CloudCodes: Protecting the digital workplace with Plurilock’s new cloud security app

Many people begin their work day by logging into enterprise business applications on a desktop or mobile device where they use a variety of company applications. Sensitive information, including customer data and proprietary code, are often stored in these third-party apps. As companies grow and expand into new markets, and workplaces trend toward remote work, the need for data security services continues to increase.

To prevent unauthorized access and data loss, Plurilock’s CloudCodes cloud security product helps employers to securely connect authorized users with their apps through a single console, rather than requiring each employee to manage their own access to an ever-increasing list of applications. Using CloudCodes, account administrators can also provide employees with secure access to enterprise apps in ways that abide by local compliance laws. For example, a company subject to right-to-disconnect regulation, as exists in France, Italy, and Spain, can use CloudCodes to restrict employees from accessing email and other apps after work hours.

Based on a zero-trust approach, CloudCodes recognizes that security threats can come from anywhere, inside or outside the organization. CloudCodes provides robust access control and data loss prevention (DLP) capabilities, ensuring that only the right users and devices are allowed to access and share the right enterprise apps and data.

Though the CloudCodes product was initially launched as its software-as-a-service (SaaS) platform on physical servers, it soon needed more robustness and scalability than could be achieved using legacy infrastructure. Today, hundreds of thousands of users around the world visit Plurilock’s CloudCodes login page every morning to access their enterprise cloud apps. CloudCodes’ critical nature means that any downtime directly affects its customers’ business operations. To ensure platform stability at all times, the company decided to migrate its tech stack to Google Cloud.

"The journey with Google Cloud began in 2011 when CloudCodes was a reseller of Google Workspace, then Google Apps," says Ian L. Paterson, Chief Executive Officer, Plurilock. "As a company born in the cloud, Google understands how cloud solutions should work. Since Google Cloud is intuitive and developer-friendly, we were able to refactor our platform into a cloud security application that scales effortlessly without doing any heavy lifting."

In order to optimize cloud costs across Google Cloud projects, CloudCodes works with Shivaami, a Google Cloud partner and CloudCodes reseller, for its billing services.

"With Shivaami, we can run our application on Google Cloud more cost-effectively. In the past, CloudCodes rarely encountered any billing problems, but when they did, Shivaami’s team helped solve it quickly," adds Paterson.

Building faster and easier with multi-tenant support on App Engine

CloudCodes uses App Engine to run a multi-tenant application shared by different clients with their own settings and users. For analytics and storage, CloudCodes uses Cloud Storage for user assets such as logos and images. It also uses Datastore to store 800GB of policy data and Cloud SQL to power queries on log data.

Currently, Plurilock serves 300 CloudCodes customers and 200,000 users worldwide, figures that are expected to grow rapidly following the acquisition of CloudCodes’ assets and business. Because building a new application for each new customer would be tremendously inefficient, SaaS platforms like CloudCodes require multi-tenancy to be successful.

"With App Engine’s built-in multi-tenancy feature, we don’t have to provision a database for each new client," says Paterson. "If a customer requests a custom feature, we can roll it out without affecting other customers. IT administrators can only access and extract data specific to their organization in order to maintain data security."

Speeding up deployment time with Google Kubernetes Engine

Managing user identities, secure sign-on, access control, and data loss prevention for multiple applications is a massive challenge for IT teams in today’s cloud-centric world. As a single point of management for cloud security, CloudCodes provides both cost-efficiency and ease of use to its customers.

Because CloudCodes is currently a monolithic application, scaling and updates can become time-consuming work when new features are added. As a natural evolution of its tech stack, CloudCodes is now redesigning its application for growth and simplicity to rely on microservices through Google Kubernetes Engine (GKE).

"With GKE, we don’t need to test the entire code block, so the release cycle will be much shorter," says Paterson. "We test only those pieces where code has changed. We can deliver features and customizations to customers faster, thanks to the microservices architecture."

Scaling query performance with Cloud SQL for increased security

Chief Information Security Officers and Chief Information Officers regularly review audit logs for risk assessment purposes. In the event of a security breach, they can analyze user activity on the CloudCodes platform to support forensic work and find out what happened. They can learn, for example, which users have recently failed multiple login attempts or shared sensitive information with external parties. The CloudCodes dashboard enables customers to run complex queries on the data stored in Cloud SQL and to visualize query results.

CloudCodes uses Datastore, a scalable NoSQL database, to retain an unlimited period of audit log data for active customers. According to Paterson, Datastore is a cost-effective way to store large amounts of data because it does not require maintenance or manual scaling. As a result, CloudCodes does not require customers to delete policy and audit trail data, making it available for quick reference at any time.

Leveraging AI and location-based insights for new kinds of security

Now that it has joined Plurilock, CloudCodes is exploring AI and other advanced Google Cloud technologies to enable it to continue providing cybersecurity innovation.

For example, VisionAI will enable CloudCodes to protect sensitive information from being overshared by using Optical Character Recognition (OCR) technology that automatically detects and extracts text matching data loss prevention (DLP) rules. This enables administrators to prevent users from sending attachments containing sensitive information to parties outside their organization, even if the information is embedded in traditionally non-scannable file formats.

Google’s Geolocation API, provided through the Google Maps Platform, will enable CloudCodes to identify any user’s physical location, so that administrators can see where account access is taking place and whether this location is correct for the authorized user or appropriate for work.

Enabling success and future growth

CloudCodes’ vision for a cutting-edge, highly secure, yet accessible cloud security platform has been realized thanks to the capabilities of Google Cloud, a vision that was validated and expanded in 2022 when CloudCodes’ assets and business were acquired by Plurilock, which plans to make CloudCodes a key part of its product family.

"CloudCodes believes that cloud security should be affordable for all companies, including small- and medium-sized businesses, so they can protect themselves against data loss and compliance breaches," says Paterson. "As a part of the Plurilock family, and with the capabilities provided by Google Cloud, we’re building faster, better, and more scalable cloud security applications than has previously been possible. Google Cloud is a future-ready platform."

"We acquired CloudCodes because it was an innovative cybersecurity solution that meets an accelerating market need in a way that’s deeply aligned with our cloud-first, AI-driven cybersecurity mission. The cutting-edge capabilities of Google Cloud have been a key part of CloudCodes’ success and we couldn’t be more excited about the future of CloudCodes," concludes Paterson.