity and either miss critical vulnerabilities or send continuous alarms, creating high levels of noise that overwhelm security teams' resources and lead to inaction.
The Sonrai Dig platform builds a comprehensive graph detailing every relationship between identities (people and non-people) and data that exist within cloud platforms like AWS, Azure, GCP and Kubernetes. Analytics provided atop that graph allows users to understand risk, eliminate risk and monitor it continuously. Swimlane workflows enable escalations, certifications and risk-exception handling and provide role-based access control for workloads, teams and cloud platforms to ensure adherence to policy."