Amid all the risks for a business, the most common denominator is the data. Whereas protecting data on-premises has been a struggle for security teams, the unique challenges of the cloud has made even basic data governance a challenge. The velocity, variety and volume of data requires constant innovation by those who run data science and analytics teams and the people who build solutions for them. But where is the same innovation for the security and cloud teams that are tasked with keeping pace with the very same data lakes and warehouses? To date, cloud data security solutions that restore visibility and control at modern scale have been scarce. This is the sole focus of Open Raven and our Spring Release highlights three big steps forward as we aim to keep the people responsible for protecting the data at pace with those using it.
If knowing where all your data resides is a tough question to answer, then knowing what type of data you have is the proverbial ‘800 lb gorilla’. For the few services that can classify data (e.g., AWS Macie), they’re often limited and most importantly, far too expensive. Data classification engines aren’t helpful if they can’t handle petabytes worth of data, affordably, accurately and in suitable time frames--so that’s exactly how we’ve designed our engine to work. We’ve delivered flexible scanning options, open-sourced benchmarking results and toolkits, while keeping costs predictable to add up to a classification engine security teams can use, trust and afford.
Security professionals can now add ‘where’s the important and sensitive data’ to the list of ‘low effort tasks.’ Data teams have catalogs that provide a unified view into their data that’s a starting point for their exploration and insights. Shouldn’t security teams be able to do the same in order to better protect the organization? We think so. At best, they’ve had to resort to resource intensive, manual investigation, only to still fall short of the information they need...about their data and infrastructure. Whether it’s the first step towards satisfying compliance regulations, contractual obligations, or creating the foundation of a successful governance program, security teams can now quickly answer historically tough questions: Where do we have personal data? Where is customer financial data being stored? How many sensitive data records do we have? Do we have any sensitive data outside approved regions? Do you have a list of all sensitive data, by class and location, for our cyber insurance application?
We’ve built the first alerting system that tells security and cloud teams when there is a mismatch between data types and the configuration of the infrastructure upon which they sit--in short, data risk alerting. Security and cloud teams now have their own toolset that immediately tells them when a properly configured bucket inappropriately houses customers’ personal info from a PoC that somehow made its way into a powerpoint presentation, now exposed to the public, unencrypted and not backed up. Or, when a bucket is connected to a new VPC outside of approved regions for the data therein. Violation details include the rules that were triggered, the count of sensitive records involved, the name of the object(s) in question with deep links directly into the AWS console. We've made identifying, prioritizing and assigning needed action clear from the point of alert — no costly investigations or submitting tickets to other teams, we provide the context you need.
Answering questions about the data involved in an investigation has historically taken a number of steps and involved using tools that, politely stated, we’re not built for the task. At our upcoming webinar covering our Spring Release, we’ll be providing a sneak peek into our new search experience that allows for use of Splunk-based queries and response UI for fast answers to data security questions. Further, we know that often the final mile is producing a report or exporting a dashboard. We’ll also be showcasing our fully integrated reporting and dashboard features that also borrow from the SOC friendly Splunk UI.