top of page
Search

Explaining business impact: 50 consequences of storing your API key in the label/code/ any other available space in the system

Updated: Sep 10


ree

I once faced a situation where I had difficulty convincing a customer to prioritize high-security risk items over new features. This is why I decided to start a new series of articles today: 'Explaining Business Feedback: 50 Consequences of Failing to Adhere to Certain Salesforce Patterns.' In this article, I am going to talk about technical debt, which, in my opinion, should be fixed first.


Let me share with you the business impact of implementing integration with a security token placed in code, a custom label, or any other accessible place.


The most important are marked in red


Consequences Related to Security and Compliance

  1. Leak of sensitive data (e.g., customer data, financial records). A publicly exposed API key is like a master key to a cabinet full of confidential information. If it falls into the wrong hands, an attacker can use it for unauthorized access to external databases, payment systems, or repositories, leading to a massive leak of Personally Identifiable Information (PII).

  2. Unauthorized access to external systems that the API connects to. Anyone who obtains the secret can impersonate the application and perform operations in an external system, such as deleting data, modifying orders, or sending spam messages from an authorized source.

  3. Digital identity theft in related services. A compromised secret can be used to compromise a user's account in another service, leading to identity theft within a broader digital ecosystem.

  4. Violation of compliance with regulations such as GDPR or HIPAA. These regulations require companies to implement appropriate technical and organizational measures to protect data. Storing secrets in plain sight is a clear violation of this requirement, exposing the company to severe legal consequences.

  5. Loss of security certifications (e.g., ISO 27001). Certifications like ISO 27001 or SOC 2 require demonstrating that the company adheres to best practices in information security management. Exposed secrets in the code or system automatically signal non-compliance with these standards.

  6. Increased risk of Man-in-the-Middle (MitM) attacks. Even if network traffic is encrypted, intercepting API keys at the development stage or exposing them in a code repository allows an attacker to inject themselves into the communication without having to break the encryption.

  7. The possibility of privilege escalation within the system by a malicious user. An employee who should not have access to external systems can use an easily accessible key to gain privileges beyond their role and perform unauthorized operations.

  8. Exposure to replay attacks, where a malicious user uses intercepted authentication data. An attacker with a valid API key can repeatedly resend authorized requests to an external service, causing chaos in the system.

  9. Problems with security audits. During an audit, security analysts will quickly identify the poor practice, which will lead them to issue a critical evaluation and question other procedures within the company.

  10. A poor security posture across the entire company. One bad practice often signals that security management is treated lightly, leading to further negligence and increasing the overall risk.


Financial and Reputational Consequences


  1. High financial penalties for GDPR or other regulatory violations. Fines can amount to millions of euros or up to 4% of a company's global annual revenue, which in extreme cases can lead to its collapse.

  2. Costs associated with conducting a post-breach investigation. The company must spend large sums on hiring cybersecurity experts to identify the source of the leak, assess its scale, and help remediate the consequences.

  3. Loss of trust from customers and business partners. A data breach causes customers to lose faith in the company, leading to mass departures. Business partners may terminate contracts, fearing for the security of their own data.

  4. A drop in company value on the market. News of a data leak often results in a decline in stock value and a loss of investor confidence, which can drastically lower the company's market capitalization.

  5. The need to pay compensation to affected individuals. Depending on legal regulations, the company may be forced to pay compensation to individuals whose data was leaked, generating additional, unplanned costs.

  6. Public relations costs to rebuild the reputation. The PR team must undertake intensive and costly efforts to repair the company's image, reassure customers, and convince the market that the situation is under control.

  7. Loss of revenue due to customer churn. Disenchanted by the lack of security, customers move to competitors, leading to a direct drop in revenue.

  8. Difficulty in acquiring new customers who value security. Potential new clients, especially those in the financial or medical sectors, conduct security audits, and exposed secrets will immediately deter them.

  9. Increased costs of cyber insurance. After an incident, insurers raise premiums, seeing the increased risk, or may even refuse to provide coverage.

  10. Loss of competitive advantage. While the company deals with the consequences of the leak, its competition can freely grow and capture the market.


Operational Consequences


  1. Difficulty in managing API keys (e.g., their rotation or invalidation). If a key is leaked from a Custom Label, rotation becomes a manual and tedious process, prone to human error. On a large scale, this is an operational nightmare.

