ENABLE SECURITY, INFRASTRUCTURE, AND COMPLIANCE TEAMS TO COLLABORATE EFFECTIVELY.

WHY IS DSOS AN UNSOLVED PROBLEM?

Today, data security is a side-effect of infrastructure and application security.

Small mistakes in cloud guardrails (e.g., identity and access management policies), application security (e.g., a compromised library), or human processes (e.g., phished credentials) can breach or ransomware data.

Infrastructure security teams set up identity and encryption but they struggle to maintain tight IAM (identity and access management) policies. As people join, move, or leave, they cause both data and permission sprawl. Applications and service roles remain fundamentally over-privileged since they have to access multiple stores to get work done. As a result, a compromised identity or application has a large blast-radius when it comes to data.

Security teams assume that any application that processes user input is exploitable, but they work with network-centric tools with limited visibility into data stores leaving them unable to measure the impact of compromised applications. When a breach happens, identifying which data objects were breached is exceedingly difficult and leads to expensive, worst-case breach response.

DATA STORE AND OBJECT SECURITY (DSOS) ADDRESSES THE HARD THING ABOUT DATA SECURITY — VISIBILITY INTO DATA OBJECTS ACROSS DATA STORES — AND CREATES EFFECTIVE DEFENSES.

Symmetry_DSOS-figure-2

VISIBILITY

How is sensitive data protected? Who is using it?

DETECTION

Sensitive data is under threat. Here is the evidence.

RESPONSE

Alert data owners. Trace attacks back in time.

PROTECTION

Choose from IAM, row-column, field-level encryption, etc. policies on data stores. Or insert a sidecar/proxy.