Description
Data leakage refers to the potential viewing, theft, or use of protected or confidential data by unauthorized individuals. Due to the nature of business and development systems, internet companies generally involve numerous version changes. Most internet companies advocate an open-source culture internally. While this openness fosters innovation, it also lays the groundwork for potential data leakage incidents.
Applicable Entities
Developers migrating business to the cloud, operations engineers, and beginners in the field of security.
Enterprises operating in the cloud and showing significant concern for data leakage.
Common Classifications
Taking several significant data leakage incidents from recent years as examples, we can categorize them based on the channels of leakage:
Github Code Type:
Reason for Data Leakage: The intentional or unintentional uploading of code containing sensitive internal corporate information to the Github website, leading to its exploitation by external attackers for intrusion.
Case Study: The backend engineering source code of a large-scale secondary element website was uploaded to Github.
Website Intrusion:
Cause of Data Leakage: Data leakage and loss occur due to vulnerabilities in websites, service platforms, Apps, etc., which are attacked.
Case Study: A large technology community website experienced a leak of 6 million user information.
Partner Interface Call Category:
Reason for Data Leakage: The internal data of the partner interface call is not adequately secured or monitored, leading to the leakage of sensitive data through the partner channel. This could be due to technical issues or the illegal use of this data.
Case Study: An analytics company improperly obtained the personal information of 50 million Facebook users.
Origination Cause
The fundamental causes of data leakage can be summarized into the following two categories:
Technical Aspect: Insufficient technical control strategies over data can lead to data leakage. If websites, platforms, applications, or systems have security issues, such as system vulnerabilities or configuration errors, lack of data desensitization methods and data encryption measures, absence of abnormal operation audit methods, or lack of mechanisms to detect sensitive information leakage, these could all potentially be exploited by attackers to gain access to sensitive data.
Management Aspect: The absence of data security management policies or systems can lead to data leakage, as sensitive data may be accessed by unauthorized individuals. Data may be publicly disclosed or illegally misused due to weak security awareness among developers or interns, or due to a lack of constraints or restrictions on the use of data by partners.
Solution
If an enterprise establishes a sensitive information leakage monitoring system, it can swiftly respond to leakage incidents through technical means and actively carry out self-inspection and repair. By rectifying and reinforcing defenses before a hacker intrusion, the enterprise can avoid various unnecessary latent risks and minimize losses. The aforementioned text discusses three mainstream data leakage event risks. We provide technical methods and management control ideas for the analysis of a typical and more harmful behavior: Github code leakage.
Technical Control Strategies
Employees are strictly prohibited from setting up code management tools privately. They must use the company's uniformly authorized code management tools (such as Github, SVN) for code management.
Strictly control project code permissions. When personnel changes occur (such as transfers or departures), code permissions must be promptly revoked.
Large-scale projects utilize submodules for division, implementing the principle of minimal permissions for project management.
Avoid storing code on external websites such as Github and Onedrive.
Monitor websites such as GitHub and underground marketplaces for sensitive information leaks. When sensitive information appears, promptly conduct a self-check to confirm and prevent the problem from spreading.
Compliance Management Policies
Establish a "Source Code Open Source Security Management" process. Code open-sourcing must undergo an open-source process evaluation.
Imposing constraints, restrictions, or supervisory audits on the scope of use of partners' interfaces.
Implement legal constraints on internal employee contracts, adopting stringent measures.
Product Application
The advantages of a SaaS-based Cloud Security Center for enterprise security operations include:
SaaS-based services eliminate the costs of code maintenance and server upkeep for their own data leakage monitoring systems, allowing enterprise developers, operations personnel, or security administrators to focus more on rule operations.
Integration with the cloud platform enhances development and operations, centralizing event handling to improve efficiency.
In terms of handling false alarm rules, SaaS platforms tend to have more longevity than open-source systems. They optimize based on the collective experience of cloud users. Currently, with the support of the Cloud Ding Lab team for backend strategy maintenance, there are relatively fewer false alarms, resulting in higher quality alerts.
Was this page helpful?