Even as enterprises increasingly move workloads to the cloud, with IDC predicting the world’s data will balloon from 29 zettabytes in 2018 to 175 zettabytes by 2025, much of that in the cloud, developers are pushed to keep up and keep things secure as they embrace cloud-native principles. While there are good reasons to believe security can be better in the cloud, there’s no guarantee a developer will build secure, cloud-native applications.
To help improve data security in the cloud, a data security startup called Cyral just raised money to make security work like software development. According to Cyral co-founder, Srinivas Vadlamani, the shift to cloud has left security teams “overburdened.” Let’s look at how the company hopes to alleviate this burden.
SEE: The 10 most important cyberattacks of the decade (free PDF) (TechRepublic)
Security needs to keep pace
Cyral is riding two massive trends: The accelerating speed of development teams and the failings of traditional perimeter and agent-based security solutions in cloud-native environments.
With regard to the first trend, writes Vadlamani:
It allows engineers to specify their infrastructure composition in a declarative language, allowing them to use the same versioning and release management workflows as for their source code. It greatly simplifies the work associated with deployment, testing and rollbacks. It allows them to be truly agile, spinning up new services in rapid succession to respond to changing business needs, and massively reduces the “busy work” associated with setting up the right environment and providing the runtime for their software.
While that’s great for development, it potentially creates new security issues that traditional security solutions are a poor fit to solve. Even the best security teams may struggle with threat detection and incident response in this cloud-native world. Perimeter defenses don’t really work in this environment. In addition, it’s difficult to deploy agents across these new ephemeral solutions (and sometimes can be impossible in many cases), and requires security teams to manually manage changing policies, certify deployments, and respond to alerts.
Gaps emerge. Breaches occur.
Cyral calls this the DevOps-first cloud world. Its API-first data security service rides on the IAC trend so it doesn’t slow down developer teams, even as security teams get the protection they need for data. Using Cyral, developers don’t have to worry about underlying infrastructure state–they can simply focus on the business logic they need.
According to Cyral, it monitors and secures access to the data layer without changing apps, services, or workflows. It supports data architectures deploying database-as-a-service instances, pipelines, and cloud data warehouses.
SEE: Patch management policy (TechRepublic Premium)
If it works as advertised, the payoff for security teams is the automation of data layer-wide catalog discovery and sensitive data classification. This provides unified management across all users, apps, and services, and it also prevents data exfiltration. This approach shuts down some of the most common threats to companies today: Database password spraying, service account takeover, credential phishing, and other threat vectors.
Is it The Answer to cloud (in)security? No, there really isn’t one solution to completely close off security issues. But Cyral may well provide significant upgrades to how enterprise developers deal with security as they build for the cloud.
Disclosure: I work for AWS, but to my knowledge AWS has no relationship with Cyral and nothing herein is intended to in any way relate to AWS.