December 18, 2018

Do You Know How Safe Your Code Is?

Security & Compliance
Version Control

Hotel giant Marriott recently reported a massive data breach, which exposed the personal and financial information of as many as 500 million customers who made reservations at its Starwood properties.

Marriott says customer data was protected by encryption technology. But they cannot rule out the possibility that the attackers exfiltrated the encryption keys needed to decrypt the data.

Marriott claims the intrusion continued over four years. This makes it very likely that the attackers had a broad range of access. They most likely gained admin privileges. Other types of data, besides payment card information, could have also been compromised — including version control systems.

Opening the Door for a Data Breach

It’s common wisdom that sensitive data like passwords, secrets, and private keys shouldn’t be kept in an unprotected repository.

I don’t know if Starwood — which only recently merged with Marriott — is (or was) using Git. But there have been some high-profile breaches that began with credentials being stored in Git without proper security.

One notable example is the 2016 Uber breach. Driver and rider accounts of some 57 million people were exposed. In that breach, user IDs and passwords were “parked” in GitHub repositories by Uber employees.

I don’t mean to throw stones at any of the companies mentioned here. Employees sometimes share things that they shouldn’t share, even accidentally. This has become one of the easiest ways for attackers to get the information they need to compromise system security.

Discover Vulnerabilities in Your Code

If you use Git, there are tools to help you find sensitive data stored in your repositories that shouldn’t be there. These include:

  • Gitrob: This command-line tool scans can each repository in GitHub for filenames matching those in a predefined list. For example, this list could include passwords or known patterns in sensitive files.
  • Git-secrets: This was created as a project from AWS-Labs. Git-secrets can scan repositories for defined secrets based on patterns in both the file paths and content.
  • TruffleHog: This tools digs deep into your commit history to let you search repos for secrets used by applications.

These tools can help — but the most difficult part of using them is tracking down all your repos. Using a central repository can help with this. It reduces the need for developers to create their own repos to store information locally. Having a single source of truth makes it a lot easier to find sensitive data. And even if you have a lot of repositories, having a central model means it won’t take as much detective work to find cracks in your security.

There are also several purpose-built systems that are designed to store secrets, like HashiCorp’s Vault, and Square’s Keywhiz. The disadvantage of using this type of system is the additional management burden, especially in DevOps-heavy environments.

Advancing Your Data Breach Strategy

In today’s world, companies should be operating with the assumption that they are being attacked and are probably already infiltrated. For security teams, this means adopting a strategy that actively looks for weaknesses and continuously monitors access.

With the Marriot breach, once hackers infiltrated the system, their activity went unnoticed for four years. They simply looked like users accessing information. The goal was getting the keys. Then, they could drive the car wherever they wanted to go.

So how can companies protect their code and sensitive customer information?

Stepping Up Security

Perforce customers have a vested interest in security. It’s one of the reasons they choose Helix Core as their VCS. Even without the threat of data breaches from outside, companies across industries — such as game studios, semiconductor companies, financial services, automotive, and aerospace — have a strong need to protect their valuable intellectual property.

Many of our customers need to generate information for audits regularly. This includes tracking what users are doing to meet governance and compliance standards.

Using Helix Core creates a single source of truth across an enterprise. And having everything in one place makes monitoring easier. Administrators can permission access down to the individual file level. This architecture is designed to record the history of changes of millions of files accurately.

Knowing where your information is located is one aspect of security. Helix Core also ensures that you know who is accessing your system.

Strong Security Built into Helix Core

We’ve talked about the security benefits of keeping all your intellectual property in a central model like Helix Core. Helix Core servers are protected by an architecture designed with security protections.

With Helix Core, companies can enforce restrictions for traffic and content movement beyond what can be done by firewalls and ACLs. This protection extends to replicas and edge servers. Our federated architecture can be installed around the globe — so you don’t have to sacrifice performance for security at scale.

Granular Permissions and Traceability

A standout security feature of Helix Core is the ability to limit access to files and folders by user and IP address. Companies can limit actions on granular elements based on six levels: list, read, open, write, review admin, or super. With Git, for example, you only have very limited control of permissions, for entire repos — and no control over source code once it is pulled down to a developer workstation.

Helix Core’s ability to manage an immutable, traceable history is a perfect fit for companies with strong compliance and governance needs. You can track and monitor user activity for audits and use this information to discover potential security threats.

Enhanced Authentication

Perforce continues to focus on security with our development efforts. This past spring, Perforce introduced support for multi-factor authentication (MFA) in Helix Core 2018.1. It works with Okta, Ping Identity, and other IAM providers. Customers can secure access to the server via the command line, visual clients, and plugins. When users try to access the version control server, they are required to provide responses to additional authentication factors that the IT security team has chosen.

In the December Helix Core releases, we added another great new security feature — Helix SAML. This desktop agent works with your choice of provider to authenticate users via SAML 2.0. In addition to the server, this feature is implemented with the command line, P4V, P4VS, P4EXP, and Helix Swarm.

Helix Core: Your Strategy Against Data Breaches

Ultimately, it is critical to balance security, usability, and the needs of your products and projects when deciding how to protect valuable intellectual property.

The best choice for your company will depend on the amount of sensitive data you have to protect, the size of your team, and the maturity of your DevOps practice. In a multi-front war against cyberattacks, it’s important to have multiple choices.

Helix Core can provide those.

Learn More About Security