The Atlassian ecosystem provides thousands of companies with the ability to collaborate remotely through powerful, feature-rich SaaS applications like Confluence. Over the least year, the rise of remote work has meant many companies have hosted their internal information hubs on Confluence. As such tools become the norm across companies, big and small, the amount of sensitive information stored in these systems will increase.
The last decade has seen a dramatic rise in data breach risk, with data breach incidents increasing nearly 840% between 2005 and 2019 according to the Identity Theft Resource Center. In this guide, learn about the growing problem of sensitive data exposure and how to use the Nightfall Developer Platform to easily build tools to identify and remediate this problem.
We’re excited to introduce Jeannie Liou who joined Nightfall as our Director of Product Marketing. With an extensive background in product marketing, Jeannie has a storied marketing career working with companies such as Apple, Rubrik, and Snowflake. She brings with her a deep knowledge of building out product positioning and messaging that resonates with customers, as well as a passion for technology that improves the way we work, transact, and collaborate.
The rise of cloud, containers, and microservices has shifted the way software developers work for good. Whereas traditionally, software developers would release a new version of an application every few months, today’s platforms allow teams to work faster and more streamlined. These advancements have led to the rise of “software, safer, sooner” — also known as DevSecOps.
As with most SaaS applications, within Salesforce it is your organization’s responsibility to determine whether Salesforce’s default security settings meet your specific security and compliance obligations.Read this online guide, for free, to learn about the problem of data exposure in Salesforce and how to ensure compliance with HIPAA, PCI, and other leading industry standards while storing sensitive data in Salesforce.
Environments like GitHub present data exposure risk in the form of secrets leakage and sensitive PII leaking from repositories. Read this online guide, for free, to learn about the problem of secrets exposure and leakage in GitHub, as well as how to easily implement secrets detection and scanning to prevent this risk.
When Uber was breached in September, the hacker remained undetected until they announced their presence within the org via Slack. This incident provides yet another example of Slack being leveraged by an attacker. In this post, we’re going to review some of the ways attackers have used Slack in breaches, why this is happening, and what you can do about it.
Many states in the US have data privacy and protection statutes as part of their legal codes. For the most part, these codify what types of PII/PI constitute a data breach, as well as when and how an entity doing business should communicate with customers if a data breach occurs.
The Brazilian General Data Protection Law (LGPD) came into effect on August 16, 2020. The law creates new rights for individuals with respect to their data and imposes significant obligations on companies that process personal data. This guide will provide an overview of the key provisions of the LGPD and explain the steps that companies must take to comply with the law.
Nightfall customers have always lauded the platform’s ease of use and simplicity, but our team is always hard at work looking for ways to improve user experience. This month, we’ve made multiple features GA across the platform, that will further your ability to further customize what content and files trigger Nightfall detectors as well as the ways you can ingest this data.
The Nightfall blog is a knowledge base for cybersecurity professionals with news and insights from the world of cloud security. Each week, we’re publishing new content to help you stay up-to-date on cybersecurity topics and to prepare you for the issues and threats that occur every day on the job.
Yesterday, TechCrunch broke a story about pharmaceutical giant AstraZeneca, which experienced a leak affecting sensitive patient data. We think this incident is worth reviewing to learn more about how data exfiltration risk is distributed across the entirety of an organization’s SaaS infrastructure.
While API keys are a necessary part of modern software development, they can also be a major security risk. If an attacker is able to steal an API key, they can gain access to the data and resources that key is meant to protect. There are a number of steps you can take to protect your API keys, secrets, and credentials and prevent them from being stolen. One such method that we will cover in depth in this guide is secret scanning.
When Karim is not speaking at security conferences and ensuring Nightfall institutes security best practices, you can find him sitting at the piano playing Beethoven or Rachmaninoff, writing music of his own, or outside either in nature hiking, swimming, or exploring the concrete jungle that is New York City.
The threat landscape in IT is ever-evolving, with new risks arising practically daily. Trying to anticipate the next type of threat can feel a little like playing whack-a-mole. Instead, IT teams are focusing on vulnerability management: reducing the opportunities for hackers and other bad actors to find a weakness in cyber defenses.
With the rise of cloud-based applications, data loss prevention (DLP) has become an increasingly important part of information security. DLP refers to the policies and technologies used to prevent sensitive data from being lost or stolen. In the context of SaaS, this can include both the security measures implemented by the SaaS provider and the steps taken by the customer to protect their data. In this blog post, we'll provide a more detailed overview of what SaaS DLP is, why it's important, and how you can go about setting up a DLP strategy for your business.