Is your sensitive data at risk? Request a free scan to learn more.

Polymer

Download free DLP for AI whitepaper

Summary

  • The SolarWinds break-in into Microsoft source code should be a wake-up call to all organizations big or small.
  • Codebase security goes beyond vulnerability analysis and access controls.
  • Security and governance protocols need to think of risk reduction in scenarios where some parts of the source code repositories may be exposed.

The SolarWinds-related break-in into Microsoft source code should be a wake-up call to all organizations big or small. This was not due to source-code vulnerabilities but via ‘internal’ intrusion where the bad guys got inside the organization through other parts of the technology perimeter. 

Code vulnerability and tighter access mechanisms is one part of cybersecurity, data protection is another. SolarWinds-related vulnerabilities allowed the bad guys to access GitHub and Bitbucket by breaking into the organization from another method first.

Code burglary is very common

Following are few of the higher profile breaches of code base in recent years. Most of these have a common theme in that they originated via employees or their credentials. Sensitive data and credentials within the affected organizations was also exposed compounding the damage in some cases.

What can be leaked?

The most common types of ‘secrets’ that can be found in source code breaches include:

  • Common SSH Keys
  • API keys
  • Passwords
  • Login credentials
  • PII/PHI data of employees or customers
  • AWS credentials
  • Google/Twitter/FB services’ keys

Methods of securing codebase

  • GitHub provides token scanning and other searches that can minimize this vulnerability but is nowhere near a fool proof solution.
  • Penetration testing programs
  • Malware scanning in code packages used. This is especially relevant if open-source/NPM projects are an ingredient in your development. 
  • Sanitizing sensitive data in all packages

Securing sensitive data from finding its way into codebase

Polymer DLP allows organizations to implement least-privilege access protocols on sensitive data. For codebases, this is done via detailed scan of all repositories, codebases and user-access. Any policy violation results in redaction and alerting if any of the following is found:

  1. Secrets, including commonly used Password patterns
  2. AWS, FB, Twitter, GCP, Azure and other popular cloud credentials
  3. Sensitive PII/PHI/HIPAA/GDPR/CCPA data elements
  4. Organization-specific sensitive items

Codebase security goes beyond vulnerability analysis and access controls. Security and governance protocols need to think of risk reduction in scenarios where some parts of the source code repositories may be exposed. Removal of sensitive data, secrets and credentials within GitHub, GitLab and Bitbucket repositories is of paramount importance towards making organizations more secure.

Polymer is a human-centric data loss prevention (DLP) platform that holistically reduces the risk of data exposure in your SaaS apps and AI tools. In addition to automatically detecting and remediating violations, Polymer coaches your employees to become better data stewards. Try Polymer for free.

SHARE

Get Polymer blog posts delivered to your inbox.