Startup Sonrai Security officially launched on Jan. 15, introducing its Cloud Data Control Service in an effort to improve security for enterprise data assets stored across multiple clouds.
The Sonrai Cloud Data Control Service provides multiple features to help organizations improve security, including discovery of data assets as well as classification capabilities. The Sonrai platform also helps organizations meet compliance mandates by identifying areas of risk and potential compliance violations. Going a step further, Cloud Data Control also provides API-level integration to help enable and protect DevOps workflows.
“We’ve essentially built a service which provides a complete risk model of all identity and data relationships, including movement and activity, across each cloud provider account and third-party data stores,” Brendan Hannigan, co-founder of Sonrai Security, told eWEEK. “We do it to help our customers identify unusual activity which could be surreptitious or it could just be mistakes that cause data to be lost.”
Hannigan and his co-founder Sandy Bird are both former IBM Security executives, reuniting to lead Sonrai Security. Both executives joined IBM via the acquisition of their company Q1 Labs in October 2011. Bird and Hannigan started working on Sonrai Security in late 2017 and have been working in stealth mode, quietly building the technology and the company. Alongside the official launch of Sonrai Security, the startup announced its Series A round of funding that brought in $18.5 million to help the company develop its technology and go-to-market efforts.
Hannigan said that a key goal for Sonrai is to help organizations deal with privacy regulations and how it relates to the movement of data and who has access to data.
Identity
Among the core differentiators that Sonrai Security is aiming to provide in the cloud data security space is the ability to track data activity and link it to user identity.
“We call it cloud data control because it is all about controlling who has access to your data, what pieces of compute have access to your data and how that moves through your cloud accounts,” Bird told eWEEK. “But it is underpinned by understanding the complete access and identity model that’s inside these cloud systems.”
Bird said that the identity model differs across cloud providers, and because of that there is a need to create a normalized model that understands how access is provided. With the normalized model that Sonrai provides, organizations can do complex multicloud queries. For example, Bird said that a user could query the system to see all the people who have access to confidential data and actually get the answer back, regardless of what cloud provider or what data stores the organization is using.
The Sonrai Cloud Data Control Service is a software-as-a-service (SaaS) offering. Bird explained that the service is run in the cloud and enabled on customer deployments via Docker containers that run within customer cloud deployments.
Docker containers perform the discovery of all of the accounts that an organization has within a given cloud provider and audits what’s going on in those accounts to build a model, Bird said. The data model then allows Sonrai’s service to understand what data is potentially sensitive and how data is being accessed. By using Docker containers within an organization’s own cloud accounts, he said that all customer data stays within the customer’s account and never needs to leave and come to the Sonrai service.
“We collect metadata around the account, and anything that is sensitive is hashed before it’s brought across, so all we have is the [encrypted] hash representation, but we don’t have the real data,” Bird said. “But of course, the metadata comes across to understand which user account has the access.”
From a remediation perspective for items that Sonrai identifies as being potentially risky or out of compliance, Bird said that Sonrai provides directed best practices for organizations. Looking forward, he said Sonrai is looking at enabling more automated approaches for remediation. Bird explained that the entire Sonrai platform is built on top of a single API that is exposed to end users, so they have access to the full power of the platform for integration. He said organizations can directly hook into Sonrai’s product to make sure that compliance and security requirements are being met.
As Sonrai develops the Cloud Data Control Service over the course of 2019, Hannigan said the company will continue to build out its analytics and machine learning capabilities to further enhance the service. Hannigan added that Sonrai will also expand its abilities to connect to all sources of data.
“We want to be able to connect to any place where our customers will be putting their data,” Hannigan said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.