Frequently Asked Questions

General
‍—

Q

What is Open Raven?

A

Open Raven is the cloud native data security platform purpose built for protecting modern data lakes and warehouses. From finding all data locations to proactively identifying exposure, the platform solves a broad spectrum of problems that organizations commonly face when living with large amounts of cloud-based data.

Q

What types of data stores can Open Raven discover?

A

Open Raven discovers data stores on both native and non-native cloud services using a combination of native APIs and machine learning based fingerprinting (DMAP). Examples of native data stores include Amazon S3, Amazon Redshift, and Amazon RDS. Examples of non-native data stores include Oracle, MongoDB, or ElasticSearch running on Amazon EC2.
See our What We Discover page for a current, comprehensive list.

Safe and Private

Q

How does Open Raven work? Does it use an agent, sidecar or network scanner?

A

In order to maximize visibility and ease deployment, Open Raven uses no sidecars, agents or network scanners to discover and analyze a cloud environment. Instead, we use the following methods:

  • Read only access to native APIs
  • Serverless (AWS Lambda-based) analysis (e.g., for data store fingerprinting, data classification, etc.)

Analysis is highly configurable, allowing for optimization for speed, cost, and completeness (breadth or depth).

Open Raven’s serverless analysis method scales seamlessly without requiring additional work or thought and reports back results centrally with no changes to network security rules.  The result is effortless scaling across even the largest organizations.


Q

Do I have control of how Open Raven does its discovery?

A

Our discovery capabilities are designed to be both straightforward and flexible. If you’d like to start with a single account and inventory, let the defaults guide you through the lightweight analysis and you can visually explore the results after. If you’re instead looking for full breadth, you add an entire AWS organization to identify all data services and storage across your estate. For depth, select the data stores of interest along with your preferred classification and policy rules for full comprehension of a data lake’s contents.

Q

What are the deployment options for Open Raven?

A

Open Raven is delivered as software as a service (SaaS). The platform is located and operated from Open Raven’s cloud with a private, single tenant design. Within a customer’s environment, serverless functions (FaaS) are used to perform analysis and communicate back to the dedicated Open Raven cluster in our environment.

Q

What level of access does Open Raven need in my AWS environment?

A

Solely an IAM role with read-only permissions is required.

Q

Does Open Raven have access to any of my data?

A

Open Raven does not remove, store, or process the data you have within your cloud environment. Native functionality within your IaaS environment is used to analyze the data and return information about the results to your Open Raven cluster on our platform. The Open Raven platform does not enable remote access to data within your cloud environment.

Open Raven has access to and collects specific licensing and platform health information for each of its customers as necessary to ensure a great experience with our platform.

Q

Will any data from another region move to Open Raven?

A

The Open Raven platform is hosted solely in the United States today. We do not move data between cloud regions; service data remains exclusively within your account. 

You can, however, use Open Raven in whichever regions you need it and the platform commonly used to create a complete picture of global cloud estate stretching across many regions and VPCs. Your sensitive and regulated data does not move out of those regionsー metadata alone is created and transmitted as necessary.


Fast and Friction-free

Q

How much time does it take to get up and running with Open Raven?

A

It takes under 5 minutes to connect Open Raven to your AWS accounts when doing a typical installation. Open Raven can connect to all your AWS accounts under your AWS Organizations, or individually connect it to specific AWS accounts. After you connect your AWS accounts, discovery and mapping happens automatically with the exact time required to view the map of your environment depending on its respective size and scale. 

Q

Do I have to update Open Raven with new releases? How does it work?

A

Open Raven automatically updates with no manual effort required. Notifications are sent when significant, new releases are available so that you’re informed of the latest features and capabilities. If additional control is required, we can modify how updates are delivered to better match organizational preferences.

Q

We have thousands of accounts and VPCs, how does Open Raven scale?

A

Open Raven is designed to scale to the needs of large, global enterprises. This starts with allowing for adding accounts using your AWS organization versus doing so on an account by account basis.  With respect to discovery and analysis, tuning is widely available across the platform allowing you to configure the amount of serverless functions used, the depth of data inventory and classification, the extent of policy analysis and so on.

As a SaaS service, we scale the underlying platform on your behalf, allowing you to focus solely on getting the most value out of the service itself.

Q

I have a shared account with a partner I do business with, can I have more than one instance of Open Raven in my account?

A

 You can share access to an Open Raven platform with a partner, and you can have more than one workspace in your account.

Within a shared workspace, configure access for whomever you’d like, as user or administrator. Both you and the partner can view data within Open Raven, or alternatively, forward data to that partner via built-in integrations or streaming API.

Budget Friendly

Q

How much does it cost to use/license Open Raven?

A

Open Raven pricing is an annual subscription designed to be both straightforward and predictable. The price is determined by the number of data stores within an environment, for example, the identified number of AWS S3 buckets, RDS instances, MongoDB, etc. Included with the price of each data store is 10GB of data (i.e., for inventory, classification, etc.). Additional storage is purchased if more than the included amount is needed. Each subscription is intended to be fixed for a 12-month period to maximize budget predictability.