Product Update: Breaking Three Boundaries for Cloud Data Security

Breaking new boundaries

As Laminar’s VP of Product, I enjoy every time our team achieves new heights. I love innovations that truly add value for our customers. It’s exciting to break new boundaries and redefine what’s possible. Protecting your most sensitive data in a public cloud environment is hard. Engineers and data scientists build fast, collect and process data at huge volumes, are doing the right thing for the business, but don’t always have security and privacy top of mind.

Laminar has been defining a new reality for data security in the cloud across the industry. We have also been providing our clients with innovative, first in class services. As of today, we are widening our lead in the industry with several valuable new capabilities:

  • First to secure cloud data in a multi-cloud environment by adding support for Microsoft Azure.

    Multi-cloud adoption has soared due to the advantages of rapid development and minimal vendor lock-in. Gartner estimates that “more than 75% of organizations use multiple public cloud services today, and have plans to expand.” With this announcement Laminar is first in the public cloud data security market to support multi-cloud, by adding Microsoft Azure support to the existing support for Amazon AWS. This has several advantages for fast-moving enterprises:
    1. Consistent controls: With a single pane of glass across a multi-cloud environment, enterprises can apply a consistent set of data governance policies, no matter where and how that data is collected and stored. This capability empowers teams to move faster, make fewer mistakes, and ramp quicker by mastering less tools.
    2. Levelset Security: Rather than have different levels of security due to different levels of knowledge about the built-in offerings of the public clouds, Laminar provides a consistently high level of data security across all clouds.
    3. Cloud Data Catalog: Laminar creates a cloud data catalog across clouds, across tech stacks, and physical locations that contributes to true data democratization.
    4. Guided remediation: Remediation recommendations include the exact set of actions needed for that exact cloud environment, thereby increasing the efficiency of security and governance teams.
  • First to offer a full suite of data-centric security policies

    While most cloud security approaches define security policies at the infrastructure level, Laminar is now the first to offer a full suite of data-centric policies that are automatically enforced. These data-centric policies are geared towards preventing the breach or leakage of sensitive data, regardless of the cloud infrastructure that stores it. Focusing on securing the data as opposed to the infrastructure is at the root of Laminar’s Cloud Data Security Platform and enables many advantages for security teams:
    1. Increased focus and efficiency: Data-centric policies allow security teams to focus on what matters. For example, an infrastructure-centric policy would specify that all S3 buckets would not be publicly accessible. Such a policy then drives tedious, manual processes to figure out if a publicly accessible bucket was designed to be so, and what data it might store. The related but enhanced data-centric policy, that is based on a deep and precise data catalog, would only trigger when actual sensitive data is accidentally publicly exposed, regardless of where it’s stored.
    2. Process simplification: A single data-centric policy replaces multiple infrastructure-centric policies such as a policy per data asset type and per cloud environment. Thus, A data-centric approach greatly simplifies the policy setup process. In a world where security practitioners are a scarce resource, simpler, more focused processes translate into enhanced security.
    3. Reduction of risk: While securing the infrastructure and the application environment are important to prevent and stop attacks, data-centric security policies enable organizations to make sure data is not mismanaged so that at the event of a breach, blast radius is greatly reduced.
  • First to discover and classify data in self-hosted, embedded databases

    “Shadow Data” encompasses data that is not tracked by IT yet might contain sensitive information. A major category of Shadow Data is databases that are embedded into cloud compute instances (AWS EC2s or Azure VMs). As developers rapidly iterate, they easily spin up embedded, hidden data assets that are most often unprotected – and targeted by threat actors. With this announcement, Laminar is the first to support the discovery of these data assets wherever they are located, and the asynchronous, autonomous mapping and classification of the data that is stored in those assets. This has several advantages for dynamic development environments:
    1. Uncovering Shadow Data: Laminar uncovers new as well as abandoned embedded databases spun up by developers, and untracked by security teams.
    2. Autonomous: The platform autonomously and continuously discovers all data assets as they are created by developers or data scientists. Laminar is unique in being able to access data assets even without requiring users to provide credentials such as passwords. The security team is always up to date without any manual steps.
    3. Pinpointing abandoned “Lift and shift” data assets: As legacy systems are “lifted and shifted” to the cloud and then upgraded to cloud-native resources, the result is typically abandoned yet highly sensitive embedded databases that are both untracked and at high risk. Laminar ensures that these data assets are discovered and protected by default.

These are not the last firsts

In closing, I anticipate many, many more firsts with Laminar. I further anticipate that we will continue to define the public cloud data security market, and continue to provide our clients with the best cloud data security platform and services in the market.

