Hey kids! Let's chat a little about secuirty. It's become a hot topic these days with all the data breaches happening to well known companies like Capital One, T-Mobile, and Lastpass to name a few.
There are so many ways to try to secure your data these days, that some companies are choosing to use only 1 or 2 security protocols, discarding some really great measures that could help secure their data. There's not a "perfect" set of protocols to follow, it really depends on what your business is, what data you hold, and how vulnerable you could be to a hacker.
Let's talk about one way to help secure your data. Using a TLS handshake when connecting to API endpoints or databases is a good start. On top of tokens and encryption, using the latest TLS version is taking a great step. Many organizations are still using TLS 1.0 which has some vulnerabilities and has been depreciated. If your company is using versions below 1.2 or not suing one at all, it would be a good idea to bring up this vulnerability and get it on your board for maintenance uogrades as soon as possible. Your security and network administrators will thank you for it!
Why use TLS? Well it is a Transport Layer Security protocol that helps secure communications over the internet. It helps to make sure only the recipient receives your email, or when you plug in your credit card to buy that fancy mug, only the seller gets your information. This is very important for businesses who buy and sell products or services online. Any website, app, or program that uses HTTPS landing pages or API's should be using TLS 1.2+ for all digital transactions.
Microsoft lists best practices to help you determine the best way to secure your system with a great article here.
A great tutorial on adding TLS 1.2 to your code is here at Microsoft's blog. It doesn't take long and you're importing a Microsoft built in library to do it so it takes very little effort. If you run into problems, please contact me or comment on this post and I'll be happy to help!