Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

1/29/2016
01:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Lockr: Hosted API & Encryption Key Management for Secure Website Content

Lockr Managed Key Service for Drupal Is Out of Beta, Now Also Available for WordPress; First Key Free

TACOMA, WA--(Marketwired - Jan 26, 2016) - Lockr, the first key management service for modern content management systems, is now available for Drupal and WordPress, allowing developers, agencies and site owners to better secure web transactions by effortlessly protecting encryption and API keys (PayPal, MailChimp, FedEx, Amazon S3, etc.). 

Many businesses underestimate the likelihood and magnitude of a cyber attack, assuming that if they're not a major brand, they're not a target. Yet industry surveys show that upwards of 90 percent of companies experience some form of security incident, with nearly half involving the loss of sensitive data -- and costs for these attacks range from tens to hundreds of thousands of dollars. Broad use of SSL/HTTPS shows just how common it is for sites of all sizes to deal with sensitive data, yet SSL does nothing for security and protection of the actual website and customer database. For that you need encryption and key management.

"Our clients all require the best security possible to protect their brand, whether they be an innovative university like Stanford or an online enterprise like eBay," explains Esten Sesto, president of Project6 Design. "Websites are particularly vulnerable, yet there's no easy or affordable way for us to lock down things like API keys -- and if a hacker gets hold of the key for a third party mail service, for example, they can send fraudulent mail from a company's actual account. That's why we're so excited about the protection afforded by Lockr: it allows us to maintain the integrity of these brands and leave everyone with peace of mind that their keys are protected."

Leveraging proven enterprise-grade key management technology from Townsend Security, Lockr's offsite key management delivers best-practice security to protect against critical vulnerabilities and help sites meet PCI DSS, HIPAA and other security requirements. Lockr is available with hosting plans through Pantheon, with other leading service providers to be announced soon. To make it as easy as possible for site owners to try, Lockr is offering the management of the first API key for free, with additional keys starting as low as $5 per month. 

"SSL/TLS are commonplace today and necessary for websites to securely receive user data; unfortunately, that's only half the story. Once the website has the data, they are responsible to protect it, yet many continue to leave their encryption and API keys out in the open without a key management system," said Chris Teitzel, Founder & CEO, Cellar Door Media and creator of Lockr. "Up until now encryption and API key management was only affordable to large companies and enterprises. We solved that by offering key management as a service, allowing any site, regardless of size, to easily protect users, data and their brand from hackers."

Lockr can easily scale based on a website's needs, with plans ranging from personal to enterprise. For businesses who need to meet compliance requirements (PCI DSS, HIPAA, FISMA, etc.), Cellar Door Media offers Lockr for enterprise, with dedicated instances of Townsend Security's FIPS 140-2 compliant Alliance Key Manager.

 

About Lockr

Lockr, by Cellar Door Media, is the first hosted API & encryption key management for modern content management systems like Drupal and WordPress, providing an affordable solution for all sites to properly manage access and encryption keys. Lockr's offsite key management protects against critical vulnerabilities and delivers best-practice security to help sites comply with HIPAA, PCI DSS and other regulations. And best of all, even though it delivers enterprise-grade key management, it starts with hosted plans as low as $5 per month. Learn more at http://www.lockr.io.

 

###

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.