Monitor sensitive data [3**-** ***7] that resides in code

Monitor code for sensitive data to reduce the risk of accidental exposure or compliance violation.

2 minutes read

Recently, Wiz launched innovative services to become the first CNAPP solution to deliver integrated Data Security Posture Management and to enable secure cloud development. Today, we are expanding Wiz's Data Security Posture Management (DSPM) capabilities to monitor code bases for sensitive data.  

Customers can leverage Wiz's DSPM data classifiers to identify sensitive data in development environments (IDEs), code base, pull requests, and CI/CD platforms. This new capability helps Developer and Security teams reduce the risk of accidental data exposure, avoids compliance violations, prevents data policy violations and helps establish organizational baselines.   

Peek-a-boo, I see you: The risk of sensitive data in code  

Preventing the exposure of sensitive data should be a top priority. Whether intentional or accidental, data leaks can cause substantial risk to the parties involved. Sensitive data, like SSNs or credit card details, can inadvertently end up in code during the application development process, either because it was used during testing or overlooked during the rush to meet deadlines. Traditional approaches to monitor and remediate sensitive data in code are cumbersome to use, lack context and often do not meet the needs of both developer and security teams. This exposes the data to breaches, risking unauthorized access and exploitation, and contravenes laws that require stringent data handling, like GDPR, CCPA, PCI-DSS, and HIPAA. To mitigate these security and privacy risks, it's crucial for organizations and developers to implement secure practices to detect, obfuscate, and report sensitive data in the code base. Neglecting such measures compromises user privacy, attracts legal penalties, and erodes user trust.  

DSPM for code  

Customers can use either the Wiz CLI or Wiz's version control scanners to enable the new DSPM capabilities. These capabilities enable you to identify sensitive data types such as PCI, PII, and PHII during code scanning in your IDE, code base, pull requests, and CI/CD platforms. After you have identified sensitive data in your code, you can take remediation steps to address any issues, so you are building securely from the source. Security teams benefit by reducing the risk of sensitive data in code and compliance violations and developers benefit with quicker detection of sensitive data that might be accidentally included in code.  

How to get started  

Configuring and setting up your scanning policies for sensitive data is easy. Wiz enables complete flexibility and control when defining the scope of policies and what action to take when sensitive data is detected. For example, organizations can scope the application of policies to all resources, or granularly apply the scans to specific directories. Additionally, organizations can choose to either audit or block any findings based on their business needs.   

Analyzing the results of a scan  

Customers can leverage sensitive data findings in a Wiz scan to understand the scope and severity of data leakages in a code base. Under each scan result, you can now review all the sensitive data findings along with severity and count.

These new capabilities will help developers and security teams detect and reduce the risk of accidental sensitive data exposure in their code base and remain compliant at all times. To get started with Wiz DSPM scans for sensitive data in code, read the latest Wiz docs and release notes. New to data scanning? Read the data scanning docs. Questions? We’d love to hear from you. Reach out and our team will be glad to assist.     

Continue reading

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management