UPDATED 13:00 EDT / JULY 27 2022


Sonrai Security hones in on securing identities within cloud data infrastructures

Security has become a major area of focus for enterprises within the cloud, as end users look to their vendors for airtight security that encompasses areas such as access and identity management.

Sonrai Security Inc. has doubled down on identify management in the cloud, according to Denise Hayman (pictured), chief revenue officer of Sonrai.

“Customers are really talking to us about being able to protect their sensitive data, protect their identities and not just people identities, but the non-people identity piece is the hardest thing for them to reign in,” Hayman said. “And so that’s really what we specialize in.”

Hayman spoke with theCUBE industry analyst John Furrier at AWS re:Inforce, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the evolving dimensions of cloud security and how enterprises can stay ahead of it within their deployments. (* Disclosure below.)

Over-permissive environments create chaos

While this year’s AWS re:Inforce didn’t touch too much on “shift left,” identity management was a big focal point of the show. Overprivileged cloud environments have emerged as a major concern for cloud-heavy enterprises, according to Hayman.

“It is a crazy thing. And if you think about the whole value proposition of security, it’s to protect sensitive data,” she said. “So, if it’s permissive out there and then sensitive data isn’t being protected, I mean that’s where we really reign it in.”

Companies are taking a two-pronged approach to mitigate cloud access running amok,  according to Hayman. The first step is gaining a deeper understanding of control frameworks in order to see where the security gaps are. The second is imbuing automation.

“Automation is a theme that we’re hearing from everybody,” she said. “Like ‘How do we automatically prioritize?; how do we build that in so that they’re not having to hire people alongside that, but can use software for that?”

Non-person identities are an integral element in the access control equation

Most organizations understand the nuances and needs of active directory identities. However, another facet exists in the form of non-person identities, according to Hayman. More important is the fact non-human identities outnumber human identities considerably.

“But then there’s this whole other area of non-people identities, which is compute power and privileges and everything that gets going when you get machines working together,” Hayman said. “And we’re finding that it’s about five-to-one in terms of how many identities are non-human identities versus human identity.”

Given the complexities presented by these vastly different types, enterprises must continuously reassess their privilege and access control protocols, according to Hayman.

“And people aren’t really paying that close attention to it. So, from that scenario, like the Active Directory thing, of course that’s important to be able to take that and lift it into your cloud,” she said. “But it’s actually even larger to look at the bigger picture with the non-human identities.”

The hurdles set ahead of today’s CISOs

From the enterprise data sprawl currently being experienced to other rapidly escalating issues like cyber attacks and skills shortages, chief information security officers have it hard. Rather than take on more resource requirements, companies want to operationalize things. Carrying that operationalization of functions is a large part of Sonrai Security’s specialty, according to Hayman 

“If we bring this on, is it going to mean more headcount? Is it going to be things that we have to invest in differently? And I was actually just with a CISO this morning, and the whole team was talking about the fact that bringing us on means they can do it with fewer resources required,” she explained.

Sonrai is a security company with expertise in identity and access control; thus, depth and continuous monitoring are two crucial qualities best-of-breed solutions possess in the cloud security space.

“Because the issue in the cloud is that there are new privileges that come out every single day, to the tune of around 35,000 a year,” Hayman stated. “So, even if it’s fine at this exact moment, it’s not going to be in another moment. So, having that continuous monitoring in there solves this issue that we hear from a lot of customers also around lateral movement.”

Hayman will provide more enterprise security analysis during the upcoming AWS Startup Showcase event, airing on Sept. 7.

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the AWS re:Inforce event:

(* Disclosure: Sonrai Security Inc. sponsored this segment of theCUBE. Neither Sonrai nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.