Veza Launches GitHub Integration to Stop IP Theft, Enabling Organizations to Enforce Access Policies on Source-Code Repositories

New integration allows security and identity teams to secure access to sensitive data on GitHub and meet compliance requirements

Veza, the authorization platform for identity-first security, announced an integration with GitHub, the software collaboration platform that is home to over 100 million developers and 330 million repositories worldwide. With this integration, Veza customers who use GitHub can now keep company IP out of the hands of threat actors by managing access permissions to the organization’s codebase.

Identity-related attacks continue to be the top culprit behind data breaches. Once a threat actor gains unauthorized access to source code, they can inject malicious code into a project, unchecked by engineers and security teams. With just one-time access, a threat actor can download code for offline viewing, giving them ample time to look for exploits, find customer data, and harvest credentials and API keys. An incident at Okta, reported in December, showed how hackers could retrieve source code by gaining unauthorized access to GitHub repositories.

Marketing Technology News: MarTech Interview with Mona Popli, Vice President of Product Marketing at Heap

Source code is valuable IP and an attractive target for theft. However, it can be challenging to maintain appropriate access permissions across all the organization members, outside collaborators, teams working in GitHub. It’s common for internal employees to collaborate with external contributors, so there is no single identity provider to track all users and ensure MFA (multi-factor authentication) is being used. Moreover, developers often use their personal GitHub identity across multiple jobs, making it difficult to distinguish internal from external contributors. While GitHub’s out-of-the-box permissions management system offers fine-grained access control, organizations struggle to understand those permissions. The challenge grows with the number of contributors.

“For many of our customers, GitHub repositories contain the crown jewels of the company, so we’re giving them the power to find and fix inappropriate access,” said Tarun Thakur, co-founder and CEO at Veza. “When threat actors are working everyday to find vulnerabilities, it’s no longer an option to rely on quarterly access reviews. Veza makes it easy to achieve continuous compliance.”

Marketing Technology News: Top 4 Trends Advertisers Should Expect for the Streaming Ecosystem in 2023

“To secure our customers’ data and stay compliant with global regulations, it’s critical to maintain the integrity and confidentiality of our source code,” said Frank Dellé, Head of Global Compliance, Nozomi Networks. “Veza enables us to monitor and enforce our access policies across GitHub and other data systems, allowing us to manage role-based access control at scale. With Veza, we can understand the combined effect of our access control layers to maintain least privilege.”

With Veza’s integration for GitHub, identity and security teams go beyond role-based access control to understand what actions users can take (read, write, delete). Veza customers can automatically find excessive permissions and take steps to remediate. For teams that work on IAM, security assurance, and compliance, Veza accelerates access reviews and certifications with automated workflows.

Key features of the integration with GitHub:

• Perform access reviews and remediation for any GitHub repository
• Visualize access across internal and external collaborators
• Architect least privilege access controls
• Audit orphaned or inactive local GitHub accounts to eliminate unnecessary access
• Configure alerts for changes in permissions to highly sensitive code, such as Infrastructure as Code repositories