Data breaches and hacks can cost companies millions. To protect sensitive data, you have to ensure that your entire system is compliant with data security standards and regulations. To properly evaluate your level of compliance, you need to conduct a data security audit. In this post, we’ll look at how to conduct a data security audit. You'll learn about the different types of audits, and the steps to take when conducting an audit.
Companies today are consuming and deploying more data than ever. At the same time, there's also a growing cybersecurity talent shortage, as well as an increasingly dangerous threat landscape. Unfortunately, this combination leaves companies at risk for costly breaches and vulnerabilities. For this reason, many traditional IT security engineers are upskilling and transitioning into data security to help close the cybersecurity gap and protect private data.
Hiring is hard. If you're a remote company like we are, you already have a head start. A larger pool of applicants, more practical benefits over a "fun office", etc. That doesn't mean that when the time comes to hire for a new role, you will immediately find the perfect candidate. When we were hiring for our recent frontend developer role, we were surprised how hard it ended up being. Not for lack of candidates, but instead for the right fit within our existing team.
As we explained in a previous blog post, we decided to pivot at the end of summer 2020. Pivoting our products has been a major change in our cross-functional team’s organization, and we used it as an opportunity to start our UI/UX and an engineering processes from scratch. One of the aspects of that change is the organizational changes it implied, driven by our desire to iterate fast with the first pioneer users of the product that were—and still are—helping us build it.
Usability testing is a method for evaluating your product to see how it performs in real contexts. It helps test user behavior, performance, and satisfaction, while consequently offering opportunities to improve the user experience within the product. Often, in a fast-paced company, user research ends up overlooked because it takes up time and resources. However, all the team's hard work will be wasted if you end up making something that nobody wants to use.
Bearer is a Static Application Security Testing (SAST) tool that enables security and engineering teams to identify and mitigate data security risks throughout the software development lifecycle. It integrates with Source Code Management (SCM) software (see Git repository integrations for more details) to scan your code repositories, discover and classify data flows, and detect gaps with your data security policy.
Data leaks and breaches lead to business risks such as regulatory fines, brand damage and revenue loss. In order to protect your organization against it, you must implement security policies that describe your data taxonomy as well as the security controls for each category of data. From there, you can uncover and classify data flows across your products, audit security controls, identify gaps with your security policy, and remediate issues.
When it comes to use cases like quick code formatting and syntax highlighting across many languages, tree-sitter is an excellent tool. But it does so much more than that. At Bearer, we use it as the base for our static code analysis feature. In this article we’ll look at tree sitter, how to use it, and how to avoid some of mistakes we made when implementing it. This should help you in making the decision if tree sitter is a good choice for your use case.
DevSecOps refers to the integration of security controls across the whole software development lifecycle. It is first and foremost an organizational culture, enabled by processes and tools, where development teams share the responsibility for delivering secure software with the security team. This differs from organizations where development and security responsibilities are completely siloed in distinct teams.
At Bearer, we often get asked: “How do you detect and classify data just by scanning the source code?” To answer that, we need to answer two important questions.
