Manufacturers aren’t an easy bunch to deal with, especially in the security space, says Larry Bianculli, managing director for a New York-based MSP.
“There’s so many, and it can be frustrating to deal with them,” Bianculli, of Contemporary Computer Systems Inc. (CCSI) told Channel Daily News. Despite a flood of well-funded scaleups in the identity access management space, Bianculli says many of them are too focused on the technology, not on the customer.
That wasn’t the case with one of CCSI’s latest OEM partners, Sonrai Security. Bianculli says CCSI took a bet on the identity and governance firm based in New Brunswick last year as it ramped up its own services around identity management. Compounded by COVID-19 and the ensuing push to move workloads to the cloud, Bianculli and the rest of his team had been well aware for years which direction the industry, and people’s data, was moving. Last year Gartner was already predicting that by 2025, 80 per cent of enterprises will have shut down their traditional data centres, versus 10 per cent in 2019.
“They listened to us and they listen to customers,” said Bianculli.
Sonrai Security launched with $18.5 million in Series A funding last year, and its founders Brendan Hannigan and Sandy Bird, who’ve worked together for more than 16 years, are focused on mitigating the risks that come with identity and data access complexity.
Identity access is the largest source of vulnerabilities in the cloud, given the tens of thousands of identities and access levels assigned to people, pieces of compute, serverless functions, and the various access to data that they have, according to Sonrai Security co-founder Brendan Hannigan.
Understanding how to use platforms like AWS and Azure effectively, and securely, is a massive undertaking, Hannigan explained.
“Amazon has been developing a platform that has amazing flexibility and power. And when you get into an enterprise environment, the onus is on the enterprise to use these tools properly,” he told the publication.
Sonrai’s new solution, the Governance Automation Engine, which launched July 28, helps enterprises address pain points, including security breaches caused by identity policy misconfiguration and data risks going beyond S3 buckets. Other databases include Amazon RDS, DynamoDB, CosmosDB and many others.
“We sit on top of the cloud providers and collect data. Every entity, every developer, every non-human identity…and we build a graph with everything it can do and take into account every part of those relationships and their capabilities,” he said.
Once the risks are identified, they’re plotted on a graph. These “swimlane” workflows pave the way for a comprehensive review of the public clouds that an enterprise is connected to. “We can quickly identify who has access to what,” added Hannigan.
Sonrai has grown its headcount to 30 people since last year, Bird said. “We’ve grown the team substantially in Fredericton.”
Although CCSI has its own cloud security assessment tool for clients, it’s a challenging solution to scale, according to Bianculli.
“You got to make bets. And Sonrai became our swiss army knife.”