How Orange Business Transformed Secrets Security with a Prevention-First Approach

Grégory Maitrallain, Solution Architect at Orange Business, addressed the challenges of secrets management at an enterprise scale during Les Assises de la Cybersécurité, highlighting Orange Business's strategy to curb secrets sprawl among its 3,000 developers. The company initially employed GitLeaks to manage secrets, but faced difficulties with false positives and adoption across diverse projects. Recognizing the need for more effective solutions, they transitioned to GitGuardian, which significantly reduced false positives and enhanced developer trust. GitGuardian's accuracy and lifecycle management proved crucial in maintaining secret security, enabling a shift towards prevention rather than remediation. This approach aligns with the NIS 2 Directive's regulatory requirements and emphasizes the importance of developer collaboration and phased rollouts to gain confidence and ensure compliance. Orange Business's three-layer defense strategy, which includes pre-commit, pre-receive, and post-commit scanning, underscores the importance of integrating security seamlessly into developer workflows. As they expand GitGuardian scanning across other organizational platforms, the focus remains on preventing secret leaks and fostering a security culture that works with developers, not against them.