Securing Your Database with Cyral

Promote this Nomination

Additional Info

Company size (employees)10 to 49
Headquarters RegionNorth America


Most companies don’t know what data they have, where it is stored, or who has access to the data. As more users, applications, and services require access to sensitive datasets across multiple clouds, security organizations struggle to keep pace with the growing risks, complexity, and costs associated with securing data.

Cyral automates least privilege for your most sensitive datasets to reduce risk, complexity, and cost. The Cyral platform discovers these datasets, unifies access controls for users and applications, and enables fine-grained authorization policies as code, which enables risk-based governance and limits the blast radius of data breaches.

Unlike other security controls in the tech stack, Cyral’s discovery, authentication, authorization, and auditing controls build a secure perimeter directly around priority datasets to regulate who has access, how much access, and when access can be granted — eliminating the risk of insider threats, direct attacks, and compromised applications and environments.

How we are different

Securing database access is critical for data-driven businesses that expect nearly every role to access data for insights, but many databases are protected only by a shared admin password that gives the user full access across the whole dataset. Network security tools have no way of knowing what’s in the database and whether a user should be allowed to access a specific field or record—it’s all-or-nothing access to the data. Cyral fixes that by adding multi-factor authentication and data masking that works down to the cell and IP-based controls.

Many people also think their privileged access management (PAM) system is enough. PAM solutions first authenticate a user’s identity, then grant privileges based on that identity. On the surface, the case for using PAM to grant database access looks strong. The problem is that PAM solutions are not data or database aware: they don’t interface with data or databases effectively, so they don’t manage access effectively either, and everything from security to accessibility suffers as a result. Cyral goes beyond PAM’s restrictions to first authenticate any user or application in a way that’s secure, efficient, and consistent. Then, it applies additional security controls that carefully dictate privileges on the data layer.

Cyral also has risk-based data security governance. It allows a company’s security leader to set an exfiltration cap on sensitive data, so even if hackers get past initial security measures, they can’t steal anything worthwhile. Often in the case of a breach, the culprit is a lack of controls on the server where the data is kept, and authorized users and applications that should be reading only a few records can access thousands without issue. Cyral’s approach mitigates risk based on the sensitivity of the data rather than focusing on the attack vector.