ChiselStrike announces its 7MM USD Seed Round! Learn more.

Ensuring Security & Compliance

The Problem

In addition to needing reliable infrastructure, modern web and mobile applications must be increasingly concerned with security. Increasing trends on having more web service exposure and more microservices inside our businesses increase the need for solutions that are easy to manage and foolproof.

In a common service application, it’s easy to leave off some code in a REST method and instantly expose it to the entire world.

Further, particular fields may be sensitive Personally Identifiable Information (PII) - and leaving filtering off in some area of the program may leak information to the wrong audiences.

Insider Threat topics and the need for Least Privilege Access are becoming increasingly vital.

Current web frameworks do a poor job of solving these problems because they require them to be handled at code level, and casual mistakes result in accidental exposure that is very hard to audit.

In addition to needing reliable infrastructure, modern web and mobile applications must be increasingly concerned with security. Increasing trends on having more web service exposure and more microservices inside our businesses increase the need for solutions that are easy to manage and foolproof.

In a common service application, it’s easy to leave off some code in a REST method and instantly expose it to the entire world.

Further, particular fields may be sensitive Personally Identifiable Information (PII) - and leaving filtering off in some area of the program may leak information to the wrong audiences.

Insider Threat topics and the need for Least Privilege Access are becoming increasingly vital.

Current web frameworks do a poor job of solving these problems because they require them to be handled at code level, and casual mistakes result in accidental exposure that is very hard to audit.

The Solution

Our “all in one” solution to automating DevOps, Service, and Data-layer concerns eliminates the possibly of introducing vulnerabilities through cloud architecture mistakes, but there are even more benefits to the ChiselStrike platform.

Our data labelling technology allows potentially sensitive data to be anonymized across your infrastructure when retrieved by different classes of users. This level of Personally Identifiable Information control is critical to HIPAA use cases. For instance, in a health care or insurance related example, certain classes of users - such as developers or support staff - may be blocked from seeing patient records, but could still see contact information and other notes. As this is applied at the model level, it’s not possible to forget to add filtering code to specific services.

Our policy language also makes it easy to assign and audit what users and routes are able to access what endpoints and REST functions, separate from the code layers.This means that we no longer have to worry about code to check user levels accidentally being misplaced, opening up a portion of a webservice or backend to global access.

As expected, all communications with ChiselStrike are automatically secured using SSL encryption, and there are no certificates to request or keep updated.

All of these features combined make ChiselStrike the ideal platform for building worry-free backend services around confidential data, ensuring security & compliance in an easy to understand way, that can be audited by humans of all skill levels.

Our “all in one” solution to automating DevOps, Service, and Data-layer concerns eliminates the possibly of introducing vulnerabilities through cloud architecture mistakes, but there are even more benefits to the ChiselStrike platform.

Our data labelling technology allows potentially sensitive data to be anonymized across your infrastructure when retrieved by different classes of users. This level of Personally Identifiable Information control is critical to HIPAA use cases. For instance, in a health care or insurance related example, certain classes of users - such as developers or support staff - may be blocked from seeing patient records, but could still see contact information and other notes. As this is applied at the model level, it’s not possible to forget to add filtering code to specific services.

Our policy language also makes it easy to assign and audit what users and routes are able to access what endpoints and REST functions, separate from the code layers.This means that we no longer have to worry about code to check user levels accidentally being misplaced, opening up a portion of a webservice or backend to global access.

As expected, all communications with ChiselStrike are automatically secured using SSL encryption, and there are no certificates to request or keep updated.

All of these features combined make ChiselStrike the ideal platform for building worry-free backend services around confidential data, ensuring security & compliance in an easy to understand way, that can be audited by humans of all skill levels.

Next Steps?