CIO Influence
CIO Influence News IT and DevOps

Veza Launches GitHub Integration to Stop IP Theft, Enabling Organizations to Enforce Access Policies on Source-Code Repositories

Veza Launches GitHub Integration to Stop IP Theft, Enabling Organizations to Enforce Access Policies on Source-Code Repositories

Veza, the authorization platform for identity-first security, announced an integration with GitHub, the software collaboration platform that is home to over 100 million developers and 330 million repositories worldwide. With this integration, Veza customers who use GitHub can now keep company IP out of the hands of threat actors by managing access permissions to the organization’s codebase.

Identity-related attacks continue to be the top culprit behind data breaches. Once a threat actor gains unauthorized access to source code, they can inject malicious code into a project, unchecked by engineers and security teams. With just one-time access, a threat actor can download code for offline viewing, giving them ample time to look for exploits, find customer data, and harvest credentials and API keys. An incident at Okta, reported in December, showed how hackers could retrieve source code by gaining unauthorized access to GitHub repositories.

CIO INFLUENCE: Ascend.io Launches Solution in Partnership with Snowflake, Enabling Cost Savings for Data Teams

Source code is valuable IP and an attractive target for theft. However, it can be challenging to maintain appropriate access permissions across all the organization members, outside collaborators, teams working in GitHub. It’s common for internal employees to collaborate with external contributors, so there is no single identity provider to track all users and ensure MFA (multi-factor authentication) is being used. Moreover, developers often use their personal GitHub identity across multiple jobs, making it difficult to distinguish internal from external contributors. While GitHub’s out-of-the-box permissions management system offers fine-grained access control, organizations struggle to understand those permissions. The challenge grows with the number of contributors.

“For many of our customers, GitHub repositories contain the crown jewels of the company, so we’re giving them the power to find and fix inappropriate access,” said Tarun Thakur, co-founder and CEO at Veza. “When threat actors are working everyday to find vulnerabilities, it’s no longer an option to rely on quarterly access reviews. Veza makes it easy to achieve continuous compliance.”

CIO INFLUENCE: Anglicare Leverages Ribbon and Switch Connect for Voice Consolidation and Path for Microsoft Teams Deployment

“To secure our customers’ data and stay compliant with global regulations, it’s critical to maintain the integrity and confidentiality of our source code,” said Frank Dellé, Head of Global Compliance, Nozomi Networks. “Veza enables us to monitor and enforce our access policies across GitHub and other data systems, allowing us to manage role-based access control at scale. With Veza, we can understand the combined effect of our access control layers to maintain least privilege.”

With Veza’s integration for GitHub, identity and security teams go beyond role-based access control to understand what actions users can take (read, write, delete). Veza customers can automatically find excessive permissions and take steps to remediate. For teams that work on IAM, security assurance, and compliance, Veza accelerates access reviews and certifications with automated workflows.

Key features of the integration with GitHub:

  • Perform access reviews and remediation for any GitHub repository
  • Visualize access across internal and external collaborators
  • Architect least privilege access controls
  • Audit orphaned or inactive local GitHub accounts to eliminate unnecessary access
  • Configure alerts for changes in permissions to highly sensitive code, such as Infrastructure as Code repositories

CIO INFLUENCE: Datometry Releases Driver Integration for BigQuery, Further Future-Proofing Its Customers’ Investments

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Avanan Announces Successful Completion of SOC 2 Type 2 Examination

Industry First Microcontroller Integrated with a Robust Secure Subsystem and Arm TrustZone Technology

CIO Influence News Desk

Trintech Strengthens Commitment to Partner Ecosystem with Chief Partner Officer Appointment

PR Newswire