Startup Open Raven, which specializes in data protection for large-scale cloud storage deployments, on Nov. 18 launched its Open Raven Cloud-Native Data Protection Platform, designed to operationalize big data security and privacy in the cloud.
To prevent data breaches, Open Raven automates asset discovery and data classification, provides real-time mapping and policy-driven protection for Amazon Web Services and S3. The company said it plans to add availability for Google Cloud Platform, Snowflake and other clouds in the near future.
The Open Raven Platform auto-discovers where data is located in the cloud, what type of data it is--personal, sensitive, or regulated--as well as who has access to it and where it can flow for full visibility, control and protection.
Aimed at controlling the increasing influx of data
This is not nearly as easy as some IT people might think. The continuing influx of data from mobile devices, sensors, videocameras and dozens of other sources has caused a crisis of sorts for administrators trying to keep track of storage and evaluate it all for their enterprises.
“We’ve been watching massive amounts of data accumulating in the cloud, and watching in an era where security was really focused on the end point,” CEO and co-founder Dave Cole, a veteran of Symantec and Norton security, told eWEEK. “This gave way to an era when security was much more focused on identity. But the incidents kept happening and the privacy regulations kept stacking up, so we looked at the products that were out there, and the legacy solutions were much more focused on things like email and office documents. Newer solutions focused more on compliance, but nothing was focused on finding exactly what (data) you have and ripping through data lakes that were growing to petabyte scale.
“There were some things provided by Amazon and Google, but it wasn’t their core business and were what we call ‘platform-credited.’ The offering from Amazon, especially, just wasn’t cost-effective; it was built to use on a much smaller scale. So we looked at this and said, ‘If people are going to protect their data, they have to have an easy way of knowing where it all is, what data is where, and how it’s protected.’ We said it’s simply too hard to do that at scale.”
Open Raven Cloud-Native Data Protection Platform now available
Cole and his team started last year to build the Open Raven platform and released a community edition early in 2020 as a free entry point. “We needed to know it could scale, we could render it (the data) all and bring it all together, and then we used that as a base to do inventory and go through those massive, massive data lakes,” Cole said.
With the Open Raven Cloud-Native Data Protection Platform, Cole said, security and cloud teams now have a unified solution for the following actions:
- to discover all data and resources in a public cloud environment, including both native and non-native repositories. Real-time mapping highlights problem areas at a glance while search allows for pinpointing specific data and resources.
- to classify data assets by identifying personal, sensitive and regulated data on a scheduled, event-driven or continuous basis. Open Raven uses a variety of techniques from pattern matching to machine learning to describe data while providing live verification via APIs to further boost accuracy.
- to monitor using default or custom policies based on Open Policy Agent that combine both cloud asset and data context in rules that enable continuous or point-in-time monitoring for a full range of security, privacy and compliance use cases.
- to protect cloud data through proactive alerting on data risk events as they happen, harnessing a wide range of integrations (via firehose API, webhook), or generating reports.
Open Raven’s cloud-native design is purpose-built to handle big data. Discovery and classification are performed using serverless functions--not agents or network scanners that are challenging to deploy and struggle to scale horizontally, Cole said. Flexible configuration options allow for fine-tuning of performance, completeness and cost.
Being able to assess even large environments for compliance eliminates previously painstaking manual efforts to report on data inventory, data transfer and other risk factors, Cole said. It can be used to create the foundation for compliance in accordance with laws and standards such as FFIEC, GDPR, CCPA, PCI-DSS, HIPAA, and SOC2.
“Open Raven is helping us transform how we approach data security. Legacy tools only look at cloud resources or privacy, but don’t tell us if data is safe,” said Justin Dolly, Chief Security Officer of Sauce Labs. “Open Raven is the first platform that gives us real-time visibility into the safety of cloud data, helping us to close security gaps faster."
“Before COVID-19, security and cloud teams were already short-handed. The rapid shift to remote work driven by the pandemic only increased workload, further exacerbating the problem,” Cole said. “We created the Open Raven Platform to help these teams restore visibility and protection of their cloud data--removing pain driven from approaches that are manual, time-intensive and expensive.”
- The Open Raven Cloud-Native Data Protection Platform is a subscription-based service with annual and multi-year options available. Pricing is based on the amount of storage and number of data stores in the environment, such as the number of AWS S3 buckets and RDS instances. Included in the price of each data store is 10GB of data.
- Open Raven is also offering a free trial of The Open Raven Platform.
- For more information, go here.
Open Raven was co-founded in 2019 by security veterans Cole and Mark Curphey, and the company has received funding from Kleiner Perkins and Upfront Ventures, as well as cybersecurity leaders Niloo Razi Howe and Phil Venables. The company is headquartered in Los Angeles.