Note: This interview is part of a paid sponsorship between Open Raven and The Cloud Pod.
In this TCP Talks episode, Justin Brodley and Jonathan Baker talk with Mark Curphey, Chief Product Office and Co-Founder of Open Raven, a fully integrated platform for security and privacy workflows.
Featured Guest
Name: Mark Curphey
What he does: Mark is Chief Product Officer and Co-Founder of Open Raven.
Where to find him: LinkedIn | Twitter
Listen to Mark discuss the Open Raven strategy for protecting your data, the use of serverless workflows to scale to enormous workloads. Protecting your data and ensuring compliance using the Open Policy Agent – and more.
Key Points
Discover – Classify – Monitor – Protect
“The cloud has moved in incredibly fast; security has been moved off to the side and as a result companies don’t know where their data is, breaches are happening constantly, and these are the big things that get companies in the press.”
Macie
“Every single customer that we spoke to in the early stages said, a) It doesn’t work b) It’s ridiculously expensive, and c) It’s only on s3 buckets. Well, whilst The Register is always reporting breaches of S3 buckets, my customer data is in RDS! That’s a real piece of the problem for me; sure, it’s popular, but I shouldn’t just be thinking about trying to protect myself from getting on The Register.”
Part of the challenge is that data is not one thing… I may have a name, I may have an address, I may have a card number. There are all sorts of different parameters, and the data could be stored in multiple ways. So you have the concept of like data adjacency; If I have a CCV number, and expiry date and name associated to it that might be something which is real.
With Macie, even if you just use the straight matching techniques, you don’t have control over the adjacency thing, so that’s why a lot of the basic trivial cases get completely missed.
Security at the edge?
“If you are protecting data in the cloud, you have to wire the tools into the cloud to understand which IAM has access, which routes, which security groups can give you access? That’s the only way to understand the context to protect it. You can’t do it in some sort of edge device.”
Getting started with Open Raven
Visit openraven.com to get a 15 day trial. Spin up a SaaS instance and go play.
“We already think we’re a better choice than Macie, but don’t think that’s the end goal. Come partner with us, work with us on the end goal, because those are things that we love; solving massive, complex, and interesting problems.”