Lockr Managed Key Service for Drupal, WordPress Launches

Lockr, a hosted API and managed key service for Drupal is out of beta and now also available for WordPress.

security thoughts

Cellar Door Media announced that Lockr, a key management service for modern content management systems, is now available for Drupal and WordPress.

Lockr enables developers, agencies and site owners to better secure Web transactions by protecting encryption and API keys from organizations such as PayPal, MailChimp, FedEx, Amazon S3 and others.

Cellar Door Media ranks encryption and key management as key protections businesses require to operate today. Many businesses underestimate the likelihood and magnitude of a cyberattack, assuming that if they are not a major brand, they are likely not a target.

Yet industry surveys show that upwards of 90 percent of companies experience some form of security incident, with nearly half involving the loss of sensitive data—and costs for these attacks range from tens to hundreds of thousands of dollars.

The company argues that broad use of security technologies like SSL/HTTPS shows just how common it is for sites of all sizes to deal with sensitive data, yet SSL does nothing for security and protection of the actual Website and customer database.

"Our clients all require the best security possible to protect their brand, whether they be an innovative university like Stanford or an online enterprise like eBay," explains Esten Sesto, president of Project6 Design, a San Francisco bay area graphic design firm, in a statement. "Websites are particularly vulnerable, yet there's no easy or affordable way for us to lock down things like API keys—and if a hacker gets hold of the key for a third party mail service, for example, they can send fraudulent mail from a company's actual account. That's why we’re so excited about the protection afforded by Lockr: it allows us to maintain the integrity of these brands and leave everyone with peace of mind that their keys are protected."

By taking advantage of enterprise-grade key management technology from Townsend Security, Lockr's offsite key management provides security necessary to protect against critical vulnerabilities and help sites meet PCI DSS, HIPAA and other security requirements.

Lockr is available with hosting plans through Pantheon, with other leading service providers to be announced soon. To make it as easy as possible for site owners to try, Lockr is offering the management of the first API key for free, with additional keys starting as low as $5 per month.

"SSL/TLS are commonplace today and necessary for websites to securely receive user data, unfortunately that’s only half the story," said Chris Teitzel, founder and CEO of Cellar Door Media and creator of Lockr, in a statement. "Once the website has the data, they are responsible to protect it, yet many continue to leave their encryption and API keys out in the open without a key management system. Up until now encryption and API key management was only affordable to large companies and enterprises. We solved that by offering key management as a service, allowing any site, regardless of size, to easily protect users, data and their brand from hackers."

Lockr can scale based on a website's needs, with plans ranging from personal to enterprise. For businesses who need to meet compliance requirements—PCI DSS, HIPAA, FISMA, etc., Cellar Door Media offers Lockr for enterprise, with dedicated instances of Townsend Security’s FIPS 140-2 compliant Alliance Key Manager.