Orkus Launches Access Governance Platform for Cloud Security

The startup emerges from stealth with a graph database approach to identify and manage access and authorization in the cloud.


When moving to the cloud, organizations face multiple challenges to managing and maintaining access to governance policies. It's a challenge that startup Orkus is looking to solve with its Access Governance Platform, which it announced on Nov. 26.

The Orkus Access Governance Platform provides capabilities for understanding and controlling access and authorization policies. Among the platform's core features is the Access Graph, which uses graph database technology to learn the relationships between different identities and data in the cloud. Layered on top of that is the Orkus Graph AI, which learns and determines the intent of the different access and authorization actions. From a management perspective, Orkus Access Guardrails provides policy guidance and implementation for security and compliance rules to help protect access.

"Our vision is to build a platform which essentially allows enterprises to enable groups within organizations to use cloud services, infrastructure and data without compromising the continuous governance over it," Manish Kalia, co-founder and CEO of Orkus, told eWEEK

The launch of the Access Governance Platform marks the company's emergence from stealth mode, which it has been operating under since it was founded in September 2017. To date, Orkus has raised $3.2 million in seed funding to help build out the company and its technology. Kalia said Orkus plans on announcing a Series A round of funding in 2019.

Orkus’ aim isn’t to be in the Cloud Access Security Broker (CASB) market space, which also provides a measure of control to cloud access, Kalia said, adding that the company is all about identity and access management (IAM).

"CASB is for SaaS apps where you want to have an in-line DLP [data loss prevention] capability at the web proxy layer," Kalia said. "We are in the identity and access management space. We're looking at your apps and data, identifying who can access different things and securing and building that on a continuous basis."

Orkus is not an identity provider itself, rather the platform is complementary to an organization's existing identity platforms, integrating access and authorization capabilities. Kalia said Orkus takes information from an organization's Active Directory system, from cloud policy engines, databases and networks, to provide a holistic view on access.

"Today it's a very manual and laborious process to figure out who has access rights, and we automate that," he said. "We understand who has access to different things in real time, combining Active Directory and cloud access policies quality and then when we start applying AI to learn patterns of access."

How It Works

The graph database approach maps the relationships between users, services and networks to different cloud and data objects. Orkus is using two different graph database technologies in its platform, AWS Neptune and JanusGraph. Additionally, Kalia said Orkus is applying machine learning techniques on the graph to identify intent.

"We're looking at the structure of the graph and identifying the different patterns," he said. 

Every access that is on the graph is assigned a risk score by Orkus to help organizations understand the potential impact. Orkus also integrates an Access Intelligence component that provides an overview of access and can be used to help map activities to audit and compliance efforts. Enforcing compliance is often a matter of also having the right policies in place, which is what the Guardrails component in the Orkus platform is all about.

"What we allow you to do is create a very simple guardrail, and this is just as simple as writing a query that any instance not in your region should not have access to data with GDPR, for example," Kalia said. "The guardrail is continuously looking at the actual graph and enforcing policy."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.