It has never been easier for your company to build new infrastructure. In just a few clicks, you can spin up shiny new servers and databases in the cloud and start using them in seconds. However, in the rush to deploy new services so quickly, companies often let information security be an ...
Posts by Category:
- Security
- Access
- Auditing
- Policy
- SOC 2
- Privileged Access Management
- Compliance
- Identity and Access Management
- Compare
- Zero Trust
- Team
- Databases
- DevOps
- Authentication
- Integrations
- Product
- Podcasts
- Productivity
- AWS
- ISO 27001
- SSH
- Dynamic Access Management
- Role-Based Access Control
- Kubernetes
- Observability
- Secure Access Service Edge
- Webinars
- Events
- HIPAA
- Engineering
- NIST
- Onboarding
- Passwordless
- Offsites
- PCI
- Platform
In this policy, you will define the controls, monitoring, and removal of physical access to your company’s facilities.
Bring your own device, can be tricky to regulate. At a minimum, your BYOD policy should define certain requirements to help secure your network.
Production incidents typically require elevated permission to get your services back online quickly, these can be automated.
Cat Cai is currently the Director of Platform Engineering at Fair. In this talk, alongside Jack Wink and Marshall Brekka, they discuss how Fair eliminated static credentials through automation and tooling decisions. Listen as they walk through how they make sure they enforce least privileged access, and rotate credentials without causing a huge headache in the organization.
Joel Fulton is the Chief Information Security Officer for Splunk. At Splunk, they've put effort into transforming their organization from a waterfall approach to agile, to now a DevSecOps approach.
This article will point you to the core concepts within a security incident response policy (SIRP) so that you understand the purpose of this policy, challenges, and tools to consider when writing your own.
At Token Security our goal is to teach the core curriculum for modern DevSecOps. Each week we will deep dive with an expert so you walk away with practical advice to apply to your team today. No fluff, no buzzwords. This week Jeff Burkhart, Senior Engineering Director at Zymergen talks code reviews, code review fatigue, and what to do when agile becomes tedious.
Despite thousands of articles, there’s shockingly little actionable advice to help startups complete SOC 2. One area that usually requires some remediation is access controls. Most teams don’t have answers when auditors ask “who has access to a specific database or server and what queries did they execute?” That’s why we started strongDM- to manage and monitor access to every database, server, & environment.
How to create an SSH key for your bastion host and ways you can streamline the bastion host login process without compromising the security of the key.
Step-by-step instructions on how to create a bastion host plus how to create an audit trail by logging SSH commands.
This week we are joined by Daniel Leslie at Namely who shares his take on the human side of security, and what security at scale looks like for his team. Max, Justin, and Daniel discuss the 3 core things to good company-wide security: psychological safety, vulnerability, and purpose. You have to address these things in a comprehensive manner.
In this episode Max Saltonstall and Justin McCarthy are joined by Alan Daines, Chief Information Security Officer at FactSet to talk about phishing, educating on it, and defending against it.
Data center security refers to the protection of data centers against threats such as cyber-attacks, natural disasters, and human error. The number of data centers has increased significantly over the last decade, and so has the amount of security-related disasters. In 2022, the global data center ...
