Sonrai Security website logo for identity and data governance and cloud security

Free Public Cloud Risk Assessment



Submit your assessment request to Sonrai


Sonrai Dig securely assumes a role in your cloud


Dig analyzes your identity and data access risks


In 3 business days, review the results with a specialist

What you’ll get

Our team will use Sonrai Dig to deliver a free assessment of your current identity and data access risks, including (but not limited to) data insights like:

- Public and account-wide exposure of data
- Data exposure outside of account tenant
- Report all identities and rights to critical data
- Encryption settings and key access rights
- Verification of audit settings

And identity-specific insights on:

- Identification of Privileged and Administrative identities
- Toxic permission chains allowing privilege escalation
- Segregation of duties verification

Frequently Asked Questions

Why perform a cloud security assessment?

During a Cloud Security Assessment, we analyze the public and account-wide exposure of data across your cloud, governance and policies, your capability to manage your exposure, and your ability to react to environment changes. At the end of the assessment, you will have a true picture of the encryption setting and key access rights across your entire cloud. You'll have verification for your audit settings to better understand your identity and data governance issues including, but not limited to, the identification of privileged and administrative identities, toxic permission chains allowing privilege escalation, and segregation of duties verification.

What measures are in place to secure my data?

Sonrai Dig is designed from the ground up with the security of your data in mind. Strong encryption is used to protect data in transit and at rest and no sensitive data is transmitted to the Sonrai platform.

Does your platform undergo an audit or review and how frequently?

Sonrai is SOC-2 coIndependent audits are conducted by registered 3rd parties as part of our compliance program for SOC 2 for our Cloud services. We also have an internal audit program, external penetration testing and regularly scheduled internal vulnerability testing. The results of these processes are tracked through our improvements process. The methodology and tools used to conduct penetration testing is tailored to each assessment for specific targets and attacker profiles. SOC 2 reports are provided under NDA to clients.

How is my data classified and who can access it?

All data stored within the production cloud infrastructure is considered confidential, which is our highest level of security and only authorized staff have access to this environment for implementation. Policies and procedures have been established to store and manage identity information about every person who accesses the production cloud infrastructure and to determine their level of access. Access control policies and procedures have been established, and supporting business processes and technical measures implemented, for restricting user access as per defined segregation of duties to address business risks associated with a user-role conflict of interest. The access control repository is managed by the provider. We use a privileged identity manager and password management system.

How CSPM Secures The Modern Healthcare Infrastructure

Cloud computing has helped healthcare cloud professionals to quickly spin up or spin down a resource to fulfill the increased demand of new healthcare application workloads. However, when working in a cloud environment, monitoring the security state of multiple workloads while meeting the growing number of Health Insurance Portability and Accountability Act (HIPAA) compliance requirements can be challenging. How do you know if your security posture across all workloads is at the highest-possible level?

Register Now
© 2020 Sonraí Security. All rights reserved | Privacy Policy
Sonrai Security cloud security platform, products and services are covered by U.S. Patent No. 10,728,307, together with other domestic and international patents pending. All rights are reserved.