<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">
How much is access costing your organization? Find out now with our ROI calculator.
blog /
SSH Audit Made Simple

SSH Audit Made Simple

SSH audit logs allow you to determine, either retroactively or in real-time, when an unauthorized or destructive action was taken, and by whom.
Everything You Need to Know About SOC 2 Audits

Everything You Need to Know About SOC 2 Audits

Whether you’re looking to achieve SOC 2 compliance, or just want to learn more about it, your Googling is bound to lead you to a wealth of articles chock full of buzzwords and acronym soup. ‍In this post, we will provide a guide with definitions, links and resources to gain a solid understanding of everything you need to know about SOC 2 audits.
A Definitive Guide to SOC 2 Policies

A Definitive Guide to SOC 2 Policies

In this post, we will help you get started with a hierarchy to follow, as well as a summary of each individual SOC 2 policy.
A Practical Approach to Just-in-Time (JIT) Access for Developers

A Practical Approach to Just-in-Time (JIT) Access for Developers

Should application developers have access to production database systems? This is a question as old as Vampires and Werewolves.
Software Development Life Cycle (SDLC) Policy

Software Development Life Cycle (SDLC) Policy

A software development lifecycle (SDLC) policy helps your company not suffer a similar fate by ensuring software goes through a testing process, is built as securely as possible, and that all development work is compliant as it relates to any regulatory guidelines and business needs.‍Here are some primary topics your software development lifecycle policy and software development methodology should cover
AWS Console Alternative, Secure AWS Management

AWS Console Alternative, Secure AWS Management

Gone are the days of sharing AWS root account credentials in a shared 1Password vault or worse, via email. With this in mind, one of the first steps to securing our AWS account is setting up AWS IAM.
3 Costly Cloud Infrastructure Misconfigurations

3 Costly Cloud Infrastructure Misconfigurations

It has never been easier for your company to build new infrastructure.  In just a few clicks, you can spin up shiny new servers and databases in the cloud and start using them in seconds.   However, in the rush to deploy new services so quickly, companies often let information security be an ...
Physical Facility Access Policy Best Practices

Physical Facility Access Policy Best Practices

In this policy, you will define the controls, monitoring, and removal of physical access to your company’s facilities.
BYOD Policy | Best Practices to Help Keep Your Network Secure

BYOD Policy | Best Practices to Help Keep Your Network Secure

Bring your own device, can be tricky to regulate. At a minimum, your BYOD policy should define certain requirements to help secure your network.
On-Call Management | Automating Access with PagerDuty and StrongDM

On-Call Management | Automating Access with PagerDuty and StrongDM

Production incidents typically require elevated permission to get your services back online quickly, these can be automated.
Why Fair Eliminated Static Credentials -- A Retrospective

Why Fair Eliminated Static Credentials -- A Retrospective

Cat Cai is currently the Director of Platform Engineering at Fair. In this talk, alongside Jack Wink and Marshall Brekka, they discuss how Fair eliminated static credentials through automation and tooling decisions. Listen as they walk through how they make sure they enforce least privileged access, and rotate credentials without causing a huge headache in the organization.
How Splunk Built A Practical Approach to DevSecOps At Scale

How Splunk Built A Practical Approach to DevSecOps At Scale

Joel Fulton is the Chief Information Security Officer for Splunk. At Splunk, they've put effort into transforming their organization from a waterfall approach to agile, to now a DevSecOps approach.
9 Tips for an Effective Security Incident Response Policy (SIRP)

9 Tips for an Effective Security Incident Response Policy (SIRP)

Important core concepts within the SIRP so that you understand the purpose of this policy before writing your own.
Token Security Podcast | Senior Engineering Director at Zymergen on Code Reviews

Token Security Podcast | Senior Engineering Director at Zymergen on Code Reviews

At Token Security our goal is to teach the core curriculum for modern DevSecOps. Each week we will deep dive with an expert so you walk away with practical advice to apply to your team today. No fluff, no buzzwords. This week Jeff Burkhart, Senior Engineering Director at Zymergen talks code reviews, code review fatigue, and what to do when agile becomes tedious.
StrongDM app UI showing available infrastructure resources
Connect your first server or database, without any agents, in 5 minutes.