Sonrai Security announced today it has extended its ability to incorporate metadata captured from the public cloud operated by Amazon Web Services (AWS) into a platform that applies security policies based on identity.
Brendan Hannigan, CEO, Sonrai Security, said in addition to achieving an AWS security competency, the Sonrai Dig platform is also now integrated with AWS Control Tower, the dashboard most organizations employ to manage AWS services. The goal is to make it simpler to apply security policies across more than 150 discrete AWS services, Hannigan said.
Hannigan said interest in automating the management of security policies as part of a zero-trust architecture using identity has increased in the wake of some recent high-profile breaches of software supply chains. The issue that remains underappreciated is that identity management extends beyond a person – every machine, microservice and even application programming interface (API) needs to be assigned its own identity to create a truly zero-trust IT architecture, Hannigan noted.
The Sonrai Dig platform itself provides a way to discover and analyze all the dependencies in an IT environment using a graph engine that surfaces potential security issues and then applies appropriate polices. It’s no longer possible for humans to keep track of all those dependencies, as IT environments become more complex, Hannigan. In fact, Hannigan added, as IT becomes more complex, IT teams will become even more inclined to employ machine learning algorithms and other forms of AI to manage cybersecurity.
In the meantime, human errors, in the form of misconfigurations and escalated privileges, continue to dog cloud security. It’s not that cloud platforms are any less secure than on-premises IT environments; the speed, scale and complexity of the application environments makes it exceedingly difficult to consistently ensure application security under a shared responsibility model. Cloud service providers have made it abundantly clear that securing applications running on their platforms is not their job. The only thing they’ve promised is to secure the infrastructure on which those applications run. As such, it’s ultimately the responsibility of IT organizations to secure the cloud application environment.
Less clear is to what degree security might become more unified in the age of the hybrid cloud. Most cloud platforms and on-premises IT environments are, today, managed in isolation. However, as organizations move toward unifying management of multiple platforms to reduce the total cost of IT there will come a day when the management of cybersecurity is more streamlined.
Regardless of how cybersecurity is achieved and maintained, it’s clear cybercriminals are becoming more adept at discovering the relationships between application modules and their underlying IT infrastructure. The more integrated an application environment becomes, the easier it is for malware to move laterally across it. The paradox, of course, is the business value of any application only increases as it becomes more integrated with other services. Arguably, a graph is not only critical to ascertain the potential value of those integrations, but also how best to secure them.