Customer Interview: Insights from ENlighten

Published on
February 26, 2024
We interviewed Jinseok Yeo from ENlighten, Korea’s top energy IT platform, on how they secure credentials and secrets. Here’s their approach to security.
Ben Kim

Entrepreneurship, Security Engineer, Innovation

TABLE OF CONTENT
Subscribe to our newsletter
Read about our privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

We had the pleasure of interviewing Jinseok Yeo from ENligthen, Korea’s leading energy IT platform. In this conversation, we explored how ENligthen has implemented commitments and kept credentials and secrets secure. Let’s dive into their journey and discover their innovative approach!

Image featuring the ENlighten logo mounted on a wooden background, accompanied by the tagline ‘More Energy, More Powerful.’ The logo design incorporates a modern and minimalistic style, with the ‘EN’ portion enclosed in a geometric shape, symbolizing innovation and energy efficiency. This visual represents ENlighten’s branding and commitment to providing advanced solutions.

Who is Enlighten?

We are a company that creates value beyond connection by gathering more energy, more powerful energy. By connecting scattered renewable energies with IT technology, we are implementing a platform trading platform where supply and consumption can be freely exchanged. Currently, we provide online business feasibility review services and reliable asset management services to power generators using the platform, RE100 consulting and power trading services to companies that need renewable energy electricity, and have signed power purchase agreements (third-party PPAs) with NAVER New Building and Lotte Global Logistics. ENLighten's power generation king service is the largest single service in Korea, with more than 22,000 locations nationwide and more than 5.4 GW of power plants connected, and a market share of 25%.

Transforming distributed energizer resources into IT technology and a platform for free trading between suppliers and consumers

Enlighten operates services such as solar integration business, energy IT platform, and VP platform for energy trading. It is the No. 1 energy platform company in Korea that is innovating the energy market with its outstanding technology and expertise. With KRW 44.5 billion in cumulative investment, 5,344MW in total service volume, and the most used platform by power producers, we have a team with years of experience from diverse backgrounds including Seoul National University, UC Berkeley, EY, Mirae Asset, Samsung Electronics, and Tada.

a solar-paneled building under a clear blue sky, symbolizing renewable energy and sustainability.


What problems were you facing before implementing Cremit?

📌 Secret targeting by attackers

Attackers are constantly scouring public code repositories like GitHub for accidentally exposed secrets, such as credentials and API keys. Even minor mistakes, such as sharing secrets in internal messaging or collaboration tools, can create vulnerabilities that attackers may exploit.

📌 Threats don't have the solutions they deserve

Like many companies, we struggled with detecting and managing secrets and credentials across repositories, collaboration tools, and messaging platforms due to a lack of specialized solutions. That’s why we quickly chose Cremit. Its low cost, real-time detection and notifications, intuitive dashboard for at-a-glance status updates, and seamless integration made it an obvious choice.

What's your favorite feature of Cremit?

📌 Quick security improvements based on active Secret information

One of the fundamental features of Cremit for us are both the Secret and Sensitive Tables, which gives us an overview of where our credentials are exposed. In addition to showing us where a secret key is exposed, Cremit also tells us if the secret is active, so we can prioritize our actions. I open a ticket to the development team or other members who need to know which secret and credential values are active and take action based on where they are exposed.

Screenshot of CREMIT’s Secret Management Dashboard, highlighting a comprehensive table of detected secrets. The table displays details such as the source, status (active/inactive), secret label, secret type (e.g., AWS, SendGrid), and detection timestamp. The interface includes filtering options for source type and secret type, as well as an export CSV feature. This image illustrates how CREMIT helps organizations track and manage exposed credentials, prioritize actions, and maintain secure operations.

I especially like the fact that since the introduction of Cremit, we can find sensitive secrets in source codes that were developed in the past but were not being maintained, clean them up, and find improvement points. Also, the intuitive dashboard allows me to see what's going on, which is very helpful in improving the security of Enlighten.

What are your future plans for using Cremit?

We are committed to actively leveraging Cremit to support our developers, secure the services our members deliver to their customers, and identify outdated credentials no longer in use. Additionally, we will continue enhancing internal training, refining credential management guidelines, and reducing costs by cleaning up unused services. We believe that collaborating closely with Cremit will create valuable synergies throughout this process.


We're excited to have Cremit as a trusted partner to help secure the energy IT platform leader's journey.


Curious why Enlighten trusts Cremit to safeguard their credentials? Join them and take the first step toward securing yours!

Contact Us!

Latest posts

About Cremit!

Enjoy articles, resources and Non-Human Identity Best Practices
Announcement
8 min read

Full Version of Nebula – UI, New Features, and More!

Explore the features in Nebula’s full version, including a refined UI/UX, fine-grained access control, audit logs, and scalable plans for teams of all sizes.
Read post
Announcement
8 min read

Unveiling Nebula: An Open-Source MA-ABE Secrets Vault

Nebula is an open-source MA-ABE secrets vault offering granular access control, enhanced security, and secret management for developers and teams.
Read post
8 min read

Vigilant Ally: Helping Developers Secure GitHub Secrets

The Vigilant Ally Initiative supports developers secure API keys, tokens, and credentials on GitHub, promoting secure coding and secrets management.
Read post