This guide breaks down the types of compliance audits (regulatory, security, financial, and operational), the frameworks they map to, and the real challenges most teams face, like privileged access sprawl and manual tracking.
Latest blog posts from StrongDM
PostgreSQL or MySQL? It’s the age-old database debate. PostgreSQL shines for complex, write-heavy workloads, rich data types, and ACID compliance. MySQL is fast, lightweight, and perfect for read-heavy web apps and MVPs.
SSH ProxyJump (the -J flag) is a more streamlined way to hop between SSH hosts using one or more bastion hosts. Instead of chaining multiple manual connections, ProxyJump creates a single end-to-end SSH session through the specified jump hosts. It was introduced in OpenSSH 7.5 to simplify access to servers that sit behind firewalls or live in private networks.
A breach isn’t a matter of if, it’s when. In 2023 alone, around 97 million accounts were breached in the US, accounting for one in three cases worldwide. Whether it’s a rogue insider, a phishing attack, or a third-party screwup, your best shot at bouncing back fast is having a clear, tested data breach response plan. This guide walks you through what to include: governance roles, incident severity levels, NIST-based response steps, legal obligations (like GDPR, HIPAA, and CCPA), and
Learn how to create tables in PostgreSQL using psql or pgAdmin. Master data types, constraints, and schema design, and secure access with StrongDM's fine-grained permissions and audit trails.
Learn how to list MySQL users using SQL queries and GUI tools like Workbench and phpMyAdmin. Discover how to check privileges, manage accounts, and secure access with best practices, and see how StrongDM simplifies MySQL user management.
Kubernetes security is the practice of protecting containerized workloads and cluster components from unauthorized access, misconfigurations, and vulnerabilities. It involves securing the infrastructure, clusters, containers, and application code through layered controls like RBAC, network policies, image scanning, and runtime protection.
PostgreSQL doesn’t come with a default password. And while that might seem like a security feature, leaving it unset can be just as risky. Understanding how Postgres handles authentication—from pg_hba.conf rules to encryption types like MD5 and SCRAM—is essential for keeping your database secure. Missteps in configuration or password management can open the door to unauthorized access.
SSH is the backbone of remote access on Linux systems—and if you're running Ubuntu, enabling SSH is often one of the first things you'll do. But enabling it securely is what really matters. From installing OpenSSH and adjusting firewalls to enforcing key-based authentication and disabling root login, a secure setup takes more than just flipping a switch .This guide walks you through every step, plus how to make SSH access safer and simpler with centralized control, just-in-time access, and full
Listing tables in PostgreSQL is a basic yet essential task—whether you're debugging, automating CI/CD, or exploring a new database. But with sensitive data at stake, how you access matters. This guide covers common methods and how to secure them with centralized access, audit logs, and least-privilege controls.
Linux file permissions control who can read, write, or execute files—crucial for system security. But with special bits, ACLs, and recursive commands, managing them can get tricky. This guide simplifies permissions and shows how to manage them safely with centralized access, audit logging, and role-based control—so you’re not stuck juggling chmod and chown alone.
Linux powers everything—from servers to IoT devices—and with that power comes a big responsibility: security. Linux security is all about protecting your systems from breaches, misconfigurations, and evolving threats without compromising performance. This guide explores everything from kernel-level protections to enterprise-grade defense strategies—and shows how to simplify Linux security by unifying access, enforcing Zero Trust, and replacing static credentials with identity-based access that
One of the most common and straightforward ways to list all groups in Linux systems is by leveraging the Linux "list groups" command. However, this isn’t the only way. There are several alternative methods, such as the "getent" command, the "/etc/group" file, and the "id" command. This guide will explore these methods in detail, so read on to get the full scoop.
Security breaches make headlines, while compliance audits keep teams on edge. The pressure to protect data and meet regulatory requirements is mounting—and often, the lines between security and compliance get blurred. Are they the same thing? Are they working in tandem—or pulling in different directions? This post breaks it down: what security and compliance are, how they intersect, where they differ, and most importantly, how your organization can align the two effectively.
