We interviewed Jinseok Yeo from ENligthen, Korea's No. 1 energy IT platform company, about how they've implemented commitments!
Let's find out how ENligthen is securing Credential and Secret.
We are a company that creates value beyond connection by gathering more energy, more powerful energy.
By connecting scattered renewable energies with IT technology, we are implementing a platform trading platform where supply and consumption can be freely exchanged.
Currently, we provide online business feasibility review services and reliable asset management services to power generators using the platform, RE100 consulting and power trading services to companies that need renewable energy electricity, and have signed power purchase agreements (third-party PPAs) with NAVER New Building and Lotte Global Logistics.
EnLighten's power generation king service is the largest single service in Korea, with more than 22,000 locations nationwide and more than 5.4 GW of power plants connected, and a market share of 25%.
Attackers are constantly searching public code repositories such as GitHub to find 'secrets'(secrets, credentials) left by developers by mistake. In addition, secrets exposed by minor mistakes in internal messengers and collaboration tools are a risk that can be exploited by attackers.
We, as well as many companies around us, have been struggling with the detection and management ofsecrets and credentials in repositories, collaboration tools, and messengers because there is no special solution for them.We quickly decided to adopt Commit because of its low cost, real-time detection and notification, dashboard function to check the status at a glance, and easy integration.
One of the fundamental features of Commit is the Secret Table and Sensitive Table, which gives you an overview of where your credentials are exposed. In addition to showing you where a secret key is exposed, Commit also tells you if the secret is active, so you can prioritise your actions. I open a ticket to the development team or other members who need to know which Secret and Credential values are active and take action based on where they are exposed.
I especially like the fact that since the introduction of commits, I can find sensitive secrets found in development sources that were developed in the past but are not being maintained, clean up those development sources, and find information that can be improved. Also, the intuitive dashboard after logging in allows me to see what's going on, which is very helpful in my work to improve the security of Enlighten.
(Commit) In fact, Enlighten made a decision to adopt it within 3 days after the PoC, and since then, we've been using it to respond to credential threats with an easy integration that takes less than 30 minutes.
We will continue to actively use commit to support the hard work of our developers, secure the services our members provide to their customers, and detect outdated credentials that are no longer in use.
We will continue to work on internal training, credential management guides, and cost savings by cleaning up unused services, and we believe that the various collaborations and connections with Kremit can be synergistic in this process.
Enlighten operates services such as solar integration business, energy IT platform, and VP platform for energy trading. It is the No. 1 energy platform company in Korea that is innovating the energy market with its outstanding technology and expertise.
With KRW 44.5 billion in cumulative investment, 5,344MW in total service volume, and the most used platform by power producers, we have a team with years of experience from diverse backgrounds including Seoul National University, UC Berkeley, EY, Mirae Asset, Samsung Electronics, and Tada.
We're excited about energy trading and energy innovation led by ENlighten! We're excited to have Crimit as a trusted partner to help secure the energy IT platform leader's journey.
Meet the Cremit!