What Would My SOC 2 Dashboard Look Like?

As your organization pursues your SOC 2 certification, organization is critical.  You will be busy actively managing dozens of ongoing daily tasks, which can bury you in minutiae.  But at the same time, you need to keep your high-level compliance goals in focus in order to successfully move your certification over the finish line.  In this post, we will look at all the components your SOC 2 “dashboard” should contain

Read more

Everything You Need to Know About SOC 2 Audits

Whether you’re looking to achieve SOC 2 compliance, or just want to learn more about it, your Googling is bound to lead you to a wealth of articles chock full of buzzwords and acronym soup. In this post, we will provide a guide with definitions, links and resources to gain a solid understanding of everything you need to know about SOC 2 audits. What is SOC 2? SOC 2 is

Read more

The Definitive Guide to SOC 2 Policy Frameworks

If this is your first time pursuing SOC 2 certification, you will quickly find that documentation is the cornerstone of a successful audit.  Writing clear, concise policies is especially critical, and if you don’t currently have a policy structure in place, it can be difficult to figure out which policies you need.  In this post, we will help you get started with a hierarchy to follow, as well as a

Read more

A Practical Approach to Just-in-Time Access for Developers

You're the DBA or maybe the Sysadmin at your company. Whatever your title, you’re the gatekeeper, and the key master for your company's database servers. You stay awake at night wondering if you’ve done everything you can to safeguard your database systems. But all those application developers need, errr want, access to production databases and servers. Whether it's relational databases like Oracle, SQL Server or PostgreSQL, a NoSQL document store,

Read more

strongDM for Admins— Getting Started

You’ve done it— you’ve taken the plunge. You’re ready to move away from complicated user management like LDAP, ready to stop worrying about private keys existing on developer laptops, and ready to up your compliance game with audit trails all of your SSH and database sessions. You’re ready to move forward and implement strongDM in you infrastructure. Lucky for you, getting started is ridiculously easy. In this post we’ll cover

Read more

Software Development Lifecycle Policy | A Practical Guide to SOC2

With headline-grabbing software vulnerabilities becoming more and more prevalent, now is the time to tighten up your development practices into a well-written SDLC policy. This particular information security policy will help your development teams standardize on coding tools and practices, as well as get everybody on the same page from a security standpoint. And come the time when you do have a incident, you will be able to demonstrate to your customers that you do indeed take their security seriously - it’s not just lip service.

Read more

How To: Remove Developers from the AWS Console

Gone are the days of sharing AWS root account credentials in a shared 1Password vault. Or worse, via email. Bringing new developers to the team increases our chances of the main credentials leaking or getting into the wrong hands. A root credential compromise is game over: an attacker has full access to your AWS account and can wreak havoc. On top of that, most employees don’t even need direct access

Read more

3 ways to Implement Role-Based Access Controls for Kubernetes

Kubernetes role-based access control (RBAC) on paper seems totally sensical. It’s obvious: of course an organization would want to enforce user and application access policies to a cluster. The Kubernetes official documentation provides a lot of guidance on how RBAC API objects work, but there’s little on best practices of how to deploy it in a functional way for an organization. The developer tried and true Google-fu method on “Kubernetes best practices” turns up

Read more

DevSecOps: The Core Curriculum Opening Remarks

DevSecOps: The Core Curriculum -- opening remarks My brother like 15 years ago asked me what song I would come up to if I were a pro wrestler. There are two. That was one of them. The second one is going to introduce our very first speaker. So Hey, everybody, what's up? I'm Liz. I am the co founder and CEO of strongDM. I'm going to start off by telling

Read more

Connecting Postgres to Active Directory for Authentication

PostgreSQL is an open-source database system that is a popular choice for managing data and building applications.  While primarily geared towards developers, PostgreSQL is also designed to help system administrators safely and robustly store information in databases.  And because many networks use Active Directory to manage users and their resource permissions, it makes sense to tie PostgreSQL into this authentication configuration as well.   In this post, we will demonstrate how

Read more