Pillars of Cloud Security: How “Shift-Left” Enhances a Secure SDLCRegister Now

Sonrai Dig is built on a sophisticated graph that continuously identifies and monitors every possible relationship between identities and data that exists inside your public cloud.

Identity Risk Monitoring and Access Graphing

Uncover all identity and data relationships between people and non-people identities (admins, roles, compute instances, serverless functions, and containers) across multi-cloud accounts and 3rd-party data stores. Sonrai Dig, our identity and data governance platform, graphs all access paths to enforce Least Privilege, and workflow enables certification of identities. Risks eliminated include:  

  • Separation of duties
  • Privilege escalation
  • Toxic Combinations
  • Dormant identities
  • Who/what has access rights?
Identity Risk Monitoring and Access Graphing

Discover, Classify, Lock Down, and Monitor “Crown-Jewel” Data

Inside Sonrai Dig, our critical resource monitor relentlessly monitors your critical data sitting inside object stores (e.g. AWS S3, Azure Blob) and database services (e.g. CosmosDB, DynamoDB, RDS). Suspicious access activity or undesirable changes in access rights are flagged.  

  • What is normal access behavior?
  • What or who can access this resource and from where?
  • What is accessing this resource?
  • What has changed?
  • What is the blast-radius?
Discover, Classify, Lock Down, and Monitor “Crown-Jewel” Data

Integration and Automation Between Security, Cloud, Audit, IAM, and DevOps Teams

With first-generation security tools, too many alerts repeatedly go to the wrong teams. With Sonrai Dig this does not happen. Dig organizes your cloud into swimlanes broken down by team and project. Role-based access gives different views depending on role and owners with context-based alerts going to the correct teams. The platform is API driven so it tightly integrates into your CI/CD pipeline. Code promotions with policy violations are blocked so that they don’t get into production.

Integration and Automation Between Security, Cloud, Audit, IAM, and DevOps Teams

Prevention and Remediation Bots

Remediation bots fix problems that are found. But, how about preventing those problems from happening in the first place? Sonrai Dig does both! Our identity and data governance platform puts prevention rules in place across your cloud and makes sure they stay there. As people try to move workloads to production, checks are in place, and promotion only happens if your risk policies are followed.

Prevention and Remediation Bots

Cloud and Data Integrations

We work hard with our cloud partners to leverage the capabilities that they have. However, Sonrai Dig delivers an identity and data governance platform that is the basis of a cloud security and risk operating model that spans clouds, data stores, key stores, and container platforms. Sonrai Dig does all of this in a beautiful cross-platform way. Example integrations:

  • Public Cloud Platforms: AWS, Azure, Google Cloud (GCP) 
  • IAM: AWS IAM, Azure AD, GCP IAM 
  • Audit: AWS CloudTrail, Azure activity logs, GCP Stackdriver 
  • Data Stores: DynamoDB, RDS, Cosmos DB, Data Lake, SQL, Big Table 
  • Key Stores:  KMS, HashiCorp Vault 
  • Infrastructure:  Kubernetes, WAF, Cloudfront, ELB Compute:  ECS, Lambda, Azure Serverless
Cloud and Data Integrations

Multi-Cloud Normalization

Our platform is multi-cloud. Identity and data activity for 100s of AWS accounts, Azure subscriptions, and GCP projects are normalized and modeled. 3rd party data stores and key stores (e.g. Vault) are also normalized.  Teams do not need to understand the intricacies of differing cloud security models and daily service updates.

Multi-Cloud Normalization

Control Frameworks and Compliance Dashboards

Privacy and compliance controls are monitored across multiple cloud providers and 3rd party data stores. Resolutions are coordinated with relevant DevOps teams. Capabilities include:

  • GDPR, HIPAA, PCI dashboards and more
  • Data sovereignty monitoring
  • Data asset inventory
  • Customizable controls and compliance dashboards
  • Monitoring PII data movement
Control Frameworks and Compliance Dashboards

Webinar: Pillars of Cloud Security: How “Shift-Left” Enhances a Secure SDLC

The idea of “shift-left,” moving the responsibility for designing and implementing security as early as possible in the software development and system design process, has proven to be an integral benefit to improving security. In addition, doing things this way for resolving problems makes sure they are fixed permanently.