Sonrai Security website logo for identity and data governance and cloud security

Sonrai Cloud Risk Assessment



Submit your assessment request to Sonrai


Sonrai Dig securely assumes a role in your cloud


Dig analyzes your identity and data access risks


In 3 business days, review the results with a specialist

What you’ll get

Our team will use Sonrai Dig to deliver a free assessment of your current identity and data access risks, including (but not limited to) data insights like:

- Public and account-wide exposure of data
- Data exposure outside of account tenant
- Report all identities and rights to critical data
- Encryption settings and key access rights
- Verification of audit settings

And identity-specific insights on:

- Identification of Privileged and Administrative identities
- Toxic permission chains allowing privilege escalation
- Segregation of duties verification

Frequently Asked Questions

Why perform a cloud security assessment?

During a Cloud Security Assessment, we analyze the public and account-wide exposure of data across your cloud, governance and policies, your capability to manage your exposure, and your ability to react to environment changes. At the end of the assessment, you will have a true picture of the encryption setting and key access rights across your entire cloud. You'll have verification for your audit settings to better understand your identity and data security issues including, but not limited to, the identification of privileged and administrative identities, toxic permission chains allowing privilege escalation, and segregation of duties verification.

What measures are in place to secure my data?

Sonrai Dig is designed from the ground up with the security of your data in mind. Strong encryption is used to protect data in transit and at rest and no sensitive data is transmitted to the Sonrai platform.

Does your platform undergo an audit or review and how frequently?

Sonrai is SOC-2 coIndependent audits are conducted by registered 3rd parties as part of our compliance program for SOC 2 for our Cloud services. We also have an internal audit program, external penetration testing and regularly scheduled internal vulnerability testing. The results of these processes are tracked through our improvements process. The methodology and tools used to conduct penetration testing is tailored to each assessment for specific targets and attacker profiles. SOC 2 reports are provided under NDA to clients.

How is my data classified and who can access it?

All data stored within the production cloud infrastructure is considered confidential, which is our highest level of security and only authorized staff have access to this environment for implementation. Policies and procedures have been established to store and manage identity information about every person who accesses the production cloud infrastructure and to determine their level of access. Access control policies and procedures have been established, and supporting business processes and technical measures implemented, for restricting user access as per defined segregation of duties to address business risks associated with a user-role conflict of interest. The access control repository is managed by the provider. We use a privileged identity manager and password management system.

AWS Checklist for 2021: Expert Advice on Security and Risk Priorities

There are many benefits to using AWS, but how do you manage security, compliance, and access risk within the AWS environment? Ignoring security gaps and relying on a single vendor dramatically increases risk, but with many cloud and security teams being asked to reduce costs in the challenging economic climate, taking a single vendor approach can be tempting. Watch this webinar to learn strategies to mitigate these risks.

View Now