Last week in San Francisco, more than 42,000 security professionals made RSA Conference 2023 one of the security community’s biggest events of the year. In case you missed the opportunity, here’s a quick roundup focused on cloud data security.
Cloud data security is trending
“Cloud data security was a big theme at the show,” reports Amer Deeba, co-founder and CEO of Normalyze. “Wide discussion on cloud data security reaffirmed our vision to help customers secure all their data in one holistic platform.” Excitement and interest in Data Security Posture Management (DSPM) and for the Normalyze Cloud Platform are noted below. The key drivers for this interest are customer migration from legacy on-premises into multi-cloud environments and how this impacts data security, said Joe Gregory, Head of Customer Success and Support at Normalyze, about attendees he talked with at the conference.
Strong interest in DSPM
The RSA Conference 2023 exhibition was the first for Normalyze, which launched its data-first cloud platform last summer. Response was overwhelming. “We had attendees spilling out into the aisles pretty consistently,” says Joe Gregory. “Light bulbs were going off as people saw our platform, heard our story, and saw how the Normalyze Cloud Platform offers real differentiation,” added Mike Doherty, SVP of Global Sales. “People visiting the booth already knew about DSPM and came to us specifically to see our product – and understand what it could do for them,” says Ravi Ithal, co-founder and CTO of Normalyze. “We also had visitors where the opportunity was to educate them about DSPM first, and then show Normalyze,” Ravi added. Booth engagement and demos were strong up to the very last minute of the last day of exhibition.
Normalyze Cloud Platform 2.0 debut
Speaking of product, Normalyze formally unveiled Cloud Platform 2.0 at RSAC 2023. The platform includes five new innovations for DSPM, which continuously discover and fix risks of cloud data in motion and at rest with one unified platform. For an in-depth breakdown, check out Ravi Ithal’s blog post. In a nutshell, Cloud Platform 2.0 debuts:
- Data flow diagram: Data-in-transit mapping gathers all data flows between users, applications, resources, and data assets in the cloud. Interactive graphs visually show teams how the sensitive data is being accessed and which assets are in violation of the data security policy.
- Data lineage: By analyzing data moving between resources, actual users and resource activity related to sensitive data, security teams can identify where a piece of sensitive data originated, where it is being moved to, and the associated security and privacy risks that need to be addressed.
- Data access graph: Security teams can now gain a fine-grained understanding of how access is being granted to sensitive data without having to deal with the complexity of roles/policy configuration within cloud platforms. Analysts can now pinpoint the exact changes that need to be in roles/policies or resource access configuration to resolve access governance/compliance issues.
- Anomaly detection: Identifies suspicious activity including data exfiltration, potential account takeover by continuously baselining user activity and identifying abnormal behavior that is indicative of risky activity, without relying on pre-configured rules or policies.
- One-click remediation: Built-in remediation enables one-click options to resolve data access risks such as dormant users and excessive privileges to access sensitive data.
iSMG interview with CEO Amer Deeba
Normalyze had significant visibility at RSAC as a thought leader in cloud data security. Co-founder and CEO Amer Deeba gave a thoughtful interview with Information Security Media Group, “Evaluating Cloud Security Across the Enterprise: Rapid Cloud Adoption Created New Businesses with More Security Challenges.” Amer described the big challenge of discovering where sensitive data is stored and moves through multi-cloud environments. “Data security professionals need visibility to get control – all the real-time and contextual information must be available in one place in order to be proactive,” says Amer. “Visibility enables a data security team to make good decisions and to be proactive.”
CISO roundtable on cloud data security
Normalyze co-sponsored a live broadcast CISO Fireside Chat on Cloud Data Security, moderated by Jack Poller, Senior Analyst at TechTarget’s Enterprise Strategy Group. “CISO’s Take on Cloud Data Security: Best Practices, Challenges, & Attack Trends” included insights by Bernard Brantley, CISO at Corelight, Rahul Gupta, Head of Security & GRC at Sigma, and Amer Deeba, CEO of Normalyze. Panelists offered three key takeaways:
- Bernard: Focusing on data security eases the constant back-and-forth of security teams justifying their value to the business. Data is the most important asset for a modern business, so establishing value is much easier when the conversation is about data instead of machines and networks.
- Rahul: Data security practitioners should use a risk-based approach. To understand risks, you must have visibility. Using a visibility platform like Normalyze puts you in a position of understanding the risks and making good decisions.
- Amer: For effective cloud data security, it’s critical to enable discovery, classification, prioritization, remediation, and compliance. An option like Normalyze will get you started fast, be proactive, and achieve your goal of securing cloud-resident sensitive data.
Cloud Security Alliance panel
Normalyze co-founder and CTO Ravi Ithal joined a panel discussion titled “Cloud Security Context that Makes Cents” led by the Cloud Security Alliance. Panelists highlighted the challenges facing businesses caused by lack of cloud data visibility and no context. The panelists described how context, observability, and security strategies are helping organizations be successful when using multi-cloud environments.
Hands-on learning lab
Abhinav Singh, cloud security research lead at Normalyze presented a hands-on learning lab, “Defender’s Guide to Securing Data in Public Cloud Infrastructures.” The hands-on lab covered use cases for implementing a strong data security posture for a public cloud infrastructure. It presented defense use cases on data classification, access governance, and monitoring controls with in-depth modules for implementing them. The demo environment was AWS with pointers on replicating the use cases in Azure or GCP.
Try Normalyze in your environment!
Finally, if you’re looking into DSPM to protect your cloud data, we invite you to try Normalyze for free in your environment. Sign up for our Freemium. Setup takes minutes, after which you can see for yourself how Normalyze will provide your security teams with 100 percent visibility and control of cloud-resident sensitive data. By experiencing the free trial, you and your security team will see exactly why the excitement described above for DSPM and Normalyze at RSAC 2023 is completely understandable!