5 min read
Introducing Bedrock: Simplified Data Security for Today’s Cloud and GenAI Landscape
Pranava Adduri : Mar 26, 2024 6:00:00 AM
It’s not news to anyone that data has exploded. And the number of emerging companies and recent acquisitions are a strong indicator of the importance of securing this exploding data. Data moves organizations forward, but to sustainably deliver on its promise, it’s imperative that we identify, categorize, and protect it. Protecting data has always been a challenge, but with today’s proliferation and the scale of generative artificial intelligence (GenAI), new data security issues have created a compelling event that the security industry must address immediately.
That’s why we founded Bedrock Security, and why we’re unveiling the industry’s first frictionless data security platform now. To deliver frictionless data security, Bedrock developed the industry’s only data AI Reasoning Engine (AIR) to address the massive quantities of data generated, copied, and moved every day. AIR provides security teams with a full understanding of an organization’s data at the scale and speed demanded by modern enterprises. This has enabled Bedrock to address the shortcomings of data security posture management (DSPM) and legacy data security solutions, which inherently cannot keep pace with the volume and variety of data, including regulated data and core intellectual property (IP), that may be used in large language model (LLM) architectures such as Retrieval Augmentation Generation (RAG). With Bedrock, enterprises are now empowered to embrace data without increasing risk or security resources.
Why Now?
Data is foundational to organizational growth, but understanding data at the scale and speed demanded by modern enterprises has been an open problem that existing solutions have failed to address. This problem is unique in that it’s as much a security and governance problem as it is a big data problem. Solving it requires an approach that tackles both fronts. Ganesh Shanmuganathan, my co-founder and Chief Technology Officer, and I came together to address the shortcomings of DSPM and legacy data security solutions and to empower modern businesses to embrace data growth without increasing risk. We built Bedrock by drawing from my background in data protection and security from Rubrik and Amazon Web Services and Ganesh’s work in architecting distributed file systems and high performance computing at Cohesity and VMware. This uniquely positioned us to build a data security solution that meets the scale and speed requirements organizations demand today.
What the Bedrock Platform Delivers
Data security is difficult due to multiple factors, including velocity, variety, and most importantly, the rapid growth of data. GenAI further exacerbates the problem as there is no known governance to prevent the amplification of sensitive data and core IP if such data leaks into AI model training or is accessible to RAG-style knowledge engines. The best governance here is segmentation: don’t let data in that you don’t want coming out.
There’s no lack of willingness to secure data on the part of security professionals — the issue is that securing data with today’s legacy solutions is a time-consuming process that results in accuracy issues, slow response times, high operating costs, and (ultimately) poor security effectiveness. To overcome today’s challenges, Bedrock Security focuses on three essential elements that can help you build that foundation and use your data to enable your organization to achieve its business goals.
Step 1: Accurate Risk Assessment and Remediation
The foundation of a successful data security journey is built on the ability to enable accurate data visibility. Bedrock’s AIR goes beyond fixed rules and pattern matching to identify data, enabling more accurate discovery, classification, and data mapping. AIR enables organizations to identify new data categories that rules-based systems could never identify, because most data doesn’t conform to a specific rule or pattern. This enables the identification and protection of a far more inclusive range of sensitive data.
Compliance-based or regex-based rules can capture only what the user knows to look for. AIR’s categorization technology discovers data, without rules, and creates topics to give business context to the data discovered. This expands the effectiveness and completeness of any policy that may be built on this information. Through AIR’s technology, including data similarity, topic detection, and identity and activity analysis, Bedrock provides a clear picture of data risk within one unified platform.
One of our customers, House Rx, turned to Bedrock Security because the legal team wanted a data map of their environment to ensure employees were off-boarded appropriately and that personally identifiable information (PII) and protected health information (PHI) was accessible only to specific roles and residing in specific locations. The combination of personal information with medical information meant it was critical to have a map of the data across all environments to ensure this data was adequately protected and that access was strictly controlled. Before House Rx used Bedrock, they were manually creating this data map and keeping it up to date, requiring a time-consuming effort each week.
