Sonrai Security website logo for identity and data governance and cloud security

Identity Security + CIEM

Eliminate All Identity Risks. Get to Least Privilege And Stay There.

Circle GraphicCircle Graphic
Sonrai Security Identity Security Use Case Least Privilege

Least Privilege

One of the fundamental principles of identity security and Cloud Infrastructure Entitlements Management (CIEM) in public cloud is getting to and maintaining a state of least privilege. In this state, all of your identities can only perform actions that are required for their job and nothing more. In many cases, we see identities (both human and non-human) with far too much permission and often with potentially harmful consequences. One such example is the “shadow admin,” a regular user that, over time, has gained privileges to the point where they can effectively act as an admin in your environment but they never show up on any of your audit reports as an admin. Sonrai Dig graphically maps all of your identities and determines their effective permissions allowing you to get to least privilege across all of your clouds. On top of that, we do this continually (24/7/365) to ensure that if something changes, you are notified immediately.

Sonrai Security Identity Security Use Case Separation of Duties Segregation of Duties

Separation of Duties

When implementing your risk and governance controls, it is critical to ensure that identities don't have conflicting responsibilities or are in a position of opening the organization to risk. Known as Separation of Duties, there are two purposes, the first is the prevention of conflict of interest (real or apparent), wrongful acts, fraud, abuse, and errors. The second is the detection of control failures that include security breaches, information theft, and circumvention of security controls. An example commonly seen is an admin that manages your encryption that also has the ability to access, and decrypt/encrypt, your data. Another, lesser-known but more common and dangerous example, is pieces of compute that are permissioned in such a way that violates the Separation of Duties principle. Making matters worse, these non-person identities are often not audited and/or managed and are just waiting for someone to take advantage of them for unintended purposes. With the identity security and CIEM capabilities inside of Sonrai Dig, the platform graphically maps all your identities to find where this separation is not in place and visually shows you how the failure occurred.

Toxic Combinations in identity security use case

Toxic Combinations

In cloud, things change quickly and identities often follow suit to try and keep up with the pace. A toxic combination arises when the sum of an identity's permissions enables it to perform actions that are far greater than the intended purpose. A classic example of this is a new user within an organization; they start at a company, are provisioned with a rigid set of permissions, and over time, they are granted more permissions with the sum of those permissions being far more than they require to do their job. Another, lesser-known but more common and dangerous example, is the complex web of serverless functions that, when used in specific combinations, can grant the principle with permissions that far exceed that of anyone on its own. These toxic patterns, both for human and non-human Identities, are usually unknown to the cloud, security, and audit teams, and when used for unintended purposes have drastic consequences. With the identity security and CIEM capabilities inside of Sonrai Dig, the platform continuously monitors for toxic combinations and graphically shows how they arise.

Automation Activity of Identity Security and Identity Monitoring Use Case / Blocking Code Use Case

Activity Monitoring

To maintain control and security within and across your clouds, you need to know what is going on at all times. In the modern cloud environment, there are often thousands of identities active at any one time, making the task of monitoring them and looking for things that are not right, an absolute nightmare. With the identity security and CIEM capabilities inside of Sonrai Dig, you can continuously monitor all of your identities within, and across, all of your clouds. When something anomalous happens, automated remediation enforcement takes place or the right team (whether cloud, security, DevOps, DevSecOps, Audit) will be notified to take immediate action.

Ready to De-Risk Your Public Cloud? See It For Yourself.

Identity and data access complexity are exploding in your public cloud. Tens of thousands of pieces of compute, thousands of roles, and a dizzying array of interdependencies and inheritances. First-generation security tools miss this as evidenced by so many breaches. Sonrai Dig de-risks your cloud by finding these holes, helping you fix them, and preventing those problems from occurring in the first place. To see how Sonrai Dig can help enterprise organizations de-risk their public cloud through identity security, data security, CSPM, and Governance Automation, please reach out to us to set up a demo.