Houston, We Have a Public Cloud Problem

Nice to meet you all. I’m Ido Livneh, VP, Product at Laminar. I have been spending most of my time this year speaking with CISOs, CDOs (Chief Data Officers) and data protection leaders about their challenges in protecting data in modern public cloud environments, and I found some common themes that almost everyone is struggling with.a. The central issue reminds me of the Apollo 13 line, “Houston, we have a problem.” In this case, it’s data protection in the public cloud. Old workflows and solutions just don’t cut it anymore as the environment has changed.This key challenge led us to focus on an extremely valuable and novel solution for our customers.

We have benefited tremendously from our investor Insight Partners’ program — Insight IGNITE — which introduced us to hundreds of security and data protection decision makers. Speaking with these experts allowed us to validate the problem and solution. To perfect the product market fit, we wanted to utilize research and verification — not haphazard guessing. Which fits so well with another Apollo 13 quote by fight controller Gene Kranz, “Let’s work the problem, people, Let’s not make things worse by guessing.”

 

“Let’s work the problem ,people, let’s not make things worse by guessing”

Gene Kranz, flight controller, Apollo 13

 

Data is at the center of the cloud transformation

Enterprises now put data at the center of innovation. They understand that it is a key asset and a source of differentiation. They democratize it to unleash its full potential and make it accessible for developers and data scientists. Today, innovation happens in the cloud, and new applications run on cloud infrastructure. 

This cloud transformation is great for the business, but it also introduces significant changes to cybersecurity risks, workflows, and acceptable solutions. Recently, a train of Cloud Security Posture Management (CSPM) solutions addressed these changes for the actual infrastructure, the VMs, the boxes, etc. However, overwhelmingly, we found that data protection teams were left behind. The solutions they use and the manual processes they follow haven’t adjusted to this new environment, which makes their work much more challenging than ever before. Most data protection teams are blind to what sensitive data they have in the public cloud.

How the public cloud changed data protection

There are four major factors that significantly changed data protection in public clouds:

  • A sprawl of tech and high complexity

    There are dozens of technologies to store, use, and share data in the cloud. They can be managed by the cloud service provider (AWS S3 buckets, Google Cloud Storage, Azure Blob Storage, etc.), IT (AWS RDS), and even developers or DevOps (database that runs on an EC2 or a Kubernetes node). Each one is configured and used differently. Each one introduces new risks. Not only are these new architectures complex and confusing, they are dynamic and constantly changing. Developers are now in charge and can spin up or copy an existing datastore in a matter of minutes.
  • Data protection teams as business enablers

    Modern data protection teams don’t stop developers from making changes. They set guardrails to allow fewer mistakes. They do fewer architecture reviews as gatekeepers and more continuous monitoring and risk assessments as stewards. Therefore, data protection teams no longer assume they know where all the data is, but rather they are looking for a solution that allows continuous and automated discovery and classification.
  • Data democratization and the pace of change

    Changes to the data are pushed to production at an astonishing pace. More and more developers and data scientists leverage data every day. This makes manual efforts ineffective. By the time they are completed, they are no longer true.
  • No perimeter

    All data in the cloud is accessible from anywhere, given the right credentials or tokens. There’s no longer a single choke point to protect and monitor. Any data leak detection should be distributed and cover all channels of egress and the entire public cloud.

No visibility, context, accountability, or leak detection

The lack of proper solutions to address those changes made the work of data protection teams harder than ever before. They have limited resources to handle the increasing data risk, yet answering data protection questions is only getting harder. This can be split into four main problems:

  • Lack of visibility: where’s my sensitive data? Who has access? How is it configured?
  • Lack of context: what is this data? How did it get there? How is it used?
  • Lack of accountability: who made these changes? Who is the process owner?
  • Lack of leak detection: are my policies being followed? Are there any anomalies in data access and sharing?

 

“Be thankful for problems. If they were less difficult, someone with less ability might have your job”

Jim Lovell, Apollo 13 astronaut

 

A three-step approach towards public cloud data protection

These problems inevitably result in exponential growth of data leakage incidents in the public cloud. IDC recently reported 98% of all companies experience a cloud data breach within the past 18 months. Data policies are violated. Ensuring data privacy and compliance in the public cloud is a tedious struggle. To address that, we recommend that every organization take this three-step approach to Public Cloud Data Protection:

  • Discover and Classify continuously for complete visibility.
  • Secure and Control to improve data risk posture.
  • Detect Leaks and Remediate without interrupting data flow.

The launch of Laminar was about the problem, the opportunity. Learn more about why Public Cloud Data Protection Needs a New Approach.