CIO Insider

CIOInsider India Magazine


Arcoiris Labs, LLC: Automating Application Security for the Hybrid Application Ecosystem

Amey Kshirsagar ,Managing Director

Amey Kshirsagar

Managing Director

Threat research results have pointed to a fact that enterprises still suffer from increasing security vulnerabilities due to having long exposure window to get the things fixed. Such situations happen due to absence of understanding regarding Secure Software Development Lifecycle & DevSecOps within the organization. To explain in short, application security integration should be a phase of Software Development Lifecycle. One such ecosystem of application development that is being consistently ignored is Hybrid Application Ecosystem. Hybrid application development has become extremely popular because of the code base that can be used almost uniformly on multiple computing platforms, saving the developer the arduous job of having to recreate it from scratch each time for each platform. Since the app is actually running in a web based technology with all the browser capabilities around it, attackers are able to pull off different attack vectors, like code theft to find sensitive information while also carry out remote man-in-the-middle attacks, where data is intercepted as it is transmitted. More so, once an app is cracked, an attacker can also use it as a vector for malware to attack other apps on the victim’s device, or even the company behind the app itself. Pune headquartered Arcoiris Labs, LLC has built a cloud based fully automated multiplatform compilation

tool chain, that integrates self protecting, military grade application security in the application to ensure adoption of secure development practices as a part of application development without requiring the developer to lose focus from its own objective i.e. application development. It helps the developer to deliver an application built with the best security standards, on multiple platforms like Android, iOS, Windows, Mac OSX & Linux, without writing a single application security code on each platform.

"Calypsotic Cloud is a SaaS tool-chain that automates DevSecOps for hybrid apps by embedding cross platform security during app development on mobile, desktop & IoT"

Technologies like Cordova, Ionic, React Native & Electron, are the currently used for hybrid application development based on web technologies. However, as is, the apps built on these frameworks are insecure by design, because integrating & maintaining application security on each release each platform is a ‘herculean’ task for a small team. This either needs to hire a talent who can do such tasks or strengthen the cloud security by spending a fortune on firewalls, and cloud protection solutions etc. According to White Hat report, 85 percent apps violate at least one application security standard on each platform. In Arcoiris’ wide survey, it was revealed that small & medium organizations,(emerging consultancy companies in many developing countries), do not follow all the application security standards due to lack of time, money & resources. More so, insufficient talent availability prevents their commitment towards investing their time and resources in adoption & implementation of security standards. With Calypsotic Cloud, developers can responsibly secure cross-platform apps & save a lot of

time, by simply creating security policy set, like specifying recipe of a unique, custom & cross platform security framework. With the app being compiled along with respective platform’s security framework, the issues on individual platforms specific and common amongst it, are mitigated at build stage.

Calypsotic Cloud is a SaaS based, state of the art tool-chain that automates DevSecOps for apps built using hybrid application frameworks to deliver value of security & development working together. Arcoiris Labs started providing the framework for mobile applications and now offers to secure the apps for desktop & IoT devices as well.

Achieving real Cross Platform Security
In order to evaluate their value proposition, Arcoiris Labs first made an MVP of their Calypsotic Cloud bench marking their 2 years of efforts. On one end the company did a benchmark on the latest method being practiced at that time to secure hybrid apps all manually. A timeline of one month was spent to secure apps on Android & iOS, wherein the objective of the team at Arcoiris was to fulfill 60 percent of the Mobile Security Checklist made by OWASP. When Calypsotic Cloud was deployed, the Arcoiris team achieved a month’s work in just 20 straight minutes. “It was at this moment that we were sure that developers will definitely like Calypsotic Cloud”, says the confident Managing Director of Arcoiris Labs, Amey Kshirsagar.

Arcoiris follows standards & guidelines provided by OWASP, NIST Cybersecurity Framework, and ISO 27001, to mitigate vulnerabilities on mobile, desktop & IoT. Arcoiris Labs, as an organization, aims to build & share with the world, a new breed of technology, that will help deliver an evolution in every enterprise, to deliver value precisely in mission critical situations.

Current Issue
Elektrobit: Embedded Augmented Reality Software Solution to Validate Automated Driving