From the Office of the CISO:
Locking down the git in GitHub
Brad Moldenhauer, VP & CISO - Americas, Zscaler
For security professionals, third-party security risk concerns predate cloud computing. But as SaaS-based applications have exploded and integrations have tightened, so has the risk. This is especially true for organizations that rely on source code repositories like GitHub, which recently made news for two high-profile breaches involving customer data.
The first involved Okta, a prominent identity management and authentication solution provider. The second breach, which occurred in the first week of January, targeted Slack's chat service.
What steps can organizations using GitHub, the world’s most popular source code repository, take to protect themselves against a similar breach since they don’t own or manage GitHub’s architecture and can’t directly oversee its security? Should they continue to use GitHub at all?