Blogs & Resources

Platform Architecture: What differentiates Theom’s cloud data protection platform?

Supreeth Rao

Theom is a purpose-built data security platform designed to protect enterprise data stored in the cloud environments such as AWS, Azure, and Snowflake and accessed through cloud APIs. Theom differentiates itself from other products in the market through the underlying platform architecture. This blog post takes a closer look at these elements.

Theom Platform Overview

Easy to Deploy without any agents

Theom is easy to deploy and use by customers, big and small. There are no agents to deploy across enterprise assets in the cloud. Customers grant Theom read-only access to their cloud data stores and data warehouses. In the case of AWS accounts, customers can use CloudFormation Templates (CFT) or HashiCorp TerraForm to deploy Theom. The deployment process brings Theom’s compute into Snowflake itself, making it even easier for Snowflake. Customers who have deployed Theom have onboarded multiple cloud accounts within an hour, and Theom has auto-discovered thousands of data stores and tables in those accounts within a few hours.

Secure by Design

Theom is designed to provide data intelligence and risk prioritization without customers’ data ever leaving the ‘realm’ of their cloud accounts. Customers of Theom need a solution to log, trust, and verify any action taken by Theom. Theom creates proof of data classification and integrity within the Customer's realm, ensuring no unauthorized data tampering or ingress/egress. Theom has integration with Hedera to provide the provability of data security verdicts.

With Theom, computing is all done within the Customer’s enterprise, so always part of the solution! (and not the problem)

Threat Intelligence

Theom comes out of the box with smart defaults and security rules, constantly keeping up to date with the evolving threat landscape. Our threat research team authored these rules, which study the tools, techniques, and procedures (TTP) of attacks that target sensitive data stored in the cloud.

Highly Customizable

Theom allows enterprises to customize the product. Customers can clone and edit existing rules or create new ones. They can also change the default sensitivity level of data entities discovered and monitored by Theom. Theom can expand the data classification engine by allowing customers to upload their custom data taxonomy. 


Theom can fit into the existing workflows of most enterprise customers that use tools for security incident management and internal collaboration. Specifically, security risks identified by Theom can be converted into cases in JIRA, shared via Slack, and exported into SIEM like Splunk. Since Theom monitors open risks, it can verify when the risk is actually mitigated and thus create a closed-loop process across the enterprise.

Theom is a cloud data protection platform that delivers immediate value to customers. It is easy to deploy, secure by design, highly customizable, and uses the latest threat intelligence to protect enterprises from data breaches, ransomware, and inside threats to sensitive data.