Get to Least Privilege and stay there

Tough to enforce. Tougher to know when to enforce it. Critical for cloud operations

Least privilege means giving an identity (user, role, and/or service) only those privileges which are essential to perform its intended function.

It’s a restrictive policy, but critical for environments with sensitive data. Enforcing it requires a deep knowledge of activity and potential access for all identities.

Get to Least Privilege with confidence

Map

Monitor

Know

Map

Map everything

The Sonrai identity graph examines all users, roles, trusts, policies, permissions, non-person identities, groups, etc. Patented analytics map out all possible effective permissions, sometimes many relationships deep, effectively simulating possible attack paths.

Monitor

Monitor all activity & privilege use

Sonrai integrates into activity log services for insight into who’s used what privileges to access what data, including actions inside secret stores and databases. Continuous monitoring means privilege-use intel that is constantly updating for all identities. Unused permissions are flagged for removal.

Know

Know when and where to enforce

Least privilege can be too burdensome as a blanket policy, slowing down work in environments where it’s not called for. A sandbox environment with no PII or lateral movement possibilities should not be subject to least privilege – but understanding where to enforce it requires knowledge of all potential cross-account access.

Organizing your cloud to understand where sensitive data is and setting risk tolerance for each environment is critical to implementing least privilege. Without that context, it’s a nice idea with no chance of surviving scrutiny by the cloud team, and is guaranteed to slow and frustrate development.