Why Identity Should be Part of Data Security
The need for data to be accessible to the business has naturally led to an abundance of corporate identities that require access to this business data. Those identities span everything from human identities like third-party auditors, suppliers and employees - to non-human identities like AI Copilots, applications and services. And they are multiplying quickly.
“Identity and data are two sides of the same coin. They are also the two fastest growing attack surface” - Tamar Bar-Ilan, co-founder and CTO, Cyera.
Security leaders are now under a meteoric level of pressure from the business to shift from need to know, to a need to share mentality - an evolution of the zero trust principles that have been widely adopted as religion within the security industry for the past 15 years. They must ensure that security is no longer seen as a speed bump to the business, and the data-driven initiatives the business has in its sights.
Why Cyera incorporated identity into data security
Discovery has always been core to who we are as a business. This is why we launched our DSPM solution back in 2021 with a mission to help them discover and classify the data across their entire environment in a way that was simple, scalable and highly accurate. But data discovery was just the beginning. Customers started asking us if we could also help them discover WHO had access to the sensitive data. This would then allow them to determine whether or not data access was required, and work to share data only with the identities who absolutely required it. It would also help them better respond to data incidents given that the first question after an incident is always “what data was impacted?” and then “well, who who, or what, had access to this sensitive data?”
We got to work.
We knew that our ability to classify data with 95% accuracy was a tactical advantage because the quality of access visibility is only as strong as the quality of data classification. Cyera Identity customers would naturally benefit from our Cyera DSPM solution. We knew we would need to have a hard look at identity and its relationship with data. We also knew that identities would have to include internal and external identities and not be limited to just humans
What we didn’t know - and found out - was that most customers were extremely concerned about non-human identities. This is in large part due to a lack of security controls focused on these identities, and a growing number of exploits targeting them.
What we developed not only allowed us to empower our customers to make data safely accessible, but also changed the dynamics of the entire security industry. Identity and data are fundamentally intertwined from here on out.
With the new availability of Cyera Identity - we help customers address some of the biggest challenges they face around data security:
Discover identities within your environment - The module discovers identities across your landscape and determines a trust level for each identity. This trust level is either external, external-trusted, or organizational
Understand the context in which that identity has access to the data - Identify whether this entity was internal or external, human or non-human, did they have MFA turned on, were they ghost users, or stale users. This context is key given the cyber attacks that now exploit this context like in the case of Snowflake.
Reduce over privileged access - Gain insights to determine whether or not access to the data is actually required - and correlate this with the sensitivity levels of this data, as well as number of total records. Then take action to reduce any unnecessary access to data.
Control the AI blast radius - Discover if Microsoft Copilot, or AWS Sagemaker, a GenAI platform, has access to PII data, employee compensation information, intellectual property (the secret recipe) or any other sensitive data. Then use this insight to reduce an AI data breach.
In Gartner’s Predicts 2024: IAM and Data Security Combine to Solve Long-Standing Challenges research paper, the analyst firm discusses a future where identity and data security vendors start to blend together. This was never possible in the past due to siloed vendors, and siloed internal processes. But data and identity remain two of the core components of the shared responsibility model that customers are on the hook for.
With Cyera Identity, the days of identity and data being seen as separate are fading away - they are now, and always will be, part of the same story.
Gain full visibility
with our Data Risk Assessment.