Data Layer Security (As Code)
One of the things I love about building infrastructure software is that you can immediately see it make someone’s life better. Whether it is building a distributed query processing engine that zips through Big Data in a fraction of the original time, an innovative data replication technology that synchronizes data instantly across multiple data centers, or a fast incremental distributed system to back up data that would otherwise take hours or days, I have always been inspired by the desire to improve productivity of teams and individuals.
On a personal level, that is what Cyral’s mission is all about for me. In the days leading up to starting the company, Manav and I interviewed over 50 security professionals and experts. While it helped sharpen our technical vision and product definition, it also helped us appreciate just how overburdened the security teams everywhere are. I read about “alert fatigue” and the sheer number of unfilled cybersecurity positions. It strengthened my personal resolve to build a product and service that was really easy to use.
One of the biggest technical innovations in recent times has been the emergence of Infrastructure-as-Code as a design paradigm for technology teams. It allows engineers to specify their infrastructure composition in a declarative language, allowing them to use the same versioning and release management workflows as for their source code. It greatly simplifies the work associated with deployment, testing and rollbacks. It allows them to be truly agile, spinning up new services in rapid succession to respond to changing business needs, and massively reduces the “busy work” associated with setting up the right environment and providing the runtime for their software.
While this has been a boon for developer and DevOps productivity, it has resulted in making threat detection and incident response very difficult for security teams. Traditional approaches of deploying agents across these new ephemeral services are not only limiting (even impossible in some cases) but also require security teams to constantly stay on top of manually managing policies, certifying deployments and responding to alerts. This results in gaps that lead to breaches. And this is the problem, we at Cyral, want to solve.
We are building an API-first service that enables easy monitoring and policy enforcement across all data endpoints. Our service will allow teams with highly granular control over all data accesses and will seamlessly plug into the modern Infrastructure-as-Code frameworks. This will provide observability for both security and backend teams, fostering better collaboration and improving productivity.
Leading up to our product launch in the next few months, our engineering team and I will be sharing more details about our technology and our overall perspective on this space. Today is the first day of that journey, and I would welcome any feedback and input we receive. You can register to receive updates to our blog channel below.
Image by Alaina Nicol via the OpenIDEO Cybersecurity Visuals Challenge under a Creative Commons Attribution 4.0 International License
Unlocking Security as Code by Using GitHub for Managing Cyral Policies
tl;dr Automated CI/CD is a powerful tool for software collaboration, automated testing, and deployment of cloud applications. Following its development, many cloud native technology companies …
The Security Digest: Week 20
Hello and welcome to TSD, your regular blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, …