The Nightfall blog is a knowledgebase for cybersecurity professionals with news and insights from the world of cloud security. Each week we’re publishing new content to help you stay up-to-date on cybersecurity topics and to prepare you for the issues and threats that occur every day on the job.
This month, we’re sharing the Season 2 premiere of CISO Insider featuring Mitch Zahler, CISO at Even Financial. In our chat with Mitch, you’ll hear his perspectives on cybersecurity in the time of COVID and how security joined the C-suite. Also, join us on Thursday, June 24th at 11 AM PT | 2 PM ET for a live webinar on the Evolution of Codebases as an Attack Vector in Data Breaches.
Get information and guides on protecting data as you migrate to cloud applications like Confluence and GitHub with Nightfall DLP for Confluence and our GitHub DLP Remediation Guide. Finally, learn techniques and concepts that will help your org protect information across your SaaS apps with Nightfall’s Guide to Identifying and Securing PII Leakage and blog posts on Cloud Security Posture Management (CSPM) and shift-left testing.
Thank you for subscribing to our updates! We wish a happy and healthy summer to you and your loved ones.
Now available: Nightfall DLP safeguards sensitive data in Confluence
The Atlassian suite makes remote collaboration easy and efficient for distributed teams. Confluence, one of Atlassian’s best known and widely used apps, is a flexible and customizable wiki solution that can host almost anything for a company. Unfortunately, collaborative editing capabilities and always-on availability introduces data security vulnerabilities in cloud apps. Confluence carries a high risk of data exposure — and it’s not easy to tell where the risk occurs or how to approach a solution.
Currently, Atlassian does not offer a native DLP solution, so Confluence users must find other ways to protect their data within the platform. Nightfall created DLP for Confluence to help security leaders find the data that’s at risk of loss or exposure and provide solutions for protecting that data while maintaining the freedom to collaborate and create in the space.
Here’s what you should know about protecting your data in Confluence with Nightfall.
Protecting data when migrating Confluence and Jira from on-prem to cloud
Atlassian announced that the company would stop selling new on-prem server licenses as of February 1. Now is the time to move your Atlassian services to the cloud. As you migrate your data from on-prem to cloud, data loss prevention (DLP) is essential to ensuring a safe transition and management of information and documents to Atlassian’s cloud infrastructure, by identifying and remediating sensitive information.
Migrating from on-prem Atlassian servers to Atlassian’s cloud services without DLP can put information at risk of exposure or loss, which will cost your organization time, money, and trust from customers. Learn the risks that can threaten sensitive information when moving to the cloud, what’s at stake in an exfiltration event, and how Nightfall’s cloud-native DLP can protect your information during this cloud migration event.
CISO Insider S2E1 — A Passion for Security with Mitch Zahler
Even Financial Chief Information Security Officer Mitch Zahler kicks off Season 2 of CISO Insider with insights into how living through the last year of COVID has impacted cybersecurity, why concise communication is essential for security leaders, and a great story on the first CISO — how security got a seat at the executive table. Listen now.
Next up on CISO Insider, it’s part one of our two-part episode with Segment CISO Coleen Coolidge coming June 9. You won’t want to miss this!
Webinar: The Evolution of Codebases as an Attack Vector
Over the past decade, code repositories have become a valuable target for threat actors looking to extract sensitive data from companies for personal and financial gain. Join us on Thursday, June 24th at 11 AM PT for a 45-minute session with Nightfall's CTO, Rohan Sathe, and product specialist, Michael Osakwe, to learn about the increased exfiltration risks posed by code repositories. Learn how threat actors are incorporating targets like GitHub into their attacks, why this has become more common, and best practices for reducing your attack surface.
Register now here.
Nightfall’s GitHub DLP Remediation Guide
Credentials & secrets that are hard-coded in GitHub repositories pose risk if repos are leaked or accessed via social engineering attacks, as they can provide access to infrastructure, databases, and third-party APIs. Sensitive data like customer PII can end up in code repos. This can raise significant security, compliance, and brand risk.
Read how to ensure sensitive information stays safe within your GitHub repos in the Nightfall GitHub DLP Remediation Guide.
The Guide to Identifying and Securing PII Leakage
Today, personally identifiable information (PII) faces a wide variety of threats. To secure PII from leakage and exposure, organizations need to understand the nature of these threats as well as the tools they have at their disposal to ensure that their data remains secure. The Guide to Identifying and Securing PII Leakage contains everything you need to know about PII, including what it is, how its definition has evolved over time, and how threat actors’ techniques have adapted to the emergence of trends like PII’s migration to the cloud.
Start reading here.
An Introduction To Cloud Security Posture Management (CSPM)
Many organizations are equipped to handle insider threat and external, common well-known challenges, like malware. These so-called “intentional” threats can be addressed through proactive security measures and best practices. Unintentional mistakes, such as misconfiguring cloud infrastructure, can be equally devastating. These security risks are what cloud security posture management (CSPM) aims to reduce.
Cloud security posture management automates the process of identifying and addressing risks across cloud systems, including IaaS, SaaS, and PaaS tools. CSPM can cover everything from risk assessment to incident response and DevOps integration. Cloud security posture management creates a way to monitor, identify, and remedy threats to cloud programs with visibility, scale, and speed. Here’s what goes into CSPM and how your organization can benefit from this practice.
Read more here.
Shift-Left Testing: What It Is and How It Works
Shift-left testing is all about beginning QA testing at an earlier stage of the development process. The goal of testing early and often is to reduce the number of bugs that occur as early as possible. Shift-left testing proposes to help agile teams become more agile.
The “shift left” meaning comes from the sequence of stages in the development process. If your development team isn’t yet using shift-left testing, you could be wasting time, money, and energy. Teams that practice shift-left testing are able to identify potential roadblocks early in the process, change scope when needed, and prevent small errors from becoming major problems later on.
Read up on what shift-left testing is, how it works, and how to think about shift-left security.