Join us Thurs, June 24 at 11 AM PT for a live discussion about the growing risks of data exfiltration posed by code repos. Learn more.
Acquia guards against data exposure with Nightfall
A great website is the cornerstone of an online presence for users who are building their virtual brands and connecting with their audiences. Acquia understands the web hosting needs of their customers and makes it easy to host Drupal websites in Amazon Web Services (AWS). Acquia integrated Nightfall into their security stack to safeguard customer and employee data like API tokens, secrets, and passwords from improper exposure in GitHub.
Guarding against data exposure in GitHub
Robert Former is the cybersecurity leader at Acquia. As the Chief Information Security Officer and VP of Security, Robert must ensure security and compliance policies are in place to keep Acquia’s clients data safe. “Our goals are to protect Acquia’s clients’ data and our own data, both from internal attacks and from external attacks,” Robert says. “Our first priority is angled toward the client, because our clients have clients. There’s a duty of responsibility for us. When we bring in our client’s data, they’ve made a promise to their clients to protect that data.”
The Acquia security operations team uses different platforms and applications to find vulnerabilities in Acquia’s systems to detect system attacks and data leaks through potentially vulnerable pathways, like GitHub. Guarding against data exposure in GitHub requires a blend of strong data security and compliance expertise.
Meeting cybersecurity challenges with DLP
One of the biggest challenges for cybersecurity teams is uniting their data and systems into a central infrastructure to manage threat detection and response more effectively. Acquia’s developers use GitHub for a wide range of functions, including provisioning code for all customer websites in Drupal. Robert’s team is responsible for protecting the massive variety of Acquia’s customer data, including information hosted in GitHub repositories and responding to vulnerabilities that could expose critical information belonging to customers or Acquia employees.
Acquia came to Nightfall looking for a solution to detect secrets and passwords at risk. Nightfall also helps Robert’s team connect the silos across the cybersecurity organization. As the infosec leader, Robert has a more complete overview of where the risks occur and how he can respond to threats with Nightfall. “As a CISO, it’s helpful for me to have the Nightfall dashboard where I can sort and see our findings,” he says. “We can catch issues before they become problems, and we can show where those issues may have been problems in the past.”
Putting it all into one platform
Nightfall takes the guesswork out of securing secrets & credentials in GitHub without draining time and resources away from Acquia’s security processes. “The biggest benefit we’ve seen is a drop to zero in security token and password leakage,” Robert says. “The code in our repositories today is safe against internal and external intrusion and compromise. Quite often, tools will be focused on protecting you from the outsider.”
One major benefit for the team is how Nightfall makes it possible to secure all the data under Acquia’s stewardship, including the data that comes from their clients’ clients. With Nightfall, Acquia combines compliance coverage, threat management, and customer confidence in one platform. The cybersecurity team can prove the value of adding data loss prevention (DLP) to their security stack with actionable results from Nightfall’s automated detection and classification of sensitive data, and the Acquia security team can rest easy knowing that Nightfall helps them take a proactive approach to managing their cloud security attack surface.
“Nightfall protects us from outside threats and inside vulnerabilities. It has been fantastic in helping us identify programmatic and procedural issues on our teams so that we can remediate them, rather than simply mitigate them.”
Nightfall is the industry’s first cloud-native DLP platform that discovers, classifies, and protects data via machine learning. Nightfall is designed to work with popular SaaS applications like Slack, Google Drive, GitHub, Confluence, Jira, and many more via our Developer Platform. You can schedule a demo with us below to see the Nightfall platform in action.
Schedule a Demo
Select a time that works for you below for 30 minutes. Once confirmed, you’ll receive a calendar invite with a Zoom link. If you don’t see a suitable time, please reach out to us via email at firstname.lastname@example.org.