Eliminate All Identity Risks. Get to Least Privilege And Stay There
One of the fundamental principles of security in public cloud is getting to and maintaining a state of least privilege. In this state, all of your identities can only perform actions that are required for their job and nothing more. In many cases, we see identities (both human and non-human) with far too much permission and often with potentially harmful consequences. One such example is the “shadow admin”, this is a regular user that, over time, has gained privileges to the point where they can effectively act as an admin in your environment but they never show up on any of your audit reports as an admin. Sonrai Dig graphically maps all of your identities and determines their effective permissions allowing you to get to least privilege across all of your clouds. On top of that, we do this continually (24/7/365) to ensure that if something changes, you are notified immediately.
When implementing your risk and governance controls, it is critical to ensure that identities don't have conflicting responsibilities or are in a position of opening the organization to risk. Known as Separation of Duties, there are two purposes, the first is the prevention of conflict of interest (real or apparent), wrongful acts, fraud, abuse, and errors. The second is the detection of control failures that include security breaches, information theft, and circumvention of security controls. An example commonly seen is an admin that manages your encryption that also has the ability to access, and decrypt/encrypt, your data. Another, lesser known but more common and dangerous example, are pieces of compute that are permissioned in such a way that violates the separation of duties principle. Making matters worse, these non-human identities are often not audited and/or managed and are just waiting for someone to take advantage of them for unintended purposes. Sonrai Dig graphically maps all your identities to find where this separation is not in place and visually shows you how the failure occurred.
In public cloud, things change quickly and identities often follow suit to try and keep up with the pace. A toxic combination arises when the sum of an identity's permissions enables it to perform actions that are far greater than the intended purpose. A classic example of this is a new user within an organization; they start at a company, are provisioned with a rigid set of permissions and over time, they are granted more permissions with the sum of those permissions being far more than they require to do their job. Another, lesser known but more common and dangerous example, are the complex web of serverless functions that, when used in specific combinations, can grant the principle with permissions that far exceed that of any one on its own. These toxic patterns, both for human and non-human Identities, are usually unknown to the cloud, security and audit teams, and when used for unintended purposes have drastic consequences. Sonrai Dig continuously monitors for toxic combinations and graphically shows how they arise.
To maintain control and security within and across your clouds, you need to know what is going on at all times. In the modern cloud environment, there are often 1000s of identities active at any one time, making the task of monitoring them and looking for things that are not right, an absolute nightmare. With Sonrai Dig, you can continuously monitor all of your identities within, and across, all of your clouds. When something anomalous happens, automated remediation enforcement takes place or the right team will be notified to take immediate action.
Identity and data access complexity are exploding in your public cloud. Tens of thousands of pieces of compute, thousands of roles, and a dizzying array of interdependencies and inheritances. First-generation security tools miss this as evidenced by so many breaches. Sonrai Dig de-risks your cloud by finding these holes, helping you fix them, and preventing those problems from occurring in the first place. Schedule a conversation to talk with us about how we can help your enterprise.
Sonrai Security cloud security platform, products and services are covered by U.S. Patent No. 10,728,307, together with other domestic and international patents pending. All rights are reserved.