Privacy and Security

What data are you storing that could be used against you or your customers?

As I’ve been working on my new product, I’ve realized that I’m not taking these issues seriously enough, and I’m doing something about it. I’ve decided to encrypt all data at rest (which means all data sitting in my database), and encrypt all configuration settings. There’s really no excuse to not do everything you can on this issue anymore.

Here’s a checklist you can use for a quick security audit:

• Have we checked in any usernames and passwords for our services to our source code repository?
• Are there any tokens or credentials sitting in clear text on your deployment servers?
• Have we encrypted all data at rest? If not, why not?
• Is all data in transit (between system components) encrypted?
• Have we used Least Privilege access for all components and users?

You also need to have regular security and privacy audits done by an outside firm. There’s too much to keep track of, and too many ways to get screwed. I recommend this company.