By Brian DeWyer, Reveille CTO
In the wake of the news surrounding the government and commercial data breaches via the recent supply chain based breaches, a number of customers have asked us what safeguards we have in place to protect the Reveille platform itself as well as the content of our customers.
Security is a fluid and constantly evolving discipline that must be continuously tested and improved. As so many recent breaches and compromises have shown, it’s also not just about having the latest and greatest technologies in place. The human piece of the security equation is often overlooked yet is foundational to today’s highest performing security teams.
So in light of these high profile events, we thought it would be a good time to highlight some of the key best practices, processes, and methodologies that we have adopted and codified over the past decade. At the highest level, some of these measures include:
- Highly Controlled Access to Code: Source code control is an important vehicle for managing change and consequently, for ensuring that potential vulnerabilities are not accidentally introduced. Of perhaps even greater importance, these controls provide an auditable record of accountability by showing when changes were made and by whom. In addition, we restrict access to update the Reveille Platform, as well as our private data center environment, to a small number of qualified employees as an additional risk-limiting control layer that reduces the potential for these types of source code vulnerabilities.
- Centralized Technology Access Management: While decentralized IT models have become all the rage with the rise of cloud computing, SaaS based code repositories, and other shared service capabilities, we subscribe to a centralized approach to security as it enables our team to exert more granular controls over workloads and user access restrictions (including active log access management, two-factor authentication, and IP restrictions) that provides a more simplified and streamlined management process that reduces the attack surface area and potential for human error.
- Restrict External Public Access: To further protect the integrity of our platform, we maintain tight controls over any external partners and restrict anyone from outside our domain accessing Reveille’s development environments.
- Aggressively PenTest All 3rd Party Components: As demonstrated by the ‘supply-chain’ nature of recent breaches, any third-party tool or component represents a potential vector of compromise. To this end, Reveille regularly and aggressively performs proactive penetration testing and egress traffic analysis on every third-party application and component that touches our platform.
- Conform with OWASP Standards: The Open Web Application Security Project (OWASP) is a non-profit foundation dedicated to improving application security. As a part of this community, Reveille, incorporates OWASP best-practices, reference models, and accepted standards into our own software development lifecycle.
- Continuous Quality Assurance: Throughout the entire application lifecycle and prior to any new updates being published for our customers, we continuously conduct and test multiple times against a rigorous and multi-step quality assurance process that provides another important layer in our application security model. We also regularly track and monitor CISA, CVE, and other key security announcements.
- No embedded ‘hidden’ software external access: Reveille software does not update, collect system information, gather product usage data or send ‘behind the scenes’ information back to Reveille Software. The egress access profile for an installed Reveille system is always under your direct control and management.
We have also received some inquiries from customers who are running compromised software on Reveille servers as to what steps they might need to take to ensure their infrastructure is secured. Rest assured that if you determine that some of those servers need to be rebuilt, we are here to help you troubleshoot and assist with the Reveille rebuild tasks to minimize any potential downtime.
How Reveille Protects High Value Content
Each year, Verizon releases its annual Data Breach Investigation Report (DBIR) which details how the threat landscape is evolving. In Verizon’s 2019 report, their research team found that approximately 34% of breaches involved internal actors. And perhaps more disturbingly, this percentage has been steadily on the rise since 2015.
As we have learned over the past decade, sometimes the greatest threats come from users who appear to be legitimate users. Which is one of the reasons why we are seeing more organizations begin to look at the behavioral traits along with the context of their actions to determine if something might be amiss. Are a large number of documents being downloaded at odd times or from an unusual geographical location? Is a certain user attempting to view sensitive content from another department? Is an external actor attempting to impersonate a legitimate user to conduct corporate espionage?
In early January 2021, it was reported that Ticketmaster was forced to pay a $10 million fine after several employees utilized unlawfully obtained passwords to hack a rival company’s computer systems in an attempt to “choke off” their competitor and gain market share. These employees it turned out had previously worked for the victim organization and when they left for Ticketmaster, they were still able to access sensitive confidential documents and resources of their former employer.
Given the growing volume of sensitive content that resides in ECM and CSP systems, it’s hardly surprising that enterprise IT leaders are prioritizing initiatives to ensure the integrity of their most sensitive content repositories. To learn more about how Reveille protects sensitive content from insider threats and external bad actors, download the Reveille Content Security Datasheet.