Sonrai uses workflow and role-based swimlanes to address identity and workload-related issues by automatically routing actions to cloud, security, audit or DevOps teams, or deploy remediation bots to address the issue, with the customer being able to determine how they want things handled.
Today, Sonrai Security is announcing their Governance Automation Engine for their Sonrai Dig platform, to further enhance security in AWS, Azure, Google Cloud Platform and Kubernetes deployments, by providing more granular control to automatically eliminate identity risks and reduce unwanted access to data.
“The Governance Automation Engine is a mechanism for companies to organize how they view their clouds, and then use that to assign tasks and do analysis,” said Brendan Hannigan, Sonrai Security’s CEO and co-founder. “It is all about removing identity risks in public cloud. Our business looks at changes from digital transformation, and the problems people face from it. Identity and workload analysis is a key part of that. We help the customer understand the complexities of identities and remove risks associated with them.”
Sonrai was formed in 2017 and emerged from stealth in January 2019. Hannigan and co-founder Sandy Bird, Sonrai’s CTO, earlier built up Q1 Labs, which was sold to IBM in 2011 and became the foundation of IBM’s QRadar security division. They began Sonrai after seeing that as enterprises increasingly embrace cloud accounts and applications, they typically assembled hundreds of accounts in the different public clouds. Many of these were unknown to their IT, so that the organizations didn’t know what data they contain, or the extent to which access is allowed. Sonrai’s service builds a complete risk model of all identity relationships, showing what and where their days is across all the different cloud providers, to properly enable hybrid cloud security and risk mitigation. Their model ties together data and identity, and bridges SecOps and DevOps teams to provide a new level of security, compliance and efficiency.
“We take four steps to de-risk the cloud,” Hannigan said. “First, we graph and map out every relationship to eliminate all identity risks, which requires building and updating these graphs. Then, for any resource in the cloud, we understand who has access to it so we can give right access. Next, we do this across clouds and across third party data stores, to build cross platform security rather than rely on native tools.”
The fourth step, which is now being announced, is the Governance Automation Engine.
“The automation engine takes all of this and automates everything that has to be done,” Hannigan stated. “It lets them organize the cloud the way they organize teams using it, and we provide complete role-based access into that.”
The key here is the ability that the Sonrai Dig Platform now has to ensure appropriate issues go to the right team.
“It can shift left to route appropriate problems to the development team rather than the security team,” Hannigan said. “It helps us understand the severity and autoroute problems to the right teams, with the customer being able to determine the level of automation, and select from the level of remediation. It’s a really beautiful system optimized for how this new world will work.”
The Governance Automation Engine uses swimlane workflows to enable escalations, certifications and risk-exception handling, using the role-based access control for workloads, teams and cloud platforms to ensure adherence to policy. It also automatically dispatches prevention bots, and remediation bots and provides safeguards in the form of code promotion blocks.
“The swimlanes allow you to place protection bots to avoid things that might be embarrassing to the company,” said Sandy Bird, the CTO, who provided a demonstration of how the new engine works. “You can put blocks on there so that identities laying around dormant won’t be a problem.” The engine also improves security in DevOps by preventing users from promoting code to the next stage of the development cycle if public cloud security requirements are not met.
“It provides very granular controls which customers can use for the separation of duties, and from an audit perspective to see all identities that can get access to sensitive data,” Bird added.
“What’s distinctive about the automation is that it doesn’t just automate in a simplistic way,” Hannigan noted. “It involves all possible stakeholders – developers, cloud teams, and security teams. In the past when companies made attempts like this, they were focused on alerts, for centralized IT teams.”
Larry Bianculli, Managing Director of Enterprise and Commercial Business at Long Island-headquartered MSSP CCSI, detailed how Sonrai was able to extend and scale what CCSI was already doing in the space.
“Our company came out of IBM 40 years ago as a services organization, and today we are more of an MSSP than a reseller, with professional services and managed services at our core,” Bianculli said. “We have been very strong in security for the last 15 years, and almost ten years ago we launched a cloud practice in parallel to security, because we knew cloud and security would come together. We started doing our version of Sonrai about three years ago, and took it to market as a cloud security assessment – really more of an audit.”
Bianculli said that these assessments were very successful, but they had a problem of scalability.
“These security assessments were very manual,” he said. “We came across Sonrai nine months ago, and saw how they would let us scale to meet our customer demands, and become an additional service that would fuel our growth. That was key from a business standpoint. We will likely carve a whole separate business division off into cloud governance. This new Governance Automation Engine is something we are looking forward to as well. The response from customers has been fantastic.”