Establishing Digital Trust: Don't Sacrifice Security for Convenience
ClickToSecure combines Web application scanning that identifies potential vulnerabilities and direction on how to fix those flaws. The integration with Azure is initially targeted at small and mid-sized business customers as a way to easily integrate security analysis into a cloud deployment.
"Microsoft wanted to have some security solutions in their Azure marketplace portfolio," Mandeep Khera, Cenzic's chief marketing officer told InternetNews.com. "They wanted a partner that provided Web application security for companies that are developing application on the Azure platform."
Khera explained that the way a business acquires the Cenzic service for Azure is first the developer acquires Azure cloud services including storage and SQL server as well as using the Azure development tools. Once the application is built, a developer will want to ensure that it is secured, which is where Cenzic comes in. In the Azure marketplace, there is a place for partners. Cenzic is listed under security.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i"The whole goal is that if a company is coming to Azure, before they publish an application they want to make sure the security has been checked and vulnerabilities are fixed," Khera said.
In terms of deploying ClickToSecure for cloud, Khera noted that the challenges are no different than traditional Web application security.
"It's about the same, since we're language and platform agnostic," Khera said. "As long as it's a Web application, whether it's developed on Azure or any other platform, we'll treat it the same way."
Khera added that, in terms of the vulnerabilities that show up on Azure-based application deployments, they are the same issues that plague every type of Web application: Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF) and SQL Injection risks.
"Some applications have more vulnerabilities than others," Khera said. "It's your classic issue about what are the strengths and backgrounds of the developers that are building the applications."
Khera added that from a Microsoft Azure perspective, what they are providing is a platform and tools. So, at the end of the day, it is the skill set of the person building the application that will make the difference.
The Cenzic ClickToSecure offering for Azure is initially being targeted at SMB users of Azure as opposed to large enterprises. Khera noted that Cenzic's SMB ClickToSecure Azure release scans fewer pages and searches for fewer Web vulnerabilities than an enteprise release. That said, he stressed that small businesses would not be short-changed.
"Enterprises have internal applications that test for vulnerabilities like privilege escalation. That doesn't apply to SMBs," Khera said. "We cover all the major ones for SMBs for production applications."