Cloud privilege escalation is a growing concern for organizations as they embrace cloud-based infrastructure and services. To address the risks associated with privilege escalation, it's vital to implement robust security practices. In this post, we’ll cover privilege escalation as it relates to cloud security risk and the best practices for mitigation.

We're excited to share that Nightfall has been named as a Leader in Data Loss Prevention (DLP) in G2's Spring '23 rankings. Huge thank you to our customers and supporters who made this possible, and to our dedicated team who works so hard to keep their cloud data safe. This year has been a busy one, with the release of our Advanced Secrets Detection, that provide detailed metadata about discovered API keys, like whether they're active

It’s no exaggeration to say that APIs are the backbone of the modern digital economy. API usage has seen staggering exponential growth over the last two decades with sources like Postman's 2022 State of the API Report illustrating just how embedded APIs are into our modern world. In 2022, the Postman API platform saw 20 million users and over 1 billion API requests created.

API keys are unique identifiers that enable developers to access and interact with an application's data and services. They act as a bridge between applications, allowing them to share data and functionality. In today's digital world, API keys are increasingly important as they facilitate seamless communication between various applications and services.

The Nightfall platform is lauded by customers for its high accuracy detection of sensitive data across a variety of cloud environments. This helps users save time by only surfacing the most relevant and most critical instances of sensitive data exposure. We’re always looking for ways to continue to build value in this area, and many of our feature updates like our new PHI detector and enhanced secrets detection releases accomplish this.

Last month, we hosted a webinar with our CISO, Karim Beldjilali, who was formerly the CISO of Rightway a healthcare startup. Karim shared important security lessons for healthcare organizations leveraging cloud applications across their workforce. We briefly share the highlights below.

Welcome to our first ever The State of Secrets Security in SaaS Apps, an in-depth look at what security risks are posed by the data stored in organizations' SaaS applications. As companies have adopted a remote-first approach to work, these solutions have increasingly been used to send and store passwords, secrets, and API keys.

Organizations are unaware of the prevalence of API keys and secrets throughout their systems, and how their users are sharing and using them. Even with security best practices and policies in place, the lack of awareness or compliance, as well as the possibility of human error means that API keys and secrets need protection regardless of where they are stored or shared.

Last month, over the holidays, we witnessed multiple vendors experience security breaches of varying levels of severity. From LastPass and Okta to Slack and CircleCI, the news has been filled with headlines reporting on the aftermath of these incidents. We wanted to briefly cover these stories and discuss their implications for you in the current year.

Compromised secrets and credentials are the most common cause of data breaches and are often left unmanaged. In the past year alone, we’ve seen sustained growth in supply chain attacks and security incidents impacting the security of secrets stored in code repos or unknowingly shared within SaaS applications. Because of this, there is a compelling need for reliable, accurate, and actionable secrets detection for modern organizations.