Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

1/29/2016
01:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Lockr: Hosted API & Encryption Key Management for Secure Website Content

Lockr Managed Key Service for Drupal Is Out of Beta, Now Also Available for WordPress; First Key Free

TACOMA, WA--(Marketwired - Jan 26, 2016) - Lockr, the first key management service for modern content management systems, is now available for Drupal and WordPress, allowing developers, agencies and site owners to better secure web transactions by effortlessly protecting encryption and API keys (PayPal, MailChimp, FedEx, Amazon S3, etc.). 

Many businesses underestimate the likelihood and magnitude of a cyber attack, assuming that if they're not a major brand, they're not a target. Yet industry surveys show that upwards of 90 percent of companies experience some form of security incident, with nearly half involving the loss of sensitive data -- and costs for these attacks range from tens to hundreds of thousands of dollars. Broad use of SSL/HTTPS shows just how common it is for sites of all sizes to deal with sensitive data, yet SSL does nothing for security and protection of the actual website and customer database. For that you need encryption and key management.

"Our clients all require the best security possible to protect their brand, whether they be an innovative university like Stanford or an online enterprise like eBay," explains Esten Sesto, president of Project6 Design. "Websites are particularly vulnerable, yet there's no easy or affordable way for us to lock down things like API keys -- and if a hacker gets hold of the key for a third party mail service, for example, they can send fraudulent mail from a company's actual account. That's why we're so excited about the protection afforded by Lockr: it allows us to maintain the integrity of these brands and leave everyone with peace of mind that their keys are protected."

Leveraging proven enterprise-grade key management technology from Townsend Security, Lockr's offsite key management delivers best-practice security to protect against critical vulnerabilities and help sites meet PCI DSS, HIPAA and other security requirements. Lockr is available with hosting plans through Pantheon, with other leading service providers to be announced soon. To make it as easy as possible for site owners to try, Lockr is offering the management of the first API key for free, with additional keys starting as low as $5 per month. 

"SSL/TLS are commonplace today and necessary for websites to securely receive user data; unfortunately, that's only half the story. Once the website has the data, they are responsible to protect it, yet many continue to leave their encryption and API keys out in the open without a key management system," said Chris Teitzel, Founder & CEO, Cellar Door Media and creator of Lockr. "Up until now encryption and API key management was only affordable to large companies and enterprises. We solved that by offering key management as a service, allowing any site, regardless of size, to easily protect users, data and their brand from hackers."

Lockr can easily scale based on a website's needs, with plans ranging from personal to enterprise. For businesses who need to meet compliance requirements (PCI DSS, HIPAA, FISMA, etc.), Cellar Door Media offers Lockr for enterprise, with dedicated instances of Townsend Security's FIPS 140-2 compliant Alliance Key Manager.

 

About Lockr

Lockr, by Cellar Door Media, is the first hosted API & encryption key management for modern content management systems like Drupal and WordPress, providing an affordable solution for all sites to properly manage access and encryption keys. Lockr's offsite key management protects against critical vulnerabilities and delivers best-practice security to help sites comply with HIPAA, PCI DSS and other regulations. And best of all, even though it delivers enterprise-grade key management, it starts with hosted plans as low as $5 per month. Learn more at http://www.lockr.io.

 

###

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
TPM-Fail: What It Means & What to Do About It
Ari Singer, CTO at TrustPhi,  11/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: -when I told you that our cyber-defense was from another age
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18858
PUBLISHED: 2019-11-20
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
CVE-2019-3466
PUBLISHED: 2019-11-20
The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
CVE-2010-4659
PUBLISHED: 2019-11-20
Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents.
CVE-2019-4530
PUBLISHED: 2019-11-20
IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586.
CVE-2019-4561
PUBLISHED: 2019-11-20
IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the syst...