News, news analysis, and commentary on the latest trends in cybersecurity technology.

Lessons From the GitHub Cybersecurity Breach

This Tech Tip outlines three steps security teams should take to protect information stored in Salesforce.

Veroljub Mihajlovic, Senior Director of Product at Flosum

September 27, 2022

2 Min Read
The front entrance of Salesforce Tower in New York, with cartoon figures of a pair of bears waving at the door
Source: Robert K. Chin - Storefronts via Alamy Stock Photo

No one likes to hear the B-word: breach. Developers definitely don't want to hear that word in relation to a platform they use day in and day out.

When GitHub revealed details about a security breach that allowed an unknown attacker to download data from dozens of private code repositories earlier this year, it was a nightmare scenario. Attackers were using information collected from GitHub to target two third-party cloud platforms-as-a-service (PaaS): Heroku and Travis CI.

Attackers had stolen OAuth tokens issued to Heroku and Travis CI and used them to access and download the contents of private repositories, GitHub found.

Where does the most sensitive information reside in your organization? For organizations using Heroku, Salesforce houses the information that, if exposed, could cripple the organization. Security teams need to think about protecting their Salesforce data. Why should they put the organization's cybersecurity at risk by relying on third-party integrations?

These three simple steps can help improve cybersecurity posture on Salesforce.

1. Use Salesforce-Native Applications

Applications built on Salesforce ensure that your data remains in one place with the same cybersecurity posture as the Salesforce platform. With apps consolidated on a single platform, the attack surface is greatly reduced.

2. Establish a Zero-Trust Model

Never trust, always verify. All users should have the minimum level of permissions and access needed to be able to complete their necessary tasks while requiring users to prove their need and identities before access. Audit everything.

3. Utilize Secrets Management

Never store credentials in clear text, and always assume private repositories are public. Having a secrets management solution ensures that your secrets are rotated along with having an appropriate level of security compliance around your credentials.

With this improved cybersecurity posture, developers, infosec teams, and the CEO will be at ease knowing that the organization's most sensitive data is secure.

About the Author

Veroljub Mihajlovic

Senior Director of Product at Flosum

Veroljub Mihajlovic is currently senior director of product at Flosum, a leading provider of end-to-end secure DevSecOps, data management, data protection, and security automation platforms, built 100% natively to Salesforce. Mihajlovic has expertise in identity and access security, DevSecOps, privileged access management, and networking solutions at an enterprise level.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights