Strengthen Your

Google Cloud Security

Integrate Your IT Operations with Sonrai Dig
and Google Cloud

Sonrai - Google Cloud Security Cloud header Image

The modern cloud’s dynamic infrastructure presents extreme flexibility and innovation — but that can lead to runaway permissions issues, even in Google Cloud.

Identity is the new perimeter of cloud, and features like inheritable rights, privilege escalation capabilities, and the complexity of group and policy membership can bury an identity’s true access capabilities in a byzantine path hidden to traditional identity management tools.

It’s not about “excessive permissions” anymore. Sonrai Security’s effective permissions analytics identify every attack path an identity may take to access data inside your Google Cloud, no matter how many degrees of separation or how short-lived the identity may be.

Sonrai Dig icon

Sonrai Dig is built on a sophisticated graph that continuously identifies and monitors every possible relationship between identities and data that exists inside your GCP environment.

Sonrai Dig works in concert with your underlying Google Cloud security controls to enable audit, visibility, protection, detection, and automation of security controls running on GCP. Sonrai Dig additionally monitors and remediates cloud misconfigurations and policy violations allowing customers to achieve continuous security and compliance.

Your Google Cloud workloads require an integrated security approach with 24/7 Google Cloud monitoring to protect and govern your identities and data.

Google Shared Responsibility Model For Cloud Security

Sonrai- Google Cloud Security-Model

Secure identities, data and workloads in complex GCP environments

Sonrai Dig is built on a sophisticated graph that continuously identifies and monitors every possible relationship between identities and data that exists inside your Google Cloud (GCP) environment. Sonrai Dig works in concert with your underlying GCP security controls to enable audit, visibility, protection, detection, and automation of security controls running in Google Cloud. Sonrai Dig additionally monitors and remediates cloud misconfigurations and policy violations allowing customers to achieve continuous security and compliance.

Your GCP workloads require an integrated security approach with 24/7 Google Cloud monitoring to protect and govern your identities and data.

Sonrai GCP & Sonrai Work Together icon

See how Sonrai and Google Cloud Work Together

Sonrai Dig uses GCP APIs to discover how your resources are configured and how identities can interact with those resources based on any permissions your enterprise has and any permissions which may have been granted.

This discovery helps your organization understand the state of your Google Cloud. From this baseline, Sonrai Dig builds out the IAM model to understand the uniqueness of GCP’s identities around classic admins, defining management and groups, and determining how those are inherited through projects and resources.

Sonrai - Data Mapped in your GCP

See every identity revealed, every right to data mapped in your Google Cloud environment

Sonrai Dig maps every single identity at an account or unique individual layer back to the identities that are associated with them. This mapping gives your enterprise a true understanding of not only the assigned permissions of a given identity but the effective permissions they inherit through all of these assignments. Sonrai Dig allows for scenarios in GCP to look for access keys granted on storage accounts so you can understand if people have access outside of the traditional IAM protocol. This process gives organizations full visibility and control of their cloud security posture by graphing and monitoring identity and data access to detect cloud drift, misconfigurations, and complying with regulatory requirements and best practices.

Manage your organization identity risks, and auto remediate them

Sonrai Dig will map every single IAM assignment at a project or unique individual layer back to the identities that are associated with them

Detect privilege escalation, separation of duty risks across roles, accounts, tables, services, and toxic combinations across any GCP service

Dig allows for scenarios in GCP to look for access keys granted on storage accounts so you can understand if people have access outside of the traditional IAM protocol

See & Protect all Sensitive Data in Google Cloud

In GCP, data exists in many places across your cloud. Sonrai Dig locates and identifies all data within your Google Cloud to provide an up-to-date model of who and/or what can access them and from where. Furthermore, the platform can audit every single action to determine a continuous baseline of what’s happening with your data. Should a deviation be found, the right teams are alerted to the right problem. Not only can Sonrai Dig find where your data is in the cloud, who and what can access it, we can also classify your data. This feature comes with out-of-the-box models to help your enterprise find PII and other sensitive data. Sonrai Dig also has custom configurations to help you with your own unique data models.

Sonrai-Google Cloud Security-Classify Data Access

Locate and identify all data within your Google cloud to provide an up-to-date model of who and/or what can access them and from where data is accessed

Discover and classify data across all your data stores – GCP

Provide Least Access, track data movement and lockdown crown jewel data
(PII, PCI, etc)

Behavioral modeling: Instantly detects changes in data access behavior, including access from new identities, access from undesirable locations including geography, and unusual changes in how identities access data. Sonrai Dig will also detect if suspicious access is granted before it is used

Automated blocking: Depending on the severity of the alert, Sonrai Dig can either block all access to a store, block a specific identity from access, or temporarily downgrade access privileges for a specific identity

Sonrai - Platform, Identity, & Data issues and risks.

