Orca Security Adds Data Security Capabilities to Cloud Platform

Orca Security today added a data security posture management (DSPM) capability to its cloud security platform as part of an ongoing effort to streamline operations and reduce the total cost of cybersecurity.

Orca Security CEO Avi Shua said this latest addition to the Orca Cloud Security platform, available as a public beta, adds a data discovery and management offering that makes it possible to identify, prioritize and mitigate sensitive data across multiple cloud platforms. Like the rest of the Orca portfolio of cloud security offerings, the DSPM tools created by Orca take advantage of SideScanning technology that examines block storage out-of-band and then cross-references with the application programming interfaces (APIs) exposed by the cloud service providers. That approach eliminates the need to deploy agent software in cloud computing environments.

Cloud security has emerged as a major challenge largely because cloud applications are deployed by the developers that have provisioned those environments with little to no input from IT and cybersecurity professionals. The Orca Cloud Security platform provides a range of cloud posture management capabilities, including an extension that uses the ChatGPT generative artificial intelligence (AI) platform to help identify issues and surface remediation advice.

Orca Security has also partnered with ThreatOptix to provide cybersecurity teams with an agent-based platform for protecting runtimes in cloud computing environments that is integrated with the Orca Security user interface.

The latest addition extends the platform’s reach to include data security in a way that can even address shadow data and misplaced data residing in managed and self-hosted cloud data stores, as well as in files on virtual machines, containers and cloud storage buckets. Sensitive data that contains personally identifiable information (PII) is the crown jewel that most organizations are striving to protect, said Shua. Most cybersecurity teams, however, have little to no visibility into where that data resides in their cloud computing environment.

In addition to identifying that data, the DSPM addition to the Orca Cloud Security platform also surfaces any suspicious events and behaviors along with the attack path analytics to show how that data can be accessed, noted Shua. Each attack path is automatically scored based on criteria such as exploitability, severity and business impact.

Shua said an integrated approach to cloud security is required because most organizations don’t have the staff that would otherwise be required to master multiple tools from different vendors. The Orca Cloud Security platform makes it possible for cybersecurity teams to put a comprehensive set of cloud guardrails in place in a way that can be more easily managed, he added.

As the rate at which applications are being deployed in the cloud steadily increases, securing those environments is becoming more pressing. Cybersecurity teams may not be able to exercise a lot of influence over how those applications are built, deployed and used, but they are still responsible for securing them. The challenge is finding the least intrusive way possible to achieve that goal at a reasonable cost.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 772 posts and counting.See all posts by mike-vizard