Intelligent CIO North America Issue 8 - Page 51

COUNTRY FOCUS : WEST COAST put in place to treat this type of leak , and all 400 developers were trained on secrets management . Hardy said : “ What I have found to be very effective with GitGuardian is that we can analyze the history of Talend-related alerts on the entire GitHub perimeter , whether they are our official public directories or any public directory outside the control of Talend .
“ We launched this audit and several leaked secrets were brought to our attention . What was very interesting and what we didn ’ t anticipate was that most of the alerts came from the personal code repositories of our developers .”
Hubert said : “ This is what our constant monitoring of every single commit pushed to public GitHub unveils : 85 % of the leaks occur on developers ’ personal repositories . Secrets present in all these repositories can be either personal or corporate and this is where the risk lies for organizations as some of their corporate secrets are exposed publicly through their current or former developer ’ s personal repositories .”
Talend ’ s first priority after taking ownership of the solution was to go through the list of historical incidents and enact the new procedure . This allowed them to start on a sound basis and rely on GitGuardian ’ s realtime alerting going forward .
Hardy said : “ It took us three months to clean everything up and solve problems especially with employees who had left the company .”
Today , GitGuardian continuously monitors all commits within Talend ’ s perimeter , whether on Talend-owned repositories or developers ’ personal repos . Credentials are detected a couple of seconds after they become publicly-visible and then listed on the dashboard along with information that will facilitate remediation .
“ This real-time alerting is a key element for companies security , as we know that an exposed secret can be identified and used by hackers very quickly .
“ Most of open-source secrets detection solutions do not offer this real time alerting capacity ,” said Hubert .
Talend has deployed GitGuardian for the Infosec team . They will also extend it to their team of security champions , developers who will act as an extension to the Infosec team and encourage best practices .
“ At GitGuardian we believe that putting ‘ developers in the loop ’ is key to address code security as developers own the code , they have the knowledge and are central in the remediation process ,” said Hubert . p
85 % of the leaks occur on developers ’ personal repositories . Secrets present in all these repositories can be either personal or corporate and this is where the risk lies for organizations as some of their corporate secrets are exposed publicly through their current or former developer ’ s personal repositories .
www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 51