Whether using AD / IDaaS / LDAP / RDBMS / NoSQL, etc. to store your web app credentials, an org needs to ensure that these are secured while at rest. And yes, while a no brainer, many orgs do not.
Whole disk / volume-based encryption is a start for all deployments, especially transparent data encryption (TDE) solutions using the KMIP for interoperability between on or off prem.
For those who follow the belt-and-suspenders model, tokenization, salted hashes, or symmetric encryption are all options for data at rest (DAR).
For deployments (NoSQL) where organic encryption functionality may not be available, add-on algorithms (Bcrypt) may be utilized.
No comments:
Post a Comment