Open Raven has launched an open source platform for securing and managing structured data regardless of silos.
Company CEO Dave Cole said the Open Raven Platform enables security teams to navigate the Open Raven Graph to determine where structured data is located. The Open Raven Platform is built on a graph database that is used to automatically map cloud and on-premises data stores using everything from network scanning to application programming interfaces (APIs).
On top of that discovery capability is the Open Raven DMAP fingerprinting service, which uses machine learning algorithms to identify the type of data store discovered. Security teams can decide which specific discovery methods they want to employ and how frequently they can run.
Security teams also can query those data sources using a search engine to determine, for example, how much the data in any repository has not been encrypted. Access to trending reports is also provided.
Finally, an API based on GraphQL makes it possible to integrate the Open Raven Platform with additional data sources.
Cole said the goal is to create an extensible platform that removes a lot of friction security teams encounter today when trying to make sure highly distributed data is secure. Instead of having to employ tools for each type of database, the Open Raven Platform makes it possible to centralize data security management, he said. The company decided to make it available as an open source community edition to enable cybersecurity teams to just download and implement, in addition to helping lower cybersecurity costs, he added.
Connectors that come packaged with the Open Raven Platform by default provide integration with Amazon Web Services (AWS) data services such as S3 and RDS. A template is also included to simplify the building of additional AWS connectors. Support for Microsoft Azure and Google Cloud Platform is also planned. In addition, Open Raven makes available tools that enable security teams with coding skills to build their own connectors.
Data hygiene, of course, has been a longstanding issue within most IT organizations and has become more problematic as more databases are deployed in multiple public clouds alongside existing on-premises IT environments. Even the developers and IT teams that created those databases are unsure what data is stored in them. Cybersecurity teams tasked with securing that data have been, for the most part, relying on manual processes. As such, it should not come as a surprise when a database full of unencrypted sensitive data is left exposed on the internet. Open Raven is essentially arguing that an ounce of data protection prevention is going to worth several pounds of cybersecurity cure after the fact.
There may come a day when data management and security management eventually converge. However, right now most cybersecurity teams are left to their own devices when it comes to data discovery and protection. The challenge they face is not so much defining the policies required to secure data as much as it is finding a way to make sure those policies are actually enforced.