Bedrock Blog

Revolutionizing Data Security: How Bedrock’s AI-Driven Approach Empowers Businesses

Written by Kapil Raina | Jul 1, 2024 8:18:51 PM

 

In an era where data breaches dominate headlines and sensitive information is scattered across cloud platforms, the traditional approach to data security is falling short. Enter Bedrock Security, a startup that’s redefining how businesses protect their most valuable asset: data. 

In a recent fireside chat podcast with Byron Acohido of The Last Watchdog, Bedrock Security’s CEO Pranava Adduri discussed the fundamental changes that the cloud and GenAI are creating in corporate computing environments, as well as detailing Bedrock’s innovative strategies that are changing the game in data security posture management.

The Crumbling Perimeter and the Rise of Cloud-Native Solutions

In their conversation, Acohido and Adduri explored the fundamental changes in enterprise IT architecture that are forcing organizations to rethink their approach to data security.

“Except in very limited cases, the enterprise network perimeter doesn’t exist anymore,” he says. “The physical data center is fading away. Applications, data warehouses, network file systems, development tools, and most everything else in the IT stack have moved to the cloud.”

Adduri explained that when your data is everywhere, and the only barrier is a login, identity becomes the new perimeter.

“The difference between your Google Drive and my Google Drive is our login.” Adduri says. “Identity is the common ground in terms of access to these different systems. And so if you think about all the data that’s being collected, identity is the path in.”

This shift has made traditional data security measures obsolete. The common approach of building rigid rules with little context about the data is proving too crude and brittle to protect today’s complex, fragmented data ecosystems from ever-evolving cybersecurity threats.

In this new landscape, traditional RegEx rules and keywords can no longer keep up with today’s dynamic data usage. Adduri cites a conversation he had with an executive from an energy company that’s drowning in woefully inaccurate data security information. 

“They have so many false positives that they can’t possibly review all of them, so they just have to live with all these warnings they can’t do anything about,” he explains. “The business is accepting risk because current tools are inadequate.”

The issue, Adduri says, is that these tools lack business context. 

“When a security team gets an alert that someone is emailing a file containing social security numbers, their first question is, “Did they mean to do that?” and the second question is “Do they have a legitimate need to email social security numbers?” Adduri explains. “Without context, it’s impossible to differentiate between a breach and a legitimate business need.”

To address these challenges of modern data security, Bedrock has built a new model: adaptive, intelligent, and human-centric. It’s a model that recognizes that in the end, data security isn’t just about algorithms and firewalls. It’s about people, their intentions, and the dynamic flow of information that powers modern business.

Bedrock’s Solution: AI Reasoning and Adaptive Sampling

Adduri explained Bedrock Security’s twofold approach to improving data security for modern organizations. First, Bedrock has pioneered a technology called Adaptive Sampling to make data discovery feasible at scale. Traditional classification tools can cost upwards of a thousand dollars per terabyte in compute costs, making it prohibitively expensive for organizations to comprehensively and continuously scan their data.

For example, AWS’s Macie data security service is functional but costs about $1,000 a terabyte in computational effort. If your organization has a petabyte of data, that’s about $1 million per scan to map your data. That cost is not viable for most organizations.

“With this challenge in mind, we created Adaptive Sampling to commoditize data discovery,” Adduri says. “With Bedrock, you can scan 16 petabytes for under $2,000 in computing effort.”

Bedrock’s Adaptive Sampling learns patterns in how data is structured. Instead of examining every file, Bedrock’s system recognizes data sets, such as application logs, employee information, or financial forms. By recognizing these data patterns, the system can sample strategically, dramatically reducing the compute required while ensuring exceptional classification accuracy.

Once the data is mapped, Bedrock uses its AI Reasoning (AIR) Engine to understand what’s most important to the business. This addresses the other major shortcoming of traditional approaches to data security: static rules. 

“Modern data is dynamic,” Adduri says. “Access to the data is changing because people are sharing it all the time, all over the cloud and inside enterprises. So instead of building static rules, Bedrock’s AI Reasoning Engine learns the business context of data, which then guides how policies are applied.”

Organizations are constantly playing the game of whack-a-mole with security. Static rules can’t keep up. Data usage is constantly changing and at the same time cyberthreats continually evolve. 

“Our understanding of data must be much clearer and more comprehensive,” Adduri says. “That’s why we created Bedrock Security.”

The Game-Changer: Empowering Users with Context

But perhaps Bedrock’s most revolutionary innovation is in how it is empowering entire organizations to improve data security. Instead of depending only on the security team to remediate data risks, Bedrock empowers business users to address many types of data security issues. 

“Step one of data security is that you have to keep track of all the stuff that’s happening,” Adduri explains. “Step two is you have to make sense of it. And step three is you have to constantly remediate. But instead of bottlenecking remediation with the security team, you empower the business to do the work and be active data stewards.”

This approach, which Acohido aptly calls “tapping the goodwill of employees,” is a paradigm shift. It distributes the responsibility for data security to the business users who have the most context about data usage. 

As Adduri puts it, “When the business is moving fast, the intention is usually not to be nefarious. It’s to be productive and move the business forward.”

By alerting users directly, Bedrock can leverage their understanding of the situation. This level of granular, contextual alerting is only possible because of the foundational work Bedrock does in mapping and understanding the data landscape.

The Future of Data Security

As we move into an increasingly cloud-native, identity-driven world, Bedrock is establishing a new standard for data security. By leveraging AI to understand data context, by making discovery affordable at scale, and by empowering users to be part of the solution, it’s addressing core issues that have long plagued data security.

In a world where, as Adduri says, “data is not a security problem, it’s a business problem,” Bedrock’s strategy makes perfect sense. Bedrock is not just securing data. It is helping businesses understand and manage their data risk in real-time. 

As data volumes explode and cloud services proliferate, technologies like Bedrock aren’t just nice to have — they’re essential.

In a world where data is the lifeblood of business and identity is the new perimeter, that help could be the difference between a data disaster and a secure, thriving enterprise.

Learn more about how Bedrock Security can bring new levels of protection to your most important data.