“It was wonderful to see how our data maps from A to B to infinity. Being able to look at a certain user and follow along on a map to see what that user can access, how they can access it, and where they can access it from in Bedrock’s platform, was phenomenal, especially as somebody who was sitting here trying to do it manually.”
Andrew Kuhn, Product Security Engineer, House Rx
With Bedrock, House Rx saves 60+ hours per week by eliminating manual effort for data security, enabling them to meet the security and regulatory compliance obligations required by the pharmaceutical and healthcare industry.
Step 2: Data Security Without Compromise
Data and threats are constantly changing, making it critical for organizations to shift from point in time data audits to setting up data perimeters that continuously monitor and contain risks to sensitive data. Bedrock’s Trust Boundary data perimeters can be used to ring fence regulated data and core IP to control Identity Access Management (IAM) reachability, network reachability, and data residency. With Trust Boundaries, you can start to segment sensitive data to prevent it from leaking into generative AI models — and to take action when humans, apps, or systems violate these policies.
To rapidly detect Trust Boundary violations and threats to sensitive data, Bedrock uses its patented Adaptive Sampling to scan your data continuously and incrementally and to set a baseline of its activity; any control violations or anomalies are paired with built-in remediations so security operations center (SOC) teams can minimize response times. To ensure data and security changes can be monitored continuously without trading cost for security (a significant problem that other DSPM solutions struggle with) Bedrock was built on a distributed serverless processing architecture. This approach enables organizations to achieve continuous data detection and response (DDR) with the industry’s lowest operational expenditure (OpEx), so you can maximize data security without making these cost compromises.
Step 3: Minimizing the Risk Surface
If your data security program is at a more mature level, your security team can use the AIR to reduce the risk of data and identity exposure, minimizing the risk surface for the brand, revenue, and reputation of your organization. This risk impact and analysis enables your organization to reduce identity overprovisioning for data access, minimize stale data, and track and defend your intellectual property, whatever form it takes in your organization. With the broader use of GenAI, it is critical for you to automatically find source IP and derivative works in order to effectively reduce security and compliance issues. This holistic approach enables your organization to allow business operations to leverage data to achieve its goals while also effectively securing sensitive data.
An example of ensuring data protection for legal and GenAI use cases includes a large biotech firm that uses Bedrock Security to protect its vast array of gene sequence files, a critical part of its IP. The platform also enables the firm to gain unparalleled risk minimization of these sequences within its digital environment.
“Bedrock's technology allows us to meticulously track over 10,000 gene sequences, monitoring their movement, duplication, and modification. This functionality is especially crucial during mergers and acquisitions, as it allows us to accurately trace the origin and journey of each sequence. Bedrock Security has provided us with the confidence and assurance needed to keep our IP distinct and protected, empowering us to continue our work without compromise."
- CISO, Publicly Traded Biotech Firm
For this biotech firm, Bedrock uses AI-enabled, patented technology to find gene sequences, including derivative variations and ensure the IP use meets their policy for usage, sharing, and storage.
What’s Coming Next
Crucial to our journey has been hiring the right team to build and test our platform before bringing it more broadly to market. Jeremy Linden (formerly at OpenDNS and Asimily) joined us as vice president of product and Kapil Raina (previously with CrowdStrike and Zscaler) joined us as vice president of marketing. With this leadership team in place and a platform designed to deliver a strong data security foundation for organizations at every level of maturity, we’re ready to accelerate our sales and marketing efforts.
The Bedrock platform is available in production, available to meet the needs of any organization seeking to embrace data sprawl without increasing risk. I’m excited for the next phase of the Bedrock Security journey. I know that we will help organizations (and you) by disrupting the way data security has been done for decades. It’s time for a change, and we’re here to deliver it: a platform that provides the data visibility you need with the reasoning and actionability required to protect your data in 2024 and beyond.
Reach out to us if we can help in your data security journey or connect with us at RSA to discuss your data security questions.