Cyera, a leader in data security, announced the launch of the Cyera Identity Module. This new feature bridges the gap between identity and data, providing organizations comprehensive visibility into who has access to their sensitive data. The module includes external partners, non-human identities, and internal users, ensuring zero trust is extended to the data layer. This innovation enables decision-makers and business tools to access necessary data without increasing risk.
Organizations today are under pressure to maximize data value, but unrestricted access poses significant risks. Despite adopting zero-trust solutions, many lack full visibility into who accesses their sensitive data. This data is often spread across on-site data centers and third-party cloud platforms. Achieving full visibility is crucial for unlocking data power and enabling business agility.
Security teams are becoming increasingly concerned about non-human identities, such as artificial intelligence (AI) technologies like Microsoft Copilot and AWS Sagemaker, internet-facing services, and applications, as well as programmatic identities used for automated tasks. Cyera unearths these identities and highlights any unduly extensive access to private information.
Also Read: Horizon3.ai Launches NodeZero™ Cloud Pentesting to Transform Cloud Security
Cyera emphasizes that data access visibility’s quality depends on accurate data classification. Tamar Bar-Ilan, co-founder and CTO of Cyera noted, “Identity and data are two sides of the same coin and are the fastest-growing attack surfaces.” In security breaches, the key questions are what data is impacted and who has access to it. This requires precise data classification combined with identity access insights. Security leaders are now recognizing the value of viewing identity and data as interconnected.
The Cyera Identity Module offers a centralized dashboard for data access visibility, discovering and classifying data with 95% accuracy. It provides a holistic view of identities across SaaS, IaaS, DBaaS, and on-premises environments, including preset trust levels for each identity. The module highlights identity-centric risks, such as third-party access to sensitive data and excessive access by non-human identities like AI tools and internet-facing services. It also identifies risks like org-wide sharing of sensitive data without multi-factor authentication or with long-lived passwords. Additionally, it detects ghost identities, such as inactive accounts with access to sensitive data, helping to minimize over-privileged data access and reduce potential risks.
Bar-Ilan stated, “Correlating identity and data allows security teams to assess risks, prioritize actions, and understand vulnerabilities’ impact on business risk.” This approach enables zero-trust data access, making data safely accessible to the business and its key stakeholders for the first time.