The Nightfall blog is a knowledgebase for cybersecurity professionals with news and insights from the world of cloud security. Each week, we’re publishing new content to help you stay up-to-date on cybersecurity topics and to prepare you for the issues and threats that occur every day on the job.
On the Nightfall blog, we examine potential data exfiltration threats within cloud systems. One big risk comes from using Slack Connect without some kind of data protection. For security teams looking to make the business case for cloud data protection, it helps to think of data itself as part of your organization’s attack surface.
Our case studies show how Nightfall DLP supports security and compliance requirements across different SaaS apps for our customers in many different industries, such as financial services, technology, and healthcare. We’re sharing our video case studies with Avant, Flatfile, and Capital Rx with you to illustrate how easy it is to get started with data classification and protection in apps like Slack, GitHub, and Google Drive. Our other content highlights from August include blog posts on social engineering, indicators of compromise to look out for in your cloud systems, and Facebook’s new data protection assessment, plus our latest episodes from the CISO Insider podcast with One Main Financial CISO Michelle Valdez and Datadog CISO Emilio Escobar.
Thank you for subscribing to our updates! As we head into the end of summer, we continue our best wishes to you and your loved ones.
Ensure data security and compliance in Slack Connect with Nightfall
As new improvements or upgrades for Slack like Slack Connect are released, data security and compliance should be a top concern for your teams. Slack Connect can increase productivity and promote communication between your internal and external teams, but without proper guardrails to protect sensitive information from exposure, you could be adding risk to your Slack instance.
Read about the unique challenges that Slack Connect can pose to an organization and get an overview of where risk can come from with this quick guide on how to secure data when using Slack Connect.
Cloud data protection: What you need to know
As the name implies, cloud data protection refers to techniques and technologies that center around protecting data at rest and in transit within the cloud. The reason that data protection is so pivotal is that unlike traditional IT environments, cloud systems have no perimeter in the traditional sense.
Historically, security revolved around keeping intruders out and hardening systems explicitly owned by an organization. However, the entire point of cloud adoption is to enable data to be wherever it needs to in order to be useful. Data itself is best thought of as part of your organization’s attack surface — the more data you have, the bigger your exfiltration risk.
Read more about the defining features of cloud data protection and learn why this discipline is so invaluable to security teams today.
Flatfile protects PII and maintains compliance in their SaaS environments with Nightfall
Flatfile simplifies the data import process for companies via their easy-to-use data onboarding platform. By paring down the uploading process, Flatfile allows their users to work faster and more efficiently without running into typical errors when importing data, like unsupported file formats. Flatfile’s goals for data security within their internal SaaS apps is maintaining compliance in many different fields — SOC Type 1 and Type 2, ISO 27001, HIPAA, PCI Level One, and FedRAMP.
Their infrastructure team must maintain these compliance standards within business-critical apps like Slack, GitHub, and Google Drive. Having a data loss prevention (DLP) strategy is an important step toward meeting those compliance regimes. Two challenges prevented Flatfile from managing PII risk with DLP — either the platforms where data was stored did not include the level of protection the team needed, or the detectors and alerts within the platforms were too noisy and difficult to be configured properly. Nightfall allows the Flatfile infrastructure team to configure detection to zero in on the information that’s most critical.
Read how Nightfall provides the data protection that Flatfile needs to maintain compliance in their SaaS apps.
Compliance & securing PHI is easy for Capital Rx with Nightfall DLP
Capital Rx processes pharmacy benefits claims and provides clinical oversight to employers, unions, municipalities, and health plans. Like other companies in the healthcare industry, Capital Rx must maintain compliance when handling data in the cloud. Their concern is protecting the confidentiality of electronic protected health information (e-PHI) to maintain SOC 2 compliance and URAC accreditation for their technology systems.
With hundreds of users on Slack, the Capital Rx technology team needed a way to ensure that sensitive customer e-PHI would never be at risk of improper exposure within messages and files sent over the app. Nightfall’s API-driven data loss prevention (DLP) provides the coverage Capital Rx needs to satisfy compliance audit requirements and identify which customer data does not belong in Slack.
Read how Nightfall helps Capital Rx take advantage of Slack’s collaborative capabilities while reducing risk.
Avant secures information in SaaS environments with Nightfall DLP
Avant is a personal lending company that provides transparent lending and credit options for everyday people. The data security stakes are very high for the Avant security operations team, as the company is required to protect sensitive financial personally identifiable information (PII) across their cloud systems. When building their security framework, the Avant security operations team identified the need to implement DLP coverage in their SaaS environments. Slack was the centerpiece of their data risks, since it’s used as the entire company’s central hub for communication and collaboration.
