In this policy, you will define the controls, monitoring, and removal of physical access to your company’s facilities.
Posts by Category:
- Security
- Access
- Auditing
- Policy
- SOC 2
- Privileged Access Management
- Compliance
- Identity and Access Management
- Zero Trust
- Compare
- Team
- Authentication
- Databases
- DevOps
- Integrations
- Product
- Podcasts
- Productivity
- AWS
- ISO 27001
- SSH
- Dynamic Access Management
- Role-Based Access Control
- Kubernetes
- Observability
- Secure Access Service Edge
- Webinars
- Events
- HIPAA
- Engineering
- NIST
- Onboarding
- Passwordless
- Offsites
- PCI
- Platform
Bring your own device, can be tricky to regulate. At a minimum, your BYOD policy should define certain requirements to help secure your network.
Production incidents typically require elevated permission to get your services back online quickly, these can be automated.
John Noss is a Senior Site Reliability Engineer at ASICS Digital, formerly Run Keeper. In this talk, he shares how ASICS Digital builds 12-Factor apps with an emphasis on infrastructure.
In this talk, Jim Mortko (responsible for leading all Internet-based engineering and digital production efforts) and DevOps Engineer Manuel Maldonado, they discuss how Hearst eliminated DevOps complexity through automation and tooling decisions. Listen as they walk through their services and application architecture and download the slides now.
Chris Becker is an SRE at Betterment. Previously, he did similar work on Warby Parker's Infrastructure team. At Betterment, he earned the label APT (advanced persistent threat) thanks to consistently tripping alarms with his peculiar scripts and commands. In this talk, he discusses how Betterment's approach to server access controls evolved as the team grew exponentially. With more people and keys to manage, the SRE team needed to find ways to automate more and reduce the maintenance overhead.
Cat Cai is currently the Director of Platform Engineering at Fair. In this talk, alongside Jack Wink and Marshall Brekka, they discuss how Fair eliminated static credentials through automation and tooling decisions. Listen as they walk through how they make sure they enforce least privileged access, and rotate credentials without causing a huge headache in the organization.
Check out all speaker highlights from DevSecOps 2019!
Joel Fulton is the Chief Information Security Officer for Splunk. At Splunk, they've put effort into transforming their organization from a waterfall approach to agile, to now a DevSecOps approach.
Gravitational Teleport is a powerful tool allowing organizations to secure access to SSH servers and Kubernetes clusters via a centralized authentication method. However, if you need to secure access to databases, Windows servers or internal web applications in addition to Linux servers/Kubernetes, there are other options to consider.
SOC 2 compliance, like so many things related to IT and security, is chock full of terms and acronyms to learn. If you are just getting started with SOC 2, it’s helpful to get familiar with this alphabet soup ahead of time so you can move your compliance efforts forward with confidence. Below is a SOC 2 terminology glossary to get you started:
This article will point you to the core concepts within a security incident response policy (SIRP) so that you understand the purpose of this policy, challenges, and tools to consider when writing your own.
