Public cloud security provider Sonrai Security today announced that it raised $20 million. According to a spokesperson, the fresh capital will be put toward accelerating R&D along with global sales and marketing for 47-employee Sonrai’s identity and data governance products.
Roughly 83% of enterprise workloads have moved to the cloud as of 2020, according to a LogicMonitor survey. But the cloud remains vulnerable to cyberattacks. In 2019, the average time to identify a breach was 206 days, IBM found. And security breaches have increased by 11% since 2018 and 67% since 2014, Accenture reported in a recent study.
Sonrai’s platform, Sonrai Dig, is built on a graph that identifies and monitors relationships among entities (e.g., admins, roles, compute instances, serverless functions, and containers) and data within public clouds and third-party data stores. An engine automates workflow, remediation, and prevention across cloud and security teams to provide baseline security, while at the same time giving critical data in object stores like AWS S3 and Azure Blog priority with regard to suspicious activity and access rights monitoring.
Sonrai’s data governance automation solution ostensibly helps integrate teams via analyses, alerts, and actions that align with how organizations use the public cloud. The platform allows customized monitoring and views for development, staging, or production workloads and an API architecture that can be integrated into a continuous integration/continuous development process. Dig also automatically dispatches prevention and remediation bots and provides safeguards in the form of code promotion blocks to help ensure end-to-end security in public cloud platforms.
It’s the assertion of Sonrai CEO Brendan Hannigan, previously general manager of security at IBM, that improperly configured cloud interdependencies and inheritances can lead to security risks including excessive access paths to data, over-permissioned identities, and an unwieldy separation of responsibilities. He estimates that public cloud utilization by enterprises generates hundreds of cloud accounts, thousands of data stores, and tens of thousands of ephemeral pieces of compute — the complexity of which legacy cloud security tools have failed to address.
Hannigan won’t disclose Sonrai’s customers, but he says that the platform can scale to thousands of roles and compute instances across hundreds of corporate accounts. “The increasing frequency of cloud breaches caused by identity and data access complexity has driven significant traction for our … platform among large enterprises,” Hannigan added. “They see it as the basis of their cloud security model.”
Menlo Ventures led the series B round announced today with participation from Polaris Partners and Ten Eleven Ventures. It brings New York-based Sonrai’s total raised to over $38.5 million following an $18.5 million series A round in January 2019.