Avant needed a security solution that would allow their teams to safely share messages and information. Visibility into data sprawl within Slack is a main driver for implementing cloud DLP. Read how Avant protects PII in Slack and has greater visibility into what information is shared and stored in Avant’s Slack workspace with Nightfall’s cloud-native DLP.
CISO Insider S2E5 – A Community of cybersecurity with Michelle Valdez
One Main Financial CISO Michelle Valdez joins CISO Insider to discuss how to build a community of cybersecurity. Her approach is all about resilience and reducing human risk to minimize the impact of security incidents. We talk about how she built this approach from her long career that began in the Air Force and now includes her work in fintech in the private sector. She also shares advice on how CISOs from all backgrounds can excel in the role — even CISOs without technical backgrounds. Finally, hear about how she thinks about data security as a security executive.
We’re excited to share our discussion with Michelle with you. Listen to the full episode and follow along with the transcript of our chat with Michelle.
CISO Insider S2E6 – Data is trust with Emilio Escobar
We hosted Datadog CISO Emilio Escobar on CISO Insider for a discussion on data security approaches for today’s cloud-first world. Emilio shares how he sees infosec: creating security responses based on people and teams over brute force blocking of apps and systems. This approach allows Datadog to defeat the enemy of complexity in IT service quality, and helps build a more inclusive culture at the company. By seeing data as trust, Emilio can influence his teams to find better solutions to data security problems and learn from typical pain points.
Get the full episode and follow along with the transcript of our chat with Emilio.
Vulnerability management: Process, lifecycle, and best practices
Vulnerability management is a program that addresses common cybersecurity weaknesses in an organization’s IT software, hardware, and systems. It’s a full-time occupation to keep up with the threats that can be exploited by hackers, government-sponsored groups, unhappy employees, and other bad actors online.
This cybersecurity function is iterative and involves constant monitoring, documentation, and review. Here’s how vulnerability management works, the ins and outs of the vulnerability management life cycle, and best practices to implement at your organization.
7 Indicators of compromise: The essential list for breach detection
Indicators of compromise serve as forensic evidence of potential intrusions on a host system or network. An indicator of compromise offers a clue to help an information security professional find malicious threats: data breaches, malware, or even insider threat. As the red flags of the information security world, indicators of compromise are helpful warnings that allow trained professionals to recognize when a system may be under attack or if the attack has already taken place, providing a way to respond to protect information from extraction.
There are many indicators of compromise, depending on the type of threat. These indicators of compromise act as signposts to help cybersecurity professionals implement a business continuity plan, patch a vulnerability, or find an insider threat. Here’s what you need to know about indicators of compromise, a list of the most common indicators, and how to recognize these essential warning signs.
5 Types of social engineering attacks and how to mitigate them
Social engineering is a type of cyber attack that targets people to gain access to buildings, systems, or data. Social engineering attacks exploit human vulnerabilities to get inside a company’s IT system, for instance, and access its valuable information. It’s one of the most common — and successful — forms of cyber attack.
These cybersecurity attacks are constantly evolving, but they generally follow five main approaches. Here are the most common forms of social engineering attack and how to train your team to spot and manage these threats.
How to comply with Facebook’s new data protection assessment
Recently, Facebook announced a new initiative aimed at protecting how its users’ data is managed across its platforms: the Data Protection Assessment. The assessment consists of a questionnaire for apps that access advanced permissions and specifically focuses on how developers protect, share and use platform data.
The new Data Protection Assessment went into effect at the end of July, which means that developers need to be aware of the questionnaire’s standards and requirements for any new releases moving forward. Specifically, the assessment seeks to understand how a user’s data will be used, why the data is needed, and when it will come into use. Even for app developers who aren’t asking for advanced permissions, these types of questions are vital for ensuring information security.
Here’s what you need to know about these new rules and what is required to complete the Data Protection Assessment.
Developing secure web applications: 6 Best practices
When businesses think about maintaining cybersecurity, the first thing that comes to mind is often endpoint and network security. However, web application security is becoming increasingly important. Optimal web application security starts in the design phase and continues well after the web application release. Best practices for web application security include planning ahead to continuously test app security, conducting a threat assessment before the design phase, and enforcing the principle of least privilege as just a few steps to the final security strategy.
Read more for the full list of web application security best practices to integrate into your workflows.