StrongDM Blog (20)

Software Development Life Cycle (SDLC) Policy

A software development lifecycle (SDLC) policy helps your company not suffer a similar fate by ensuring software goes through a testing process, is

AWS Console Alternative, Secure AWS Management

Gone are the days of sharing AWS root account credentials in a shared 1Password vault or worse, via email. With this in mind, one of the first steps

Posts by Category:

3 Costly Cloud Infrastructure Misconfigurations

It has never been easier for your company to build new infrastructure. In just a few clicks, you can spin up shiny new servers and databases in the cloud and start using them in seconds. However, in the rush to deploy new services so quickly, companies often let information security be an ...

DevSecOps: The Core Curriculum Opening Remarks

Listen to CEO Liz Zalman give opening remarks at the 2019 DevSecOps conference!

Connecting Postgres to Active Directory for Authentication

While primarily geared towards developers, PostgreSQL is also designed to help system administrators safely and robustly store information in databases. In this post, we will demonstrate how to install a PostgreSQL database and then configure Active Directory users to authenticate to it.

Physical Facility Access Policy Best Practices

In this policy, you will define the controls, monitoring, and removal of physical access to your company’s facilities.

BYOD Policy | Best Practices to Help Keep Your Network Secure

Bring your own device, can be tricky to regulate. At a minimum, your BYOD policy should define certain requirements to help secure your network.

On-Call Management | Automating Access with PagerDuty and StrongDM

Production incidents typically require elevated permission to get your services back online quickly, these can be automated.

Why ASICS Digital Builds 12-Factor Apps with a Focus on Infrastructure

John Noss is a Senior Site Reliability Engineer at ASICS Digital, formerly Run Keeper. In this talk, he shares how ASICS Digital builds 12-Factor apps with an emphasis on infrastructure.

How Hearst Eliminates DevOps Complexity -- An Architecture Review

In this talk, Jim Mortko (responsible for leading all Internet-based engineering and digital production efforts) and DevOps Engineer Manuel Maldonado, they discuss how Hearst eliminated DevOps complexity through automation and tooling decisions. Listen as they walk through their services and application architecture and download the slides now.

How Betterment Secures Server Access - Automate the Boring Stuff

Chris Becker is an SRE at Betterment. Previously, he did similar work on Warby Parker's Infrastructure team. At Betterment, he earned the label APT (advanced persistent threat) thanks to consistently tripping alarms with his peculiar scripts and commands. In this talk, he discusses how Betterment's approach to server access controls evolved as the team grew exponentially. With more people and keys to manage, the SRE team needed to find ways to automate more and reduce the maintenance overhead.

Why Fair Eliminated Static Credentials -- A Retrospective

Cat Cai is currently the Director of Platform Engineering at Fair. In this talk, alongside Jack Wink and Marshall Brekka, they discuss how Fair eliminated static credentials through automation and tooling decisions. Listen as they walk through how they make sure they enforce least privileged access, and rotate credentials without causing a huge headache in the organization.

DevSecOps Conference Highlights | Speakers from Splunk, Betterment, Fair, ASICS

Check out all speaker highlights from DevSecOps 2019!

How Splunk Built A Practical Approach to DevSecOps At Scale

Joel Fulton is the Chief Information Security Officer for Splunk. At Splunk, they've put effort into transforming their organization from a waterfall approach to agile, to now a DevSecOps approach.

18 19 20 21 22 24

StrongDM app UI showing available infrastructure resources

Connect your first server or database, without any agents, in 5 minutes.

Try it free

blog

Software Development Life Cycle (SDLC) Policy

AWS Console Alternative, Secure AWS Management

Posts by Category: