What it Means to Be Holistic Cloud-First Data Security: a Product Q&A with Cyera

Feb 2, 2023
May 15, 2024
What it Means to Be Holistic Cloud-First Data Security: a Product Q&A with Cyera

Data is increasingly one of the most valuable assets of any modern-day business. As such, it is of utmost importance to secure it from attack and misuse. For security teams, awareness of what data the business manages, where it is located, and who has access to it is a significant challenge. Unfortunately, it is also a precursor for most data security technologies to function correctly, making it difficult or impossible to fully identify risk and take appropriate action.

Cyera has introduced a revolutionary approach to data security, designed to manage data across the highly permissive, widely distributed, and massively scaled data landscape. At Cyera, we have taken a cloud-first approach to data security, discovery, and classification, but the novel approach to data discovery applies to on-prem data centers as well, which is important since nearly every business will maintain on-prem data for decades to come. Cyera has pioneered a non-invasive, fully automated data discovery, classification, and contextualization scheme that maps an inventory of your enterprises’ sensitive data and helps to put your data security objectives within reach. In this article, we dive into the Cyera product, its benefits, and how it works. 

How does Cyera differ from traditional data security solutions?

Cyera puts data first, provides deep context on what a business’s data represents, prioritizes the exposures that increase risk, and automates remediation workflows quickly and continuously.

Cyera has architected a fully automated process for continuously discovering data stores and providing deep context on data and classification to even the most custom of data types. The process focuses on leveraging native APIs to create and maintain a dynamic data store inventory in order to eliminate the (1) process overhead inherent in manual IT service catalog creation  (2) the impact that agents and active connectors place on deployed infrastructure environments and (3) cost of additional logging requirements. There are no agents, network footprint, or hardware required. This means no performance overhead, no impact on data processing, and no ongoing maintenance.

Many discovery and classification tools take a very narrow view of environments, structured vs unstructured data, and the data stores that they support. Therefore, most businesses rely on multiple tools to discover specific data store types, each of which uses a different approach and manages the data separately, increasing costs of vendor sprawl and reducing efficiencies in FTE resources. In addition, the typical means of discovering data stores include manual attestation, surveys, or agent-based scanning, all of which are very time-consuming, costly, and fraught with errors. They also represent a point in time, which is at odds with the rate of the change introduced by cloud technology. Cyera addresses these issues with a holistic approach to discovery that minimizes human involvement, works across the cloud data landscape, and dynamically discovers new, changed, and eliminated data stores.

Does Cyera help teams save time? In what ways?

In a word, yes. For example, a customer in the pharmaceutical industry recently quantified that Cyera brought down the mean time to identify security exposures by 87%.

Cyera helps to save security teams time in several ways:

·  Dynamically discover data stores in their environments.  This eliminates the overhead of time-consuming audits, surveys, and attestations to understand where data is being managed for a business.

·  Automatically and continuously determine the classification and context of sensitive data.  This eliminates the need for manual data definitions, laborious tagging processes, and tuning/tweaking logic to eliminate false positives.

·  Get prioritized automated remediation workflows with specific guidance for addressing security exposures. So when Cyera detects an issue, our toolchain integrations open a ticket or pull request, kick off an automation routine, and enrich signals in a SIEM or other security solution with the full context of the exposure and how to remediate it.

·  When a team responds to security, privacy, or other regulatory audits, Cyera saves the time and effort required to identify where data is managed and who has access to it.

·  Customers leverage a rich set of cloud data classified and contextualized risks to prioritize their vulnerability patch management and incident response workflows. Cyera’s API provides context on the potential blast radius from a threat signal, accelerating the mean time to resolve an incident.

How is cloud security managed differently than on-premise storage, and how does this affect the attack surface?

Modern businesses are creating and consuming data at an incredible pace and leveraging cloud technology to take advantage of the speed and agility it offers their teams to create new business opportunities and unlock the potential of customer engagements.

