Organizations have had to rapidly adopt cloud and hybrid-cloud security best practices over the past year. But the complexities and wider attack surface have led to more data breaches in cloud environments than ever before.
We heard from Mohit Tiwari, CEO and Co-Founder, Symmetry Systems on what makes hybrid-cloud so complex and how organizations can implement best practices to keep sensitive data secure.
What does hybrid-cloud security mean? What is your best piece of advice for business leaders seeking a privacy-first model for their customers and partners?
Hybrid-cloud security provides visibility and protection over data spanning databases, object stores, and data lakes. Today, we live in a hybrid-cloud environment where users, developers, supply-chain vendors, and contractors get data via a web of static infrastructure and cloud applications. Legacy control solutions for this data rely on identity and access management rules for internal developers and authorization policies for customer-facing web services. These current solutions demand expensive manual effort by developers, privacy officers, and security specialists to keep access policies least-privileged and up-to-date, which is virtually impossible to achieve given the velocity of application development and IT evolution. Symmetry Systems' flagship solution, DataGuard, is different. It provides unified visibility into data objects across all data stores, answering data security and compliance questions that traditional cloud security tools cannot.
It is incredibly challenging for organizations to protect their sensitive data. Business leaders often seek advice on establishing a privacy-first model for customers and partners. To accomplish this, they must not settle for a web service that simply orchestrates privacy requests among developers and privacy officers but look into more substantive tools to observe and protect data in your hybrid cloud. Organizations are often distracted when obtaining cyber insurance because they are too focused on symptoms of faulty security practices like ransomware, lost credentials, supply chain attacks, etc. While these symptoms are important to treat, the root concern is your data and how best to protect it. Suppose insurers were able to offer coverage on the data itself. In that case, organizations' top concerns could be eased by the knowledge that the information most vital to their operations is safe.
What does incorporating Zero Trust principles into modern data security mean for your company?
Incorporating Zero Trust principles into modern data-store security ensures no one point of failure when systems are breached. Other approaches, such as application security, are not always the best solution because you will never be able to secure hundreds of millions of lines of code fully. Surface level code scans ('AppSec') or asking for software bill of materials (SBOM) are extremely low-leverage activities. Zero Trust principles can ensure that even if attackers know the database location/IP, username, and password, they cannot use that information to access privileged information given to specific application roles, IAM and cloud-network perimeters, etc. Zero Trust principles are a logical way to lower data risk.
How does Symmetry Systems help organizations answer security and compliance problems to best protect data? How is this different from other options offered in today’s market?
Symmetry Systems utilizes a three-step approach to help organizations best protect their data. It starts with a data risk assessment. Cloud Security Posture Management (CSPM) tools focus on CVEs and container scans but miss the data. The risk assessment looks to understand where vulnerabilities lie in the data. Second, Symmetry places Zero Trust controls around the data. Symmetry brings ZT to data by measuring data objects’ risk via permissions and accesses and then placing controls or remediation on the data. Lastly, Symmetry automates SOC2 and privacy assessments for cloud assets. Symmetry Systems believes that data stores hold the most valuable persistent asset and knows that most security and compliance goals are tied to data and identity. Compliance requires that organizations prove to auditors that all sensitive data has tight access controls, is monitored, and is audit-logged in tamper-proof storage.
Symmetry is different from other tools and services as it is not blind to data flows; it allows organizations to know how to protect their data and know-how their data is being used. Symmetry uses AI/ML to model and mitigate data risk across an organization, similar to cloud security posture management and cloud workload protection platforms, but for data. Data security for the cloud brings about a cocktail of problems:
Data labeling is a fundamentally weak classifier.
Attackers generate adversarial inputs.
The benign infrastructure is dynamic.
The scale of billions of data objects puts false positives well beyond the ability of regular humans and security-orchestration (SOAR) rules to handle.
The only way out is to balance detection-response (ML) and cloud-permissions (IAM/DevOps) tools to build productive workflows for cloud-security and data-governance engineers.
Data security in a hybrid cloud is an emerging category. Symmetry currently services tech-forward or early adopter customers who have significant investments in cloud-security or security operations.
How is Symmetry Systems helping DevOps teams collaborate in a meaningful way?
Symmetry Systems provides the guardrails necessary for DevOps teams to navigate data sprawl quickly and securely, allowing teams to move faster in the cloud. For the most part, cloud security is unfamiliar territory for enterprise security teams. Compared to static infrastructure, DevOps teams using cloud-based enterprise networks are prone to make more errors, faster, as teams have to recreate their networks to include thousands of identity and access management (IAM) rules, virtual private cloud (VPC) controls, and learn how to traverse the idiosyncrasies of cloud-native services. Symmetry Systems’ DataGaurd can manage large deployments through infrastructure and policies-as-code, by providing the tools needed to scale zettabytes of data over thousands of services. Symmetry’s cloud workloads are designed to be containerized and fault-tolerant. As a result, security teams can place several layers of IAM and detection-response defenses that will operate at machine speed. Overall, these provisions enable teams to move faster and safer on the cloud. Additionally, this is a safer alternative to legacy workloads on static infrastructure or provisioning on-premises resources.