Data Security & Source Code Protection

As far as sensitive data goes, few pieces of information rank higher then program source code.

Source code is highly sensitive proprietary information, making up the program instructions for any application in their original form.

The More Sensitive, the Bigger the Risk

For years, security experts have been pointing to the risks of exposed source code.

Two elements in particular make source code a major potential liability. The first and more obvious is the intellectual property element.     Creators stand to lose the investment in producing programs as well as all potential future profits if source code is lost.

The second factor is that source code can be manipulated.   Not only can changes be made to the software’s functions and tools, but malicious elements such as Trojans and backdoors can be inserted as well.   These compromised code sets are then used to mass produce the software in machine code form, i.e. the form in which they’re purchased by the common user.

Surprisingly, many developers still use primitive security measures, despite the many examples of stolen or maliciously modified programs.

The Conventional Approach and its Holes

Today, the market has produced several source code repositories, many of them open source. Hosts such as Assembla, Microsoft’s Azure DevOps, and the increasingly popular GitHub are just a few of the options out there.

Unfortunately, the run-of-the-mill source code host has its downsides.

First off, many of these platforms leave issues in tracking and locating code once the code is uploaded.  Some even require the downloading of external apps to search for code sets. For organizations that need fast reliable access to stored code, the way in which many hosts are structured can prove to be a liability.

Security Vulnerabilities

In addition to the logistical setbacks, IT professionals have also pointed to the security vulnerabilities of common source code hosts.   For one, many sites are made vulnerable by the errors of their administrators, which can in turn potentially compromise the entire platform.    Additionally, there is often no way to track and classify access to code stored on the hosts.    Developers and other team members are able to freely access code and even execute changes to it.     The lack of policy and enforcement protocols exponentializes the insider threat and the risk of data exfiltration.

 

Posted by on | Featured
Tags: , , , ,

Addressing Insider Threats with Cybersecurity

Posted by on | Featured

IT Technology Our ever expanding IT technology is creating major changes in the way enterprises handle their data. While the expansion and diversification of computation tools has brought tremendous growth to the IT industry–as well as the business that utilize … Read More

Tags: , , , , , , , ,

California Consumer Privacy Act & NYDFS 23 NYCRR 201

Posted by on | Featured

Increasingly demanding data regulations.   The trend has been the strongest factor affecting the world of IT over the past several years.   Over the recent period, state, national, and international authorities have been producing legislation creating tight protocols for … Read More

Tags: , , ,

Insider & Outsider Threats in Today’s Digital Age

Posted by on | Featured

Insider & Outsider Threats in Today’s Digital Age     What is the value of trust? How much do you trust the security of your business in today’s’ digital age?   Would you know if an attacker breached your infrastructure … Read More

Tags: , , , ,

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure … Is your report ready?

Posted by on | Featured

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure … Is your report ready? May 11, 2017 Section 1 c (ii) of the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, … Read More

Tags: ,

Senate, House Versions of Cyber Hygiene Bill Introduced

NIST, FTC, DHS would work together

Jun 30, 2017 05:21 AM ET

By John Eggerton

Rep. Anna Eshoo (D-Calif.) has introduced a “cyber hygiene” bill, H.R. 3010, which would require the National Institute of Standards and Technology to come up with cyber security best practices.

The goal is to better protect from attacks that Eshoo says cost the economy almost a half-trillion dollars a year. “The scary truth is that data security experts have suggested 90 percent of successful cyberattacks are due to system administrators overlooking two integral pillars of network security: cyber hygiene and security management,” she said.

To continue this article, go to http://www.broadcastingcable.com/news/washington/senate-house-versions-cyber-hygiene-bill-introduced/166912

 

Want to see something cool?
www.gtb.ai

Want Easy Access to
Data Security that Works?

Secure your Sensitive Data, including from  Remote Users



Try it for Free

Start Now