  2. Lack of scalability for a solution that is rigidly embedded in the code. Different environments (dev, test, prod) require different keys, and hardcoding them prevents easy switching without manual changes. This slows down development and deployment processes.

  3. The need for manual key changes in multiple places in the event of a leak. If the same key is used in dozens of Apex classes, changing one element may require modifying and re-testing all those classes, which is time-consuming and risky.

  4. Complex and risky deployments if keys are in the code. Deploying new code requires verifying that it does not contain old keys or that they are properly secured.

  5. Difficulty in implementing development, testing, and production environments, as keys must be different in each. Developers often store keys in configuration files, which increases the risk of them being leaked and complicates version management.

  6. Slower development processes. Instead of focusing on writing functionality, developers must be careful about where they store credentials, which slows down their work.

  7. Duplication of work and human errors when manually copying keys. Manual operations are always risky and can lead to the introduction of incorrect keys, resulting in a system outage.

  8. Lack of centralized monitoring of key usage. Storing keys in Custom Labels makes it difficult to track who used which key and when, which is crucial for security audits.

  9. Problems with CI/CD process automation. Automated code deployment is impossible if developers have to manually change keys at each stage of the deployment pipeline.

  10. Access to keys by developers who should not have it. In teams where keys are easily accessible, developers may have access to production data, violating the Principle of Least Privilege.


Technical Consequences


  1. Hardcoding keys in code is a programming anti-pattern. It is a widely recognized bad practice that indicates a lack of knowledge of fundamental security principles and clean code.

  2. The risk that a key will be accidentally exposed in a public code repository (e.g., GitHub). A developer might mistakenly publish code containing a key, which almost immediately leads to its leak and detection by internet scanners.

  3. Violation of the Principle of Least Privilege. This principle states that every element of a system (user, application, process) should have access only to the resources it absolutely needs to perform its tasks. Public API keys violate this principle.

  4. Lower code quality and problems with its maintenance. Code with hardcoded keys is less flexible, harder to understand, and complicated to maintain.

  5. The inability to easily audit who used a particular key and when. If a key is in multiple places, it's hard to track its usage and identify potential misuse.

  6. Increased risk of system failure due to errors in key management. An incorrect key or its accidental change can cause the entire functionality to stop working, leading to an outage.

  7. Inability to easily block access for one developer without affecting the rest. If keys are in the code, blocking one developer's access would require changing the key throughout the system, which is inefficient.

  8. Creating code that is difficult for unit testing. Unit tests must be repeatable and independent. Code with hardcoded keys requires manually setting up test data, which is very difficult to automate.

  9. Problems with integration with modern secrets management systems. The company cannot use advanced systems for secure credential management because its code is not prepared for it.

  10. A higher risk of collision with other processes or data. Without proper management, keys can be used in an unforeseen way, leading to conflicts and errors in system operation.


Business and Personal Consequences


  1. Loss of staff trust in internal procedures. Employees, seeing that the company does not care about basic security, may lose motivation and respect for company standards.

  2. Decreased confidence in the IT department's competence. Poor key management indicates a lack of competence in the technical team, which undermines the confidence of management and other departments in IT.

  3. The risk of dismissal for employees responsible for the error. Developers and managers who allowed such a serious mistake to happen may lose their jobs.

  4. Legal liability of company management. In extreme cases, where a massive data breach occurs, company executives may face criminal charges.

  5. Stress and professional burnout for developers and administrators who have to deal with the consequences. Handling a security incident is a huge stressor that can lead to burnout and health problems.

  6. Loss of technology partners. Companies that offer APIs may terminate agreements with a client who violates their security policies by exposing keys.

  7. Increased risk of internal sabotage by a disgruntled employee. An employee who has access to keys can use them to deliberately harm the company, for example, by deleting data or blocking services.

  8. Difficulty in attracting qualified specialists who are aware of bad practices. Experienced IT and security specialists will immediately notice poor practices and will not want to work in such an environment.

  9. The need to incur additional costs for security training. After an incident, the company must invest in expensive training to ensure similar mistakes do not happen in the future.

  10. A sense of helplessness and loss of control over the IT infrastructure. The lack of centralized secrets management makes managers and technical leaders lose a sense of control over the system, which can lead to decision-making paralysis.


Share your thoughts and contact me if you wish to perform Salesforce audit inside of your company. You're all welcome.

Comments

Stay updated, Subscribe:

Thanks for submitting!

bottom of page