The challenge is that legacy processes and tools are not designed for the permissiveness and unrelenting pace of change that cloud technologies have introduced. Manual processes, hardware or software-centric deployments, and reactive responses to real-time exposures cannot keep pace. This leaves businesses with increasingly exposed risk as they attempt to embrace cloud transformation initiatives to outpace their competitors.

·  Legacy discovery and classification approaches were not designed for today’s fast-moving, permissive multi-cloud environments. Rather, they were designed and built to manage the static legacy environments of the past. These solutions rely on antiquated deployment modes that include host-based agents, manual connection strings, and a need for every data owner to manually track what data exists, where it is stored, and how it should be classified in order for security teams to apply the appropriate controls.

·  Enforcing policy for data loss prevention and data access in the cloud is incredibly challenging. This is due to several factors, from (1) the proliferation of environments and tools,(2) distributed ownership and governance, and (3) an explosion of tools that assess risk and apply controls differently. But the foundational problem remains: manual efforts from multiple siloed stakeholders with very different objectives and goals. Each business unit understands why they manage data in a particular way. However, that reason is lost to other stakeholders. (i.e. - Governance objectives differ greatly from those of Risk and Compliance teams).

Data security as a discipline needs to evolve to overcome the challenges that the cloud era has introduced. For evidence of this, look no further than your daily news feed, where a new data breach, data leak, or ransomware attack has become a daily occurrence. According to IBM, the average total cost of a data breach reached 4.35 million USD in 2022 (9.44 million USD in the US, where breaches were the most costly), a nearly 13% increase from 2020. 45% of the breaches were cloud-based, and fully 83% of organizations studied have had more than one data breach. Despite the attention paid to ransomware attacks in the media, the most common cause of a breach remains lost or stolen credentials. Businesses simply cannot detect these without powerful automation, machine learning, and an architecture that can be deployed and scaled as easily as their cloud tools do.

Cyera’s machine-learning algorithms use semantic classification. What is this, what does it do and why is it beneficial?

Every environment that Cyera analyzes is unique. Businesses have unique data classes and proprietary data formats. Typically some form of data tagging has been performed to categorize data as sensitive, confidential, or similar. To reduce false positives, Cyera’s data classification process leverages patent-pending technology that uses multidimensional correlation. Cyera’s platform combines pre-defined data classes (that were trained using traditional mechanisms including regular expressions and pattern-matching algorithms), with environment-specific analyses conducted by novel ML and NLP technologies, to reach a very high degree of accuracy.  The platform learns a customer’s unique data and improves its accuracy with each additional account and subsequent scan, leveraging the increasing volume and variety of data available to the correlation engines.  The ultimate result is a capability that is similar to Exact Data Matching, with automation. 

What does this mean in practice? We start by categorizing your data, and understanding if it represents personal, health, financial, or secret data. To ensure that we can identify the real exposure to your data and to prioritize only the most relevant and pressing issues stemming from real exposures, we identify whether the data represents an employee, customer, partner, or another type of individual or entity with which you conduct business.  We also highlight the residency of the data - the region, country, or state that it represents.  Then we look at whether the data is encrypted or if synthetic data is being used. And we also highlight whether this data can be used to uniquely identify someone.  The goal is to ensure you know exactly what your data represents and to avoid noisy alerts that distract you from real risks and cost you and your team time and money.

What is the top cyber threat facing companies in 2023?

The devil they don’t know. There’s a saying, better to deal with the devil you know, than the devil you don’t. Applying this logic to data seems apropos in today’s climate of daily breach notifications, increasingly stringent regulations, and a fickle public whose loyalty has never been more fragile.

As businesses increasingly adopt cloud technologies, it has never been harder, or more important, to discover the unknowns that put your business at risk. This lack of visibility, awareness, appropriate detection, and controls leads to data breaches, unending ransomware victims, and insider risks turning to insider threats. Regulators are imposing increasingly severe penalties for these exposures, but the real threats to businesses come from incomplete security and compliance controls that negatively impact productivity, impair trust with customers and complicate business transformation initiatives.