Table of content
Our client is the leading provider of security platform that helps businesses to protect their enterprise provisioned public cloud data. Their services aim to protect company’s assets on the cloud without impacting end-user experience and without involving IT operations.
Our client required a platform which could provide complete visibility into their customers cloud assets and track its usage. The platform was also required to identify the sensitive, confidential data accessible / made available on public domain through a, multidimensional analysis engine. This was coupled with a need for rich, intuitive interface for their unique features like scan settings, policy settings, detections and dashboards. The main objective of the application was to seamlessly integrate the core platform with different cloud applications that allow collaborative file sharing, distributed version control, synchronizing abilities with desktop folders etc. and provide a security platform to their clients to protect their cloud data. In addition, the application would have capabilities to:
- Define company specific policies to scan exposure risks in assets like files, documents deployed in cloud applications
- Give a 360° visibility without any IT, proxy or agent dependency
- Identify cloud data compliance violations with a multidimensional root cause analysis
- Eliminate cloud data risk by rectifying exposure risks and compliance violations
Our client wanted an application that would scan various policies or rules and easily identify violations against the set rules for a particular client. These policies range from HIPPA compliance, PCI compliance to personal information. Detections were the most important parameter that were intended to draw attention to any non-compliance, information leaks and all potential risks to the customer's cloud provisioned data well in advance. This was coupled with a multi-fold challenge of seamless integration with any of the 3rd party public clouds that allow collaborative file sharing, distributed version control, synchronizing abilities with desktop folders etc.
For this particular need, the client was looking for a partner with strong product background and experience in developing, integrating /implementing key cloud solutions for multi-tenancy, access from multiple devices and administration tools, etc. Considering Xoriant's experience in handling several cloud services with an expertise to tackle different cloud applications, Xoriant proved an apt choice for the application development.
Xoriant created a team consisting of system manager, developers and QAs that engaged the client in an agile execution methodology.
Highlights of the engagement are:
- Rich and intuitive UI development using cutting edge technology like Ruby on Rails along with robust backend development using Java
- Aggregation and ready availability of huge terabytes of application data and business data stored in MongoDB
- Fetch asset information by querying cloud assets using REST APIs developed on Jersey client
- Java programs developed for scanning asset information and finding detections and store in to MongoDB
- Queued the data using Amazon SQS and Rabbit MQ
- Developed services using REST APIs to scan users account and detect risky files based on a detection algorithm
- Developed email module to trigger mails for alerting users of any security risks
- Created test plans, test cases and test automation with Selenium web driver, TestLinks and Jenkins for comprehensive test coverage
- Ruby on Rails
- REST APIs
- Amazon SQS
- Rabbit MQ
- 40% reduction in risks pertaining to information leaks and unauthorized access to public data
- Simplification of compliance analysis precisely detected confidential data that is put publicly
- Email module enabled quick alerts and counter actions to be taken by users on any potential risks to their public data
- Increased client base by 15% within a Quarter of launch of application, due to the ease of integration with any of the public clouds that allow collaborative file sharing, distributed version control, synchronizing abilities with desktop folders etc.
- Robust security for public cloud accounts has ultimately increased application adoption by 20% from key industry leaders where confidentiality and availability of data are major concerns