No one likes to hear the B-word: breach. Developers definitely don’t want to hear that word in relation to a platform they use day in and day out.

When GitHub revealed details about a security breach that allowed an unknown attacker to download data from dozens of private code repositories earlier this year, it was a nightmare scenario. Attackers were using information collected from GitHub to target two third-party cloud platforms-as-a-service (PaaS) — Heroku and Travis CI.

Attackers had stolen OAuth tokens issued to Heroku and Travis CI, and used those stolen tokens to access and download the contents of private repositories, GitHub found.

Where does the most sensitive information reside in your organization? For organizations using Heroku, Salesforce houses the information that could cripple the organization, if exposed. Security teams need to think about protecting their Salesforce data. Why should they put the organization’s cybersecurity at risk by relying on third-party integrations?

These three simple steps can help improve cybersecurity posture on Salesforce.

1. Use Salesforce-Native Applications

Applications built on Salesforce make sure that your data remains in one place with the same cybersecurity posture as the Salesforce platform. With apps consolidated on a single platform, the attack surface is greatly reduced.

2. Establish a Zero-Trust Model

Never trust, always verify. All users should have the minimum level of permissions and access needed to be able to complete their necessary tasks while requiring users to prove their need and identities before access. Audit everything.

3. Utilize Secrets Management

Never store credentials in clear text, and always assume private repos are public. Having a secrets management solution ensures that your secrets are rotated along with having an appropriate level of security compliance around your credentials.

With this improved cybersecurity posture, developers, infosec teams, and the CEO will be at ease knowing that the organization’s most sensitive data is secure.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Source: www.darkreading.com