Least Access

Always know what’s accessing your data and automatically restrict access

The simplest and most effective way to protect data is to restrict access to only those who need it.

Least privilege tackles this problem from the identity side, but Least Access is the way to secure via policies on the data itself. This gives you an easy-to-manage view of data access and ability to set up a tripwire around sensitive data when necessary.

least access icon with blue and purple

How it works


Discover a full data inventory and classify.

At cloud scale, locating all data and understanding its sensitivity requires automation. There is no way to catalog it all without great effort, and a lack of knowledge makes it impossible to protect. This requires a continuously updated picture of your cloud via API interrogation, as well as deep integration into secret stores and databases. While classification of common sensitive data is a core prerequisite for least access (credit card numbers, magnetic strip numbers, health claim numbers, etc), it’s also critical to be able to identify what kinds of data are uniquely important to your operation. Custom classification and tagging is a must-have.

Monitor all access and changes.

Without activity data, you can’t understand who needs access to what data, or alert on improper access. Understanding historical access and future potential access are both needed. Sonrai builds a unified picture of activity logs, keeping you up to date on which identities (human or machine) are accessing what data and when. Access and changes inside secret stores are a critical part of the activity picture.

Apply policies based on sensitivity plus historical and potential access

Once you’ve got a map of where your data is and what’s happening to it, you need to apply rules to each piece of data that configures the minimum access needed – without tripping up routine development. Strong classification & tagging tells you what data is sensitive and activity logs inform who needs access. Building these policies from scratch for each of your cloud environments would be prohibitively burdensome to the security team, so Sonrai prebuilds Least Access policies that follow best practices. Continue to customize on top of the existing policies as needed – and apply granularly to sensitive data, or automatically apply them to certain environments based on your pre-set security risk tolerance designations.

Learn how to secure data in the cloud

Sonrai logo icon for least access

Let us show you how to get to

Least Access

Request a demo