Writing Your BYOD PolicyThis article will point you to the core concepts of BYOD, removable device, and cloud storage policies so that you understand best practices before writing your own. Removable media, cloud storage, and BYOD devices can be a quick and convenient way for employees to handle data. But with this convenience comes some serious security concerns. Unprotected removable storage is an easy entry point for end users to
If you manage any system that requires consistent availability then you are probably already familiar with services like PagerDuty. For those of you who are unfamiliar with on-call management, it is a class of services that integrates with your monitoring and alerting systems to ensure that someone gets notified of issues in a timely manner. Typically there is a team who shares the responsibility of being on call on a
How ASICS Digital Created a Culture of You Build it, You Run it John Noss is a Senior Site Reliability Engineer at ASICS Digital, formerly Run Keeper. In this talk, he shares how ASICS Digital builds 12-Factor apps with an emphasis on infrastructure. Listen as they walk through how and why they made a dev culture of 'You Build It, You Run It' and download the slides now.
Hearst Eliminates DevOps Complexity with Automation Jim Mortko is responsible for leading all Internet-based engineering and digital production efforts, along with ecommerce and marketing initiatives that support Hearst Magazines’ diverse units including 20 U.S. magazines, Hearst Digital Media, the Hearst App Lab and Hearst Magazines UK. He is credited with spearheading the launch of five internal systems, along with supporting the launch of more than 10 websites. In this talk,
Chris Becker, SRE, Betterment Chris Becker is an SRE at Betterment. Previously, he did similar work on Warby Parker's Infrastructure team. At Betterment, he earned the label APT (advanced persistent threat) thanks to consistently tripping alarms with his peculiar scripts and commands. In this talk, he discusses how Betterment's approach to server access controls evolved as the team grew exponentially. With more people and keys to manage, the SRE team
Fair Eliminates Static Credentials with strongDM Cat Cai is currently the Director of Platform Engineering at Fair. In this talk, alongside Jack Wink and Marshall Brekka, they discuss how Fair eliminated static credentials through automation and tooling decisions. Listen as they walk through how they make sure they enforce least privileged access, and rotate credentials without causing a huge headache in the organization.
Why would I need to audit my production systems?First reason: Legal RequirementsSome regulated environments requires that access and action on a database be tracked.The image below is a capture of version 3.2.1 of the PCIDSS standard:For health data the Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information is a bit less prescriptive but the obligation results in a good audition system in place:“Persons and entities
See What You MissedWatch highlights from all the speakers DevSecOps: The Core Curriculum Opening Remarks By Laura Franzese August 25, 2019 Blog, Conference DevSecOps: The Core Curriculum -- opening remarks My brother like 15 years ago asked me what song I would come up to if… Read more Why ASICS Digital Builds 12-Factor Apps with a Focus on Infrastructure By Laura Franzese August 1, 2019 Blog, Conference, Uncategorized How ASICS
What Splunk Does Joel Fulton is the Chief Information Security Officer for Splunk. At Splunk, they've put effort into transforming their organization from a waterfall approach to agile, to now a DevSecOps approach. In case you're not familiar, Splunk is a software development company focused on machine data aggregation. They collect your data on to your on-prem and they count on you to manage and protect that. Splunk relies on
Why Network Segmentation Is Hard Very few things frustrate me more than administrative roadblocks that slow me down or make it more difficult to do work. I want to get from staging to production with as little interference as possible. The question every engineering team faces is how to allow that without compromising security? That’s the challenge of network segmentation. The goal is a segmentation strategy that creates enough segmentation