Thank you for the warm welcome! We really appreciate it and hope you are keeping safe.
We've been building hard over the last year, mentored by exceptional security practitioners, and iterating on our product design with over 50 exacting organizations. We are keen to share what we've learned about data store and object security (DSOS) with you.
Data is the persistent asset
Our founding thesis was that in a world of ephemeral devices and microservices, data stores will be an organization's most valuable persistent asset. Several practitioners echoed this view. “Firewalls” have long guarded the most valuable persistent assets in organizations — first networks and then applications. And the idea now covers everything from access control and behavioral models to detection-response and in-line protection. The next ten years will be about understanding data and reimagining firewalls for billions of data objects across big data stores.
Our approach to DSOS is aimed at answering some of the simplest, and yet most challenging to answer, questions in the industry. "What's on your network?" is still a hard problem for security teams, but “what's in your data stores” is shaping up to be far harder. Data stores are diverse -- SQL, NoSQL, object stores, data warehouses, queues, time-series, graphs, the list goes on, and they contain data objects that are far more fuzzy than a networked device. An object, while well defined for some stores, is spread across many cells or documents in others, and firewalling what you can barely define is near impossible.
Systematically manage data-risk
Nevertheless, data firewalls are the pass that we have to go through. Without them, application-security and cloud-guardrails teams have to walk on a razor's edge where any mistake leads to a large breach. Data security teams cannot keep up with fast-moving product engineers who spin up new infrastructure to experiment with features and then can accidentally leave sensitive data behind. Data compliance teams are forced to bring developers to a halt for “data calls” where all data and usage have to be accounted for. But with a data-protection service that spiders across all stores and actively minimizes data risk, it doesn't have to be this way.
Symmetry's founding team comes from UT Austin, UIUC, and UCs Berkeley and Santa Barbara and includes experienced engineers who have spent years working on data-centric security. We have worked on microservices and container orchestration to computer architecture and pervasive computing. We see in “infrastructure as code” the perfect medium to transfer our research from pilots in innovation labs to high-stakes production deployments. While there are economic drivers due to cloud migration, data breaches, and privacy regulations, Symmetry's intrinsic value for organizations is in understanding and reprogramming their data-infrastructure — to make it a hostile place for attackers and safer place to host our personal data.
A DataGuard for every Data Store
We are very grateful for all the help we have received and excited to see the current version of our solution help design-partners across AWS, GCP, and on-premise data stores. We hope to make it so simple that every data store has a DataGuard.
If you are working to secure data — in a company or in research — please let us know. We would love to compare notes!
The Symmetry team.