Author: Charlotte Fletcher
Release Date: 21/10/21
Much of the professional world we live in today means our workforces are global and decentralised and we also employ a disparate number of cloud applications and services. What about if we could monitor activity across these siloed cloud solutions and secure data cross-cloud?
Meet DatAdvantage Cloud, Varonis’ cross-cloud solution that correlates siloed cloud platforms to provide a full picture on interactions.
The following use cases are covered:
- Enforcing least privilege
- Threat detection and forensics
- Onboarding and offboarding
- Fixing risky misconfigurations
- Shadow identity discovery
DatAdvantage Cloud is a Varonis interface that supports the following platforms: Google, Box, GitHub, Okta, Jira, SalesForce, Slack, Zoom, AWS and Amazon S3.
The problems we face in a traditional process of securing our data in the cloud are that the various services we use present data in a different way, with different forms of metadata, the permissions models differ as do the activity logs.
Varonis’ answer to this?
DatAdvantage Cloud maps and normalizes permissions into a simple create, read, update, delete, and share model (CRUDS).
The CRUDS model allows for standardisation/normalisation of permissions. As well as this, events are normalised. The cloud events are enriched from all of your cloud services. The data starts with just the metadata, but Varonis is able to enrich this with contextual information, standard across events, to help tell a story and understand what the event is trying to tell us.
What does this mean?
We are able to see who has access to what, how they are gaining access and what permissions they have, as well as what they are doing with their access. By answering these questions quickly, you are able to successfully remediate to reduce your blast radius.
If activity is suspicious or abnormal or policies are violated then DatAdvantage Cloud is able to alert on this. You can leverage the Varonis out-of-the-box, such as an AWS bucket becoming public. Alternatively, you can build out your own alerts specific to your organisation’s policies and SaaS/IaaS rules. An example of this may be a user logging in without MFA.
The National Cyber Security Centre (NCSC) outlines 14 cloud security principles, many of which are consistent with how DatAdvantage Cloud can support you. An example of this is Asset protection and resilience. DatAdvantage Cloud unifies the visibility and control over data within SaaS and IaaS services. Knowing who has access to your cloud data ensures a company can make sure only the right people have access to that data, therefore, removing the vulnerability and reducing the blast radius in the case of a breach.