Confused by GCP’s two IAM APIs? You’re not alone. Here’s how they break down ⬇️ IAM V1 (Allow) Defines what’s granted Used in role definitions ~12,000 permissions IAM V2 (Deny) Defines what’s blocked Used in deny policies ~5,000 permissions BOTTOM LINE: In GCP over half of permissions can be granted, but not denied. Sonrai’s Cloud Permissions Firewall focuses where it counts, automating deny policies for supported (V2) permissions, getting you closer to least privilege without rewriting roles or policies. It’s precision automation in an imperfect environment.
Sonrai Security
Software Development
New York, NY 7,777 followers
Cloud identity and access management solutions for companies running on AWS and Google Cloud.
About us
Sonrai Security is a leading public cloud identity and access management solutions provider. With a mission to empower enterprises of all sizes to innovate securely and confidently, Sonrai Security delivers identity, access, and permissions security for companies running on AWS and Google Cloud platforms. The company is renowned for pioneering the Cloud Permissions Firewall, enabling one-click least privilege while supporting developer access needs without disruption. Trusted by leading companies across various industries, Sonrai Security is committed to driving innovation and excellence in cloud security. Sonrai Security has offices in New York and New Brunswick, Canada and is backed by ISTARI, Menlo Ventures, Polaris Partners, and TenEleven Ventures. For more information, visit https://sonraisecurity.com/
- Website
-
https://sonraisecurity.com/
External link for Sonrai Security
- Industry
- Software Development
- Company size
- 51-200 employees
- Headquarters
- New York, NY
- Type
- Privately Held
- Founded
- 2017
- Specialties
- security, cloud, data, devops, and identity and access management
Locations
-
Primary
Get directions
260 Madison Ave
8th Floor
New York, NY 10016, US
-
Get directions
Fredericton, New Brunswick E3C 0J1, CA
Employees at Sonrai Security
Updates
-
📰 New issue of Inside Cloud Privilege This month, we cover: ✅ WALLy Beta Launch. The first AI agent for Cloud PAM ✅ How to secure AI-generated infrastructure with guardrails that actually work ✅ Cloud Permissions Firewall for Google Cloud ✅ Why “Shift Left” is a dead end for identity security (new webinar!) Plus, a feature demo from Cole Horsman showing how Sonrai blocks risky AI-built infrastructure in real time. Read it all in this month’s Inside Cloud Privilege and see what’s next in cloud identity security.
-
💻 Tomorrow: Shift Left is a Dead End for Cloud Identity Security 📆 Wed, Oct 29 @ 1ET | 30 min Still relying on “shift left” to secure cloud identity? It’s time for a new approach. Join Brad Peters and Cole Horsman for a tactical walk-through of how to: ✅ Centralize identity guardrails ✅ Eliminate standing privilege with Just-in-Time access ✅ Reduce risk without disrupting developers 30 minutes packed with takeaways. 🔗 Save your spot: https://lnkd.in/g-tq47QU #SonraiWebinars
-
-
What happens when a business user vibe codes infrastructure in AWS using AI? Cole Horsman runs the test and shows how the Cloud Permissions Firewall stops risky deployments before they go live. Watch the full demo on YouTube 👉 https://lnkd.in/gMfa_8r9 If you’re building with GenAI, this is one you don’t want to miss. Learn more at SonraiSecurity.com
-
AI in AWS? Lock down IAM first. AI agents can be powerful… or dangerously over-permissioned. Without strict IAM controls, they can access sensitive services, modify infrastructure, and create unintended pathways to risk. Sonrai’s Cloud Permissions Firewall enforces least privilege for AI services like AWS Bedrock, AmazonQ, and Rekognition, automatically. Take control before AI takes control. 👉 Read the blog: https://lnkd.in/eHWmPmHy AWS Partners
-
-
💻 Register Now: Shift Left is a Dead End for Cloud Identity Security 🗓️ Wed, Oct 29 @ 1ET | 30 min | Presented by Cole Horsman and Brad Peters “Shift left” is ineffective and risky for identity security. When identity security is pushed onto developers, it leads to: • Over-privileged roles • Unused access and toxic combinations • Massive blind spots in your cloud This webinar shows how to flip the model: 🔒 Security owns permissions ⚙️ Automation enforces least privilege ⚡ Devs stay fast and focused 🔗 Register here: https://lnkd.in/g-tq47QU #SonraiWebinars
-
-
💻 Upcoming Webinar: Shift Left is a Dead End for Cloud Identity Security 📅 Wed, Oct 29 @ 1ET | 30 min Developers are told to “shift left.” But here’s the problem: It doesn’t work for identity security. In this 30-minute session, Brad Peters and Cole Horsman will walk through: • A dev’s real-world experience trying to “do the right thing” • How security and compliance break down under pressure to ship • Why identity guardrails need to be centralized You’ll see a better model where devs keep moving fast and CloudSecOps owns risk. 🔗 Register here: https://lnkd.in/g-tq47QU #SonraiWebinars
-
-
You wouldn’t give AI the keys to your AWS cloud, right? Without the right AWS IAM controls, that’s exactly what happens. AI services in AWS can be misused, misconfigured, or even weaponized by accident. Sonrai’s Cloud Permissions Firewall enforces least privilege for every identity, service, and action in your AI stack. 💙 Follow Sonrai Security for best practices on identity, access, and privilege management.
-
“Compliance shouldn’t be the bottleneck to better security.” Couldn’t have said it better, Cole. Loving this new “field notes” series — keep ’em coming!
Starting a weekly post to recap what I’m hearing from engineers(cloud, platform, security, devops) CTOs, CISOs and anyone else I meet online or on the road. Maybe call it field notes or something. Here goes: Met with a lot of great people this week tackling cloud identity challenges, but one session stood out: a team struggling with compliance slowing down security progress. It’s something I’m seeing across the board whether you’re working under SOX, PCI DSS, HIPAA, FedRAMP, ISO 27001, or NIST 800-53. Cloud controls get misinterpreted. Compliance becomes a blocker instead of a catalyst. 💡 Here’s my take: Audits and compliance aren’t the same thing: 🧩 Compliance defines the rules of the game, the control frameworks we align to. 🧑⚖️ Audits are the referees, they measure whether those rules are being followed. ✅ Done right, audits are mutually beneficial: 🔸 Companies prove they can protect their consumers. 🔸 Auditors keep us honest. 🔸 Consumers gain confidence their data is safe. But the waste is real. I’ve spent a year of my career teaching auditors how to audit cloud identity with no automation, no standardization, and too often, no shared understanding. 🔧 The fix isn’t just automation it’s alignment. Things that help: ⚙️ Compliance as Code codify controls into infrastructure and CI/CD pipelines. 🤖 Automated evidence collection reduce the manual overhead of proving what’s already enforced. 🧱 Standardized, concise controls so everyone’s testing the same intent. 🔁 Ongoing testing to prevent issues before they become audit findings. But above all, it takes collaboration: Embedding compliance and audit partners into engineering workflows, fostering mutual understanding, and training on not just what the controls are but why they exist, and when to push back. Compliance can’t be the bottleneck to better security. If anything, it should accelerate it. I don’t think security and compliance are at odds they’re just out of sync. 👀 Take a look at the image. In your organization does it feel like arm wrestling, or bonding?
-
-
Skeptical of “quick wins” in security? So are we. That’s why we built an ROI Calculator to show the real value of reducing privilege risk. No sales calls. No email forms. It takes less than a minute. The insights might just change how your team works. 🔗 Try it: https://lnkd.in/eMb4P6As
-