By Rajat Bhargava Posted May 31, 2016
This blog post is part of a series on Security for Startups. The full list of posts is shown below:
- Securing your Applications
- Securing your Cloud Infrastructure
- Securing your Employees
- Securing your Endpoints
- Securing your Office
Many of the applications your company uses are housing critical data for your organization. These applications could be internal applications, or they could be third party applications depending on your company’s infrastructure. Some applications are hosted in the cloud and others are hosted on-premises. Whichever applications your company is currently using, it is important to lock them down to ensure that your data always stays safe and secure. With many new startups using SaaS-based web applications as the core of their organization, it is critical to ensure that access to all applications is secure. For example, source code is often stored in Github; sales data is stored in Salesforce; and financials are stored in Xero. There is a SaaS application for just about every function imaginable within any organization. The process to secure your applications doesn’t need to be difficult, but it does need to be a part of your security protocols.
Essential Security Protocols
Controlling user access to your applications is one of the most important aspects of security in a growing startup. Many of the applications being used today are critical and house important and confidential data. Connecting user access to your core directory service can make the process much simpler and more secure. A cloud-based directory service such as Directory-as-a-Service® solves this problem as a SaaS-based service. Organizations can also make it easier for their users to access applications by leveraging a True Single Sign-On™ solution.
Whenever possible, multi-factor authentication should be turned on. This is a huge improvement in securing data as it requires a hacker (or anyone trying to infiltrate the system) to not only compromise a user’s password, but also requires them to have a multi-factor access token which is usually a smartphone or tablet. Many systems and applications have added multi-factor access to help organizations increase their security.
No Shared Access
Many employees, unfortunately, will share access to applications instead of creating new accounts. Sometimes this is an issue of cost, but in most cases it is because the employees have gone ahead and leveraged an application without necessarily involving IT (or perhaps your organization doesn’t have an IT department). Shared credentials are always a risk and a security practice that should be avoided.
Eliminate Old Accounts
One of the easiest ways for systems to be compromised is to retain unused and unattended accounts. In fact, a recent study showed that 89% of former employees had continued access to at least some of their former organization’s IT resources. Not only are old credentials a security risk, but they are also a major compliance issue.
Applications today are a core part of every organization. Controlling access to those applications is one of the most important components of security for any startup.
You can find more information on Security for Startups in the video below, where we discuss the topic in the DevOps world. Additionally, check out our ebook that gives expert recommendations and best practices in DevSecOps.