Checkmarx One™ Cloud-Based Application Security Platform Is Expanding its Footprint
The average layperson likely envisions “the cloud” as being some anomalous, effervescent thing that has no boundaries and none of the physical constraints of a typical computing network. Those of us who have helped build “the cloud” know it much differently. To us, it’s just another network made up of routers, switches, cables, fibers, load balancers, servers, security technology, and lots and lots of software. The cloud is nothing more than a network that just so happens to not exist in your buildings. Instead, it’s a network in someone else’s buildings that often spans the world with an almost global reach. Terms like points of presence, edge locations, availability zones, regions, branches, global backbones, peering agreements, etc. are terms often heard by engineers who speak the cloud vernacular.
One of the issues that has often stymied the acceptance of cloud-based offerings like SaaS, PaaS, IaaS, etc. is all about location. The reason for this is simple—jurisdiction. Regulatory compliance requirements like GDPR in the EU, data protection and privacy laws in countries all over the world, and general FUD (fear, uncertainty, and doubt) about the cloud being too risky have slowed its growth. FUD is something that is not easy to overcome; however, data protection and privacy requirements have been addressed due to the cloud footprint. Let’s use DDoS defenses as an example of what we’re talking about.
If an organization in the EU wanted to buy DDoS defenses from a cloud-based provider, the provider would have to have cloud-based DDoS scrubbing centers in the EU. In the event of an organization coming under a DDoS attack, the cloud-based DDoS defense company would swing all inbound traffic destined to a site under attack and route that traffic to a DDoS scrubbing center. The scrubbing center would remove the DDoS component of the traffic, and then return all “good traffic” back to the site under attack.
Most people would believe that this is due to distance requirements, potential latency, etc., but it is not. Since cloud backbones are made up of large numbers of 100 gigabit pipes, latency is not the issue—but jurisdiction and data sovereignty are. In other words, if traffic is coming into an organization in the EU, once that traffic is inside the EU, it must remain in the EU to meet regulatory compliance requirements. If the DDoS scrubbing center was outside of the EU, this would be a compliance issue. And the same thing goes for cloud-based application security testing (AST) platforms like Checkmarx One.
Checkmarx One is an AST platform that exists in our own cloud, running in the cloud. And like any cloud-based DDoS defense provider, the Checkmarx “cloud” must also have a global presence. That is why we already have SaaS instances in North America, the EU, Australia, India, and Singapore. This equates to five (5) SaaS instances to better serve our customers worldwide. Again, this has nothing to do with latency or distance. This has to do with data sovereignty. And with organizations, software developers, and application security teams located all over the world, we must operate in the same regions in which they operate. Checkmarx One is available to all organizations in all regions regardless of their size or number of software developers.
For Checkmarx, it’s always been about a global AppSec presence since software knows no boundaries, but data sovereignty does. Also, there is no difference in the costs of our platform no matter where in the world you operate. Organizations send their lines of code to the location of choice where we operate, the platform scans the code for vulnerabilities and associated risks, and results are returned to the organizations—in the most secure fashion possible. The term we coined for this is called, “Global AppSec,” since we understand code knows no boundaries, and neither does security.
In other words, software security where you need it, when you need it, and however you like it. That is what Checkmarx One is all about.