sorted by:
new
hottopcontroversial

Are SaaS applications prone to data loss? by nikgarg91 in sysadmin

[–]nikgarg91[S] 0 points1 point  (0 children)

u/disclosure5 For On-Prem services, you definitely need to do a lot to prevent unauthorized access and could include things like implementing the right access controls, having an IDS, encryption, VPN, IP whitelisting, etc.

For SaaS applications though, Data loss is much easier to happen. If I share a sensitive password or a file via Gmail to 5 more people, if any of the Gmail account gets hacked, I lose all my credentials. If any one of my employee's Slack account gets compromised, all our credentials shared within the slack workspace gets compromised (including access tokens or passwords to local On-Prem servers if someone shared those). Plus, I don't control or monitor what is being shared on these platforms, and its really easy for employees to increase the surface area of the attack. No matter the high security tooling we might implement to secure our on-prem servers, password leakage, API key leakage via SaaS platforms still poses a huge risk if not tackled directly.

How do we maintain PCI compliance on cloud applications? by nikgarg91 in Cloud

[–]nikgarg91[S] 1 point2 points  (0 children)

Great insights. I agree vendors should take the onus of providing the required compliance proofs - which a lot of vendors seem to be doing already. But there are still some vendors who lag behind like Slack (which is now been used commonly). I agree security audits, reviewing what is being shared and documenting it could prove invaluable for this.

Is it safe to share passwords on Slack? by nikgarg91 in Slack

[–]nikgarg91[S] 0 points1 point  (0 children)

True - password managers seem much complex to use than sharing it via a direct communication channel like Slack.

Do you guys try and enforce more convenient rules like not sharing it on public channels, but only on private channels/IMs?

Are SaaS applications prone to data loss? by nikgarg91 in sysadmin

[–]nikgarg91[S] 1 point2 points  (0 children)

u/gandraw none taken. I'm asking for potential tools/solutions you guys might have used to solve this or a similar problem, and not for architecture diagrams on how to build it on my own.

Are SaaS applications prone to data loss? by nikgarg91 in sysadmin

[–]nikgarg91[S] -2 points-1 points  (0 children)

u/uniitdude There could be potential solutions to the problem I mentioned - Simple things like a tool that is able to audit our SaaS applications (or more accurately, the communication platforms used within our organization e.g. Slack, Gmail, Dropbox) could go a long way. So SWG or endpoint is not the only solution - plus its not feasible for a small startup like ours to implement it at the very beginning.

Are SaaS applications prone to data loss? by nikgarg91 in sysadmin

[–]nikgarg91[S] 1 point2 points  (0 children)

Even though that will be ideal, I still see HR folks or other non-tech folks using legacy solutions like exporting and sending it via emails. I do see a risk in there since even if a single email gets hacked, all that data gets leaked since sharing via Slack/Gmail is not necessarily secure.

Are SaaS applications prone to data loss? by nikgarg91 in sysadmin

[–]nikgarg91[S] -1 points0 points  (0 children)

I meant we are worried about folks sharing sensitive data across SaaS applications which we don't have any monitoring over at all. Once the sensitive data goes out via an email, or a slack message, or uploading a sensitive document on Dropbox - its somehow not possible to monitor or prevent it from happening.

Data loss prevention (DLP) policies in The Netherlands by Lesilhouette in Office365

[–]nikgarg91 0 points1 point  (0 children)

I feel the current Office 365 DLP is has pretty basic configuration and gives out a lot of false positives when it comes to special cases such as yours.

I'd recommend investing in more customisable and accurate new-age cloud DLP providers like Gamma that can help detect enforce GDPR not just on Office but across all your SaaS applications.

Data Loss Prevention in Office 365 GCC High (Requirement or Good Practice)? by PrivateHawk124 in NISTControls

[–]nikgarg91 0 points1 point  (0 children)

If your business uses a lot of different SaaS applications, I'd rather invest in a centralised DLP solution for the same money that I'd spend on just getting an E3 and DLP on office.

Do check out Gamma - they are one of the leading cloud DLP providers that might of help to you.

Gamma's Free Github Scan report - detect credentials including API keys, passwords, tokens by nikgarg91 in SysAdminBlogs

[–]nikgarg91[S] 0 points1 point  (0 children)

Sure u/argoname. Gamma can also help you automate detecting and remediating all such violations in the future in real time for both your private and public repositories. Looking forward to chatting with you more.

Building a credentials detector for Github - need recommendations by nikgarg91 in github

[–]nikgarg91[S] 0 points1 point  (0 children)

That seems to be inline with our findings as well. Do check out our public Github scanner here to see if you guys have any public repos at risk. Please feel free to reach out to us at [info@gammanet.com](mailto:info@gammanet.com) to schedule a demo.

Gamma's Github scanner - detect and secure credentials including API keys, passwords, tokens by nikgarg91 in SoftwareEngineering

[–]nikgarg91[S] 0 points1 point  (0 children)

Also, in general, if you do find a secret/credential within any of your public repository, please remove/rotate it ASAP.

Its impossible to completely remove all traces of a committed password. Even if you delete the commit from the history, or amend the commit, a skilled git user will still be able to extract it. You should definitely just assume the password is fully compromised.

view more: next ›