Developers are increasingly being held accountable for the security of their applications even though many of them may not have either much in the way of security expertise or even the tools needed to secure those applications.
Looking to provide those developers with an alternative approach to securing their applications, CloudLock has exposed an API that developers can use to invoke content classification, policy management, incident management, user behavior analytics, encryption and quarantining via a set of REST APIs.
CloudLock CEO Gil Zimmermann said that while the CloudLock Security Fabric makes these services available directly to IT organizations, it became apparent that when it comes to application development, there are still gaping holes. The main reason is that developers generally still think of security as either an afterthought or as someone else’s responsibility. Enabling them to invoke REST APIs to secure their applications not only reduces costs, Zimmermann said, it reduces the friction to the point where developers will actually want to take the time and effort required to secure their applications.
Additional capabilities of the CloudLock service include the ability to securely integrate with third-party software-as-a-service applications such as BoxTrack this API, Dropbox, Google Apps, Microsoft Office 365, Salesforce and ServiceNowTrack this API, as well as any application running on the Force.com platform-as-a-service environment from Salesforce on which CloudLock itself is hosted. CloudLock also provides visibility and control over applications running on clouds from Amazon Web Services and Microsoft Azure.
In terms of other security services, via its APIs, CloudLock integrates out of the box with a number of additional platforms and services, including security information and event management systems from Splunk and Hewlett-Packard, business intelligence applications from Tableau, and identity-as-a-service offerings from Okta and OneLogin.
To keep track of security threats, CloudLock continuously monitors more than 1 billion files daily across more than 10 million users. That information is supplemented by crowdsourcing additional insights from a network of security professionals that participate in a CloudLock CyberLab. Zimmermann said CloudLock is making a concerted effort to not only expose that expertise to developers, but also get them to participate in the larger crowdsourcing community.
In some ways it’s ironic that the very API technology that might make an application vulnerable can be used to better secure it. But time and again it’s been proven that the best way to fight any kind of fire is with more of the same.