2 min reading Mon Aug 30 2021
Your digital footprint and why it matters
While a lot of companies are well protected towards internal attacks, thanks to their multiple levels of firewalls, anti-malware and EDR solutions, and other security controls, many of them haven't given their outside perimeter much thought.
Of course, we all know that we need a perimeter firewall to protect our exposed services, and preferably a web application firewall as well in front of our web applications. And we even have vulnerability scanning enabled on our external IP range. Or do you?
Do you know the full extent of what your company exposes on the Internet? As companies grow, so does their exposure on the Internet. New websites are launched, a new application, or customer-facing web front end is launched. They onboard a cloud-based application, hosted on a different continent. The marketing department came up with some clever ideas to attract more traffic by starting online competitions or sponsorship deals. And before you know it, you no longer have visibility, let alone an idea of the risks, of your Internet exposure, or your so-called digital footprint.
Over time your digital footprint will be composed out of
- assets you know of; like your external IP Range, main website, important web applications, email infrastructure, etc ... most often these are well managed!
- assets you lost out of sight; could be source code repositories, cloud-based file shares, older websites, or any other asset that for some reason has never been properly decommissioned.
- assets out of your control; cloud-based infrastructure or applications provided by third parties, affiliates, subsidiaries to your company. These are assets that impact your digital footprint and might compose a risk when compromised, yet are outside your zone of control.
- rogue assets; these are assets such as websites launched by your marketing or HR department without following the due diligence processes of procurement and IT (Security). While these have been launched for the good of the company, by not following the correct processes your IT (Security) department might not know of these and the potential risks they pose.
Your company's digital footprint will only grow over time, exposing its brand and increasing the number of assets and information that is exposed. And we haven't touched your vendors and third parties yet which might also virtually extend your digital footprint!
Getting a grip on your digital footprint starts with the ability to enumerate all your exposed assets, assess the risks, and then manage those risks on a prioritised basis.
I'll be writing a weekly blog post on all of these aspects, so stay tuned! Do reach out to me if you'd like to share your experience or you'd need some more information or advice, always happy to help out!
Jimmy is the founder, CEO and CTO of Ceeyu. Prior to founding Ceeyu, Jimmy was responsible for cybersecurity programs at large financial institutions and consulting company EY. Jimmy started his career as a security engineer. His duties included installing and managing firewalls, scanning infrastructure for vulnerabilities, and performing pen testing and ethical hacking.