It recently came to light that public and private companies have been putting far too much trust in the collaboration platform Trello, with some IT teams storing sensitive access data in plain view on the service’s public boards. While Trello is a great tool to keep teams in communication with each other, many companies that should know better – even IT departments and security teams – have been putting way too much trust behind the service’s relatively straightforward defenses against bad actors.
What’s the danger with this practice?
Organizations are unwise to only secure their most sensitive data behind an easy-to-crack password – especially on a platform that’s designed for collaboration, not security. This is even more troubling considering the borderless nature of modern networks, which support a growing array of devices and remote users that only compound security vulnerabilities.
To that end, even when organizations put robust policies and “best practices” in place to foster safe Internet use, enforcement is difficult as network traffic booms. Without a layered approach to network security and the ability to monitor users, devices and programs, the potential for data theft grows significantly.
Why would companies think this is secure?
It’s surprising that any company would store sensitive data on such a vulnerable platform without putting additional safeguards in place. Even the most creative passwords are relatively easy for skilled hackers to crack, and there is no built-in safety net to protect the information on programs like Trello once a password has been compromised.
What are the best options for sharing credentials securely?
Teams need to take a defense-in-depth approach to cybersecurity to ensure that when one layer of network protection is compromised, there are additional safeguards in place to stop data theft. Further to that, security teams need complete visibility into all activity taking place on the network to identify bad actors, compromised devices or policy violations in real-time. A holistic take on network security is key.
When it comes to sharing credentials, giving others access to actual passwords simply isn’t necessary. Industry standards like SAML authentication – which allows passwords to be managed centrally while veiling the actual credentials from outside eyes – should be commonplace across organizations. Multi-factor authentication is another important measure that should be employed universally as part of the layered defense posture teams need to take to secure their most important data.
To learn more about how iboss leverages a suite of advanced threat protection capabilities in place to secure networks, read our whitepaper, “Defense-in-depth and the Distributed Gateway Platform.”