2 min reading Mon Sep 19 2022
Your digital footprint and why it matters
While a lot of companies are well protected towards internal attacks, thanks to their multiple levels of firewalls, anti-malware and EDR solutions, and other security controls, many of them haven't given their outside perimeter much thought.
Of course, we all know that we need a perimeter firewall to protect our exposed services, and preferably a web application firewall as well in front of our web applications. And we even have vulnerability scanning enabled on our external IP range. Or do you?
Do you know the full extent of what your company exposes on the Internet? As companies grow, so does their exposure on the Internet. New websites are launched, a new application, or customer facing web front end is launched. They onboard a cloud based application, hosted on a different continent. The marketing department came up with some clever ideas to attract more traffic by starting online competitions or sponsorship deals. And before you know it, you no longer have visibility, let alone an idea on the risks, of your Internet exposure, or your so called digital footprint.
Over time your digital footprint will be composed out of
- assets you know of; like your external IP Range, main website, important web applications, email infrastructure, etc ... most often these are well managed!
- assets you lost out of sight; could be source code repositories, cloud based file shares, older websites, or any other asset that for some reason have never been properly decommissioned.
- assets out of your control; cloud based infrastructure or applications provided by third parties, affiliates, subsidiaries to your company. These are assets that impact your digital footprint and might compose a risk when compromised, yet are outside your zone of control.
- rogue assets; these are assets such as websites launched by your marketing or HR department without following the due diligence processes of procurement and IT (Security). While these have been launched for the good of the company, by not following the correct processes your IT (Security) department might not know of these and the potential risks they pose.
Your company's digital footprint will only grow over time, exposing it's brand and increasing the amount of assets and information that is exposed. And we haven't touched your vendors and third parties yet which might also virtually extend your digital footprint!
Getting a grip on your digital footprint starts with the ability to enumerate all your exposed assets, assessing the risks, and then manage those risks on a prioritised basis.
I'll be writing a weekly blog post on all of these aspects, so stay tuned! Do reach out to me if you'd like to share your experience or you'd need some more information of advice, always happy to help out!