IBM has purchased application security startup Polar Security, in an attempt to address the security of application data in the cloud and help organisations track vulnerable information.
In a statement issued this morning, IBM said that the increased cloud adoption driven by the pandemic has strained organisational capacity to track certain aspects of their application frameworks, including certain types of app data, permissions and more. The company said that this has led to “shadow data,” which isn’t being actively tracked, as well as siloing of information.
The company called Polar a pioneer of “data security posture management,” which focuses on discovery and organisation of sensitive information — the idea is identify where sensitive data is stored and what it’s being used for, as well as identifying potential issues in security policy, data usage and configurations.
Polar’s platform is agentless and, IBM said, can be up and running in “minutes” on a client’s systems.
“Polar Security can automatically find unknown and sensitive data across the cloud, including structured and unstructured assets within cloud service providers, SaaS properties, and data lakes,” the company’s statement said. “Once discovered, Polar Security classifies the data, maps the potential and actual flow of that data, and identifies vulnerabilities, such as misconfigurations, over-entitlements, and behavior that violates policy or regulations.”
Polar then offers automatically generated reports that prioritise threats according to risk, as well as practical guidance on correcting any issues. IBM said that Polar’s technology will be incorporated into its Guardium line of data security offerings, enabling it to cover data stored anywhere.
Polar was founded in 2021 in Israel. Terms of the deal were not disclosed, though unconfirmed reports place the price tag at $60 million. IBM has been active in the mergers and acquisitions market in recent months, having purchased GraphQL specialist StepZen in February, and announced plans to snap up network automation SaaS vendor NS1 in the same month. In 2022, the company announced takeover bids for digital product engineering company Dialexa in September, followed by IT modernisation vendor Octo in December.