AutoRABIT CodeScan Shield Delivers Platform Cybersecurity
AutoRABIT, a leading Salesforce devops platform vendor based in San Francisco, last week introduced the CodeScan Shield cybersecurity family and a new platform cybersecurity service called OrgScan. “The average cost of a data breach in the U.S. is over $9 million. And knowing 23% of data breaches are caused by human error, we’ve expanded our DevSecOps toolset to monitor performance and mitigate risk. This will help Salesforce development teams with consistency, compliance, and data security,” said Prashanth Samudrala, vice president of product management at AutoRABIT in a press release.
Platform Cybersecurity is an Operational Concern
AutoRABIT’s new OrgScan product fits into the Salesforce Devops Map category platform cybersecurity. When I talk about platform cybersecurity, I am referring to all the cybersecurity concerns one may have about an operational SaaS system. These some platform cybersecurity concerns are:
- Public Data Access
- System Access Control
- Application Access Control
- Group Access Control
- Field-Level Security
Thinking about this problem reveals tremendous complexity in how an individual user’s access is determined. In Salesforce, an individual’s Profile, Role, plus an intersection of Permission Sets must be collated to determine access. In complex orgs, the intersection of these factors creates thousands, if not millions, of possible security configurations. Without automation like OrgScan, it is now impossible for a cybersecurity analyst to adequately validate the design and usage of a complex Salesforce org.
OrgScan is a New Opportunity for AutoRABIT
By expanding into Salesforce platform cybersecurity, AutoRABIT has expanded their product offerings significantly. OrgScan now puts AutoRABIT on the competitive radar of AppOmni, OwnBackup/RevCult, Strongpoint, and Odaseva, who also have Salesforce platform cybersecurity services.
AutoRABIT comes well-equipped to the platform cybersecurity market. Since AutoRABIT is already an effective Salesforce devops platform, the company has developed expertise at metadata intelligence. Metadata intelligence systems are built up when the platform dynamically ingests complex metadata using proprietary methods. And then the data is used to manage the release and application delivery process.
Metadata intelligence also enables platform cybersecurity functions. This works by the metadata intelligence system letting OrgScan know what settings and configurations it needs to check. I had a chance to discuss OrgScan with Eric Pearson, who is a senior product manager and enterprise account at AutoRABIT. I asked for more information about OrgScan.
“OrgScan analyzes Salesforce profiles and permission sets to ensure they are compliant with client mandated specifications and guidelines. Violations get flagged and recorded in an interactive dashboard. It also calculates your compliancy score and identifies areas of concern to be reviewed. OrgScan also tracks your progress for these reviews. Collectively, these features ensure admins maintain the governance control within their organization,” said Mr. Pearson in our email exchange.
AutoRABIT Refocuses on Cybersecurity
CodeScan Shield is a branding upgrade from the old Codescan mark with no inter-capitalization. This announcement makes sense for AutoRABIT on a couple of levels. First, a slight branding change and naming umbrella brings attention to the existing developer cybersecurity features of the CodeScan. And it allows AutoRABIT to fold the platform cybersecurity features of OrgScan under the new brand.
CodeScan (without the Shield part) is a static application security testing (SAST) service. CodeScan, and competitors DigitSec and Clayton, “shift left” more application testing activities into the hands of developers. For example, SQL injection can be automatically checked by looking for certain code patterns. When these problems are found, a developer’s interactive development environment (IDE), such as Microsoft VS Code, puts gold-colored “squiggly marks” on the naughty code. Since initial scans can overwhelm developers, IDE integration is critical.
With the right tooling and services, this strategy is useful in deterring future actions by threat actors. CodeScan Shield is also integrated into AutoRABIT’s release management system, which can increase compliance.
Devops Buyers Need High Security Environments
Critical applications are frequently a nexus for external system integration and credential management. And AutoRABIT has made a business out of servicing regulatory and change-management needs of the critical application market. This includes Salesforce customers who also are Veeva, nCino, and Salesforce Industry users. So, it makes sense that AutoRABIT has moved even more strongly into cybersecurity and continues to develop DevSecOps as its market category.
Good cybersecurity implementations depend on metadata intelligence as well as controlling the devops pipeline. So, it makes sense for AutoRABIT to include these systems as built-in features. Other vendors, such as Copado, are developing a more open architecture for 3rd party extensions.
Cybersecurity falls more on the “ops” side of the Salesforce devops equation, and it does not get the attention it deserves. But the concern does not go away.
As Salesforce and SaaS devops is increasingly used to develop and deploy critical applications, new cybersecurity operational concerns are created. It is now impossible for any individual cybersecurity analyst to fully assess any security holes due to org complexity. And as the complexity of Salesforce continues to skyrocket, platform cybersecurity services like AutoRABIT OrgScan will increasingly become an essential tool for Salesforce operations.