Solarwinds related break-in into Microsoft source code should be a wake-up call to all organizations big or small. This was not due to source-code vulnerabilities but via ‘internal’ intrusion where the bad guys got inside the organization through other parts of the technology perimeter.
Code vulnerability and tighter access mechanisms is one part of cybersecurity, data protection is another. Solarwinds-related vulnerabilities allowed the bad guys to access Github & Bitbucket by breaking into the organization from another method first.
Code Burglary is very common
Following are few of the higher profile breaches of code base in recent years. Most of these have a common theme in that they originated via employees or their credentials. Sensitive data and credentials within the affected organizations was also exposed compounding the damage in some cases.
What can be leaked?
Most common types of ‘secrets’ that are found commonly in source code breaches are the following:
Methods of securing codebase
Securing Sensitive data from finding its way into codebase
Polymer DLP allows organizations to implement least-privilege access protocols on sensitive data. For codebases, this is done via detailed scan of all repositories, codebases & user-accesses. Any policy violation results in redaction and alerting if any of the following is found:
Codebase security goes beyond vulnerability analysis and access controls. Security and governance protocols need to think of risk reduction in scenarios where some parts of the source code repositories may be exposed. Removal of sensitive data, secrets and credentials within Github,Gitlab & Bitbucket repositories is of paramount importance towards making organizations more secure.
Polymer protects against data loss (DLP) on modern collaboration tools like Slack, Dropbox, Zoom, Github and more with alerting & real-time redaction of sensitive and regulated information such as PII, PHI, financial and security data.
info@polymerhq.io | www.polymerhq.io