Do you know where all the secrets are?
The probable answer to this might be NO and believe me you are not alone. The advancement of technology has overtaken us. Each individual has so many devices that it’s difficult to keep track as to where all the data is!
What would you classify as Secrets?
Passwords, API keys, Secure Tokens and all the confidential data of an organization.
Secrets (data) spreads everywhere in your system before you realise it. They can be copied and pasted easily. Insufficient audit and remediation capabilities are some of the reasons why secret management is hard. They are also least addressed by security frameworks. Yet these grey areas – where unobserved weaknesses remain hidden for a long time are blatant holes in your defense system.
A modern application uses many external resources that requires credentials. A company has people spread over in the premises, working remotely, using cloud storage, USB devices, etc. any leak of credentials or passwords can cost company dearly. Today’s hyper connected systems bring an immense challenge to security in general and secret management in particular since the use of credentials has increased exponentially.
So, how should you store such data?
All the sensitive data must be encrypted. It shouldn’t be just lying around. It must not be stored in plaintext in any location.
Some points to be kept in mind:
- Control who in your team can do what.
- Share secrets with those team members only who need them.
- Control which application can do what.
- Monitor and audit secrets usage.
- Revoke access when team members leave.
Security Management consists of nurturing a security-conscious organizational culture, developing tangible procedures to support security and managing the myriad of pieces that make up the system. An effective system security depends on creating workplace environment and organizational structure where management understands, fully supports security efforts and users are encouraged to exercise caution.
Certain points to be kept in mind:
- Staff must be made aware that protecting or safeguarding the secret is the responsibility of each employee having access to the sensitive information. Their awareness should be increased and also proper training must be provided.
- File Sharing is common in businesses but it must be done securely to protect sensitive data.
- Encourage employees to send and receive files via email only
- Use a security system that gives optimal security-appropriate visibility-access control-compliance system
Software to safeguard and monitor each activity must be installed that will protect the organization not only from internal threat but also from cyberattacks
Some risks of File Sharing
- Release of Sensitive Data – When file is transferred from one end to another then there is a risk of an unknown person/party getting access to the information.
- Opportunity for attacks – When files are shared, there is a possibility of secrets falling into the hands of unknown who become the reason for attacks
- Installation of Malicious Software – when files are shared by mistake a dangerous file might be downloaded which would infect the system.
- Phishing/Ransomware attacks
These are the reasons that all companies must adopt ways of safeguarding their secrets through effective methods.
Have you heard of inDefend?
inDefend is a Unified Suit for Insider Threat Management and Employee Behavior Analysis by Data Resolve – India’s top leading company to protect us from Cyber Crime and Cyber Attacks and at the same time to monitor the employees of the organisation and their productivity.
This one product gives you so many features that it becomes a must for all organisations. It works from a single dashboard. Gives real time alerts through SMS and emails on any probability of data leakage. The product analyses the full system, knows exactly where all the secrets lie and forms a shield around it. Access to the data is allowed to only a few employees and a log of all the data sent or received is maintained. The best part is that this same product is used for our remote staff also. It monitors each and every employee of the organization irrespective of the strength and also manages BYOD. There is the screenshot facility that enables for the accountability of the employee. Application Sandboxing is yet another feature of the product wherein limited and required applications are allowed access and that too only on the company’s network.
To know more, log on to https://www.dataresolve.com/
About the Author
Mr. Dhruv Khanna, Co-Founder & CEO Data Resolve Technologies Pvt. Ltd.
With over 22 + years of experience in Enterprise Security and Privacy Service Industry, Dhruv Khanna, an Alumnus from IIMC, is successfully leading to build a robust environment to achieve a Cyber Secured Indian Market.
Before joining Data Resolve, Dhruv was associated with IBM for India-South Asia Service Line Leader for security and privacy services.
He is an active Cyber Security mentor with DSCI-Nasscom, India Accelerator, and many B-Schools, he is also mentoring Deep Tech CEOs on Business Strategy, Growth Strategy, GTM and Fund-raise for the last few years.
For more insights, visit at LinkedIn
https://www.linkedin.com/in/dhkhanna/
and at our company website
https://www.dataresolve.com/
Source: www.cyberdefensemagazine.com