Announcing Organizations

5 years ago

Stuart Larsen #article


Over the weekend Csper made some big changes. All projects in Csper now belong to a new abstraction called "Organizations".

This is cool for a couple of reasons:

Consolidated Projects View

'content security policy consolidated application dashboard'

Figure 1: New Organization View

The status of multiple related projects can be viewed in a single dashboard. This is super useful for organizations both large and small.

  • For smaller groups with a higher change velocity, it's super important to ensure Content Security Policy is also installed on development and staging environments. This way issues are identified and alerted on before they reach production. This panel gives you insight into all environments.
  • For larger groups, entire portfolio's of applications can be monitored at once. This is useful for tracking compliance and/or for IR (incident response) teams to monitor security alerts across a portfolio. (Although Csper sends alerts out of the platform so IR teams don't have to stay in Csper, but it's still nice to have them in one view.)

Consolidated Billing

Billing now happens at the organizational level instead of the project level. This means only one billing account needs to be on file for a business. This greatly decreases the overhead for onboarding new websites within an organization. It also lowers billing/operational burden for organizations with many websites.

Shared Premium Features

The new Organizations abstraction will also make Csper cheaper for our more demanding customers. All projects within a premium organization now get to share the premium features. Previously only specific paid projects got access to Csper's more advance features such as XSS detection and alerting, user management, and more.

Enhanced Access Control

'content security policy consolidated dashboard access management'

Figure 2: Organization Access Management

The new Organizations structure also allow a new level of access control. This is very useful for more security sensitive businesses.

Csper's original Project level access control still works the same. Being a member of a project grants you access to only that project (with the respective role of either READ, WRITE ,ADMIN).

But now with organizations, a member can get access to all projects within the organization. This is super useful for security teams who want insight into a number of properties, but don't want to have to be invited to every individual project. Organization members automatically are included in all newly created projects too.

Future

Over the next few weeks we will be focusing on smaller UX improvements, but in the not too far future we're looking at a new "Activity Feeds" feature. Security conscious organizations would have a log of everything that happened in their organization. If this feature is interesting to you, please let us know and we'll sign you up for the beta. support@csper.io.

Anyways, thanks for reading, and we hope you like the new organization structure! We're very proud of it, it took a bit of work behind the scenes.

Happy protecting,

Stuart

Subscribe for updates?

Stay up to date with the latest Content Security Policy news, product updates, discounts, and more!