Cyera, the leader in data security, announced the launch of the Cyera Identity Module, bridging the gap between identity and data, the Cyera Identity Module gives organizations complete visibility into the identities — including external partners, non-human identities, and internal users that have access to their most sensitive data. This innovation allows customers to extend zero trust to the data layer and ensure that decision makers and critical business tools have access to the data they need without exposing the business to additional risk.
Today’s organizations are under immense pressure to get the most value out of their data. However, unfettered data access comes with great business risk. Despite the rapid adoption of zero trust solutions, organizations still do not have complete visibility into who or what has access to the organization’s most sensitive data — data that’s increasingly decentralized across on-site data centers and third-party cloud platforms. Achieving visibility across the entire data environment is a critical requirement for organizations that need to unlock the power of their data and truly empower business agility.
Cyera believes that the quality of data access visibility is only as strong as the quality of data classification.
“Identity and data are two sides of the same coin. They are also the two fastest growing attack surfaces,” said Tamar Bar-Ilan, co-founder and CTO, Cyera. “If a security breach were to take place, the first question is always — what data is impacted,’ and then ‘who or what has access to it?’ This requires the combination of high precision data classification with identity access insights. We are seeing that security leaders, who for many years viewed identity and data as two separate silos, are now realizing the value of viewing them as one. We are well positioned to help.”
Also Read: Trellix Named Email Security Innovation Leader
Determining the Correlation Between Identity and Data
Cyera’s Identity Module gives organizations complete visibility into data access through a single, centralized dashboard — data that the company’s DSPM module discovers and classifies with 95% accuracy. This data access analysis provides a holistic picture of all the identities operating in various environments across Software as a Service (SaaS), Infrastructure as a Service (IaaS), Database as a Service (DBaaS) platforms, and on-premises environments — and even provides pre-set trust levels for each identity.
The module provides insights into identity-centric risks. For example, Cyera provides visibility into what sensitive data is accessible by external third-party users — like auditors, or suppliers.
Non-human identities like AI tools — i.e. Microsoft Copilot and AWS Sagemaker, internet-facing services, applications, and programmatic identities used for automated tasks, are becoming larger areas of concern for security teams. Cyera discovers these identities, and illuminates any overly excessive access to sensitive data.
The Identity Module also recognizes excessive org-wide sharing of sensitive data by internal users, and combines this with critical context like if those users have multi-factor authentication turned off, which has been a recent attack surface that threat actors exploited in Snowflake’s customers a few weeks back or if long-lived passwords are being used. The Identity Module identifies ghost identities, including forgotten, lost, or stale accounts, and flags entities that haven’t signed in for months but still have access to sensitive data. This provides the context needed for teams to minimize over privileged data access, and dramatically reduces the potential risk – helping to better determine the impact to business continuity, regulatory mandates, and internal data protection policies.
“Establishing this correlation between identity and data allows security teams to draw comprehensive insights into where risk exists, determine the necessary actions to meet compliance needs, to prioritize risks, and understand how these vulnerabilities impact business risk,” Bar-Ilan said. “Ultimately, these insights enable zero trust data access across the organization — empowering data protectors to make data safely accessible to the business, and its key stakeholders, for the first time.”
SOURCE: BusinessWire