Continuous Cloud Security
Posture Management

Sonrai Dig works on the GCP foundation in your cloud to provide a cloud security and risk operating model that spans all identities, data, and resources. Initially, Sonrai Dig will discover everything that is deployed in GCP – all of the different data stores, all of the networks you have in your projects, and all of the ways identities configured in your GCP environment to provide contextual value to your sensitive information. Once we have a baseline and contextual view, Sonrai Dig will then run security use cases, like NIST CyberSecurity Framework, ISO 27001, GDPR, HIPAA, and other compliance mandates, against your environment to ensure your key values are met.

Is your data protected properly?

Do you have issues with privilege escalation?

Do you have CSPM issues?

We know that security is not a static thing, so Sonrai Dig continuously audits all of the changes that are happening in Google Cloud to be sure that your security posture is kept up-to-date and you have a single end-to-end view of your GCP environment’s risk profile.

Sonrai Dig works on the GCP foundation in your cloud to provide a cloud security and risk operating model that spans all identities, services, data stores, secret stores, and networks.

Build a baseline and contextual view of your cloud security posture

Run security use cases, like NIST Cybersecurity Framework, ISO 27001, GDPR, HIPAA, against your environment to ensure compliance

Sonrai Dig continuously audits all of the changes to be sure your security model is kept up-to-date

Contextually prioritize and auto remediate your findings using our proprietary swim lanes

Organize, Prioritize & Fix
at Scale in GCP

Dig brings all the best practices from Google Cloud and policies together into one platform

Operationalize your Cloud Security Model with automation

Build swimlanes based not just on your accounts and workloads, but rather in line with your governance model

Owners of those environments and applications are best positioned to review the risks and decide on the best path forward

Advanced workflow capabilities & a library of custom remediation and prevention options – including prebuilt and custom bots

Dig’s Governance Automation Engine automates workflow, remediation, and prevention capabilities across cloud, DevOps, DevSecOps, and security teams to ensure end-to-end security and visibility

Sonrai AWS cloud security tickets overview icon
Sonrai Google Cloud Dividing Icon

In Google Cloud, it is likely your org divides workloads and environments into things like projects, management, and folders.

Because your GCP environment is extremely complex, it becomes very difficult to keep track of what each and every identity has permission to do, if that permission has been used, and what data it can access. Sonrai Dig maps every trust relationship, inherited permission, and policy for all of the resources, data stores and identities in GCP. Through this model, Sonrai Dig is able to detect identity risks such as privilege escalation, separation of duty violations, and toxic combinations across your Google Cloud environment.

Sonrai Dig’s Governance Automation Engine enables enterprises to “shift left” and integrate teams via organized analysis, alerts, and actions that align with how your organization uses your cloud(s). Sonrai Dig allows customized monitoring and views for development, staging, or production workloads and an API architecture that can be integrated into your CI/CD pipelines. To effectively manage and secure your enterprise, Sonrai Dig maps your workloads into swimlanes, where each swimlane represents a specific slide of your environment, determined by you and how your business works. For example, traditional swimlanes would include your Dev, Stage, and Prod environments where your governance models are applied in a way that makes sense to you. Alerting and remediation would be in the context of the swimlanes, which helps to eliminate alert fatigue and enables effective management of risks that arise. Sonrai Dig’s Governance Automation Engine automates workflow, remediation, and prevention capabilities across cloud and security teams to ensure end-to-end security and visibility.

Powered by a Patented Cloud Identity Graph & Analytics Engine

If identity is the new perimeter, Sonrai is your perimeter schematic. It’s the only source for comprehensive intelligence on identity-to-data pathways. A big data analytics engine continuously updates every complex path an identity has used or could use to access data – sometimes 12 relationships and inheritances deep or more. All activity, all relationships, all identities. See everything, connect everything, and build a foundation for cloud security.

Understand how our analytics engines can help you

Deep Understanding and Integration with Google Cloud

Sonrai Dig’s unique integration with Google Cloud provides deeper insights into identity and data in your cloud.

Sonrai GCS integration

For example, Google Security Center uses a wide variety of physical, infrastructure, and operational controls to help secure Google Cloud — but there are additional actions you need to take to help safeguard your workloads. With Sonrai Dig, you can uncover all identity and data relationships between people and non-people identities (admins, roles, compute instances, serverless functions, and containers) across multi-cloud accounts and third-party data stores to further strengthen your security posture and protect against threats.

Google Cloud & Sonrai FAQs

Q. Is Sonrai Security available through the Google Cloud Marketplace?

A. Sonrai Dig is not available for direct purchase on the Google Cloud Marketplace.

Q. Can Sonrai’s platform protect workloads running on GCP?

A. Our platform can prevent unauthorized access, enforce container immutability, network segmentation and segregation of duties.

Q. What Google Cloud service integrations are available?

A. Sonrai Dig’s cloud security platform provides, security, visibility and context for more than 150+ GCP services.

See Sonrai’s integration with Google Cloud

in action