<  Back

Reinventing Cloud Data Security

Reinventing Cloud Data Security
Dan Benjamin
Dan Benjamin
Reinventing Cloud Data Security

The cloud is always shifting as it gradually houses much of humanity’s data. According to Google Cloud experts, 50% of the world’s data will be sitting in the cloud by the end of 2023. Yet until Dig, the public cloud data security solutions available have never quite fit the speed of innovation in the cloud and the complex threat models it introduced.

Data is dynamic and complex. It lives in various forms and is constantly being collected, so it is ever-changing across the public cloud. Organizations are collecting petabytes of data across a myriad of types, making the threat model impossible to maintain.

Although many types of attacks make the news, their monetization lies with the data, so data is always the main target. Coming from deep experience in both security products and the elite 8200 intelligence division of the Israeli army, understanding the ‘attacker mindset’ was second nature. My training and background told me there needed to be a system that was active and responsive in real-time to how the attack would unfold.

An organization’s ‘crown jewels’ must be protected, yet the solutions out there have always been too static, too broad, and too difficult to use. Cloud Security Posture Management (CSPM) is a fixed solution, typically scanning the environment every 24 hours, taking a snapshot of a single moment. This may be helpful for configuration issues, but it does nothing to prevent an attacker from swooping in to steal customer data, cover their tracks, and disappear in minutes.

The fact is, CSPM solutions were never intended to solve the problems or operate at the critical level required by attacks today. This mismatch between the problem and the solution has left data and the organizations that hold them vulnerable, turning public cloud data security into the next big battlefront.

Having seen this issue up close when I led the multi-cloud security strategy at Microsoft, I was determined to find a better model with Dig – one versatile platform to rule them all, dynamically protecting data across deployment modes, clouds, and services.

Dig discovers data agnostically, automatically classifies it, and delivers the first true real-time Data Detection and Response (DDR). The basis for it is a top-level security research team crafting rules and policies around the whole ‘attack life-cycle.’ From reconnaissance, where attackers are seeking out open buckets and making first moves towards disabling security measures – to data misuse, data exfiltration, ransomware, and compliance breaches. We issue security alerts when it matters most, within a matter of minutes and while it's actionable. Clients have been amazed to see the difference when detecting a breach; a Dig alert came in at under a minute, while other solutions provided alerts up to 24 hours later, making them essentially useless against the dynamic nature of data exfiltration.

Until now the approach to public cloud data security has been to put out wide nets and simply hope for the best. At Dig, having fine-tuned the tools and reinvented the approach, we have set a higher, dynamic standard in place.

To learn more about Dig for your organization’s security, or to join our team, contact us here [info@dig.security].