8 Tips for Protecting Your Assets
Your version management platform holds your organization’s most valuable assets: source code, designs, artwork, media, business documents, and more. A multi-tiered approach to security is crucial to protect this intellectual property (IP). Here are eight tips to help minimize your exposure to risk:
- Require User Authentication: The first level of any protection is to verify that users are who they say they are. Integrate authentication with enterprise AD/LDAP services. Use multi- factor authentication, if possible.
- Manage User Authorization: Control who is allowed to do what, where and when. Don’t give everyone full access to all files, which creates risks and too much noise. Use groups to simplify management.
- Establish File-Level Protection: Manage who is allowed to change specific file types—e.g., developers can update source code but not released executables. Some tools, e.g. Git, allow control only across the whole repo. In such cases, carefully split your repos for security (but beware of the problems that may cause).
- Protect Branches and Streams: Manage who is allowed to change what in development versus release branches or streams–just as you would to protect file types. Production/ Operations and Development streams usually need different access rights.
- Assess Encryption: Consider the need to encrypt files at rest (i.e., while in the repository) and in transit (i.e., when moving files between the user’s desktop and the master repo).
- Record Activity: Ensure that your version management tool keeps an immutable history of changes. Such records enable developers to see what happened in the past and help you meet regulatory requirements.
- Detect Insider Threats: Use your audit trails to spot risky behavior. Audit logs tend to be big, so use a tool that includes behavioral analytics to weed out the noise and flag only real risks.
- Keep Everything Together: The more stores or repositories are in use, the harder it is to manage security. Aim to put all assets—source code, documents and built executables—in a single repository.