A Practical Approach to Just-in-Time Access for Developers

You're the DBA or maybe the Sysadmin at your company. Whatever your title, you’re the gatekeeper, and the key master for your company's database servers. You stay awake at night wondering if you’ve done everything you can to safeguard your database systems. But all those application developers need, errr want, access to production databases and servers. Whether it's relational databases like Oracle, SQL Server or PostgreSQL, a NoSQL document store,

Read more

strongDM for Admins— Getting Started

You’ve done it— you’ve taken the plunge. You’re ready to move away from complicated user management like LDAP, ready to stop worrying about private keys existing on developer laptops, and ready to up your compliance game with audit trails all of your SSH and database sessions. You’re ready to move forward and implement strongDM in you infrastructure. Lucky for you, getting started is ridiculously easy. In this post we’ll cover

Read more

How To: Remove Developers from the AWS Console

Gone are the days of sharing AWS root account credentials in a shared 1Password vault. Or worse, via email. Bringing new developers to the team increases our chances of the main credentials leaking or getting into the wrong hands. A root credential compromise is game over: an attacker has full access to your AWS account and can wreak havoc. On top of that, most employees don’t even need direct access

Read more

3 ways to Implement Role-Based Access Controls for Kubernetes

Kubernetes role-based access control (RBAC) on paper seems totally sensical. It’s obvious: of course an organization would want to enforce user and application access policies to a cluster. The Kubernetes official documentation provides a lot of guidance on how RBAC API objects work, but there’s little on best practices of how to deploy it in a functional way for an organization. The developer tried and true Google-fu method on “Kubernetes best practices” turns up

Read more

Provisioning Your People to be Productive

You just hired a new employee, great news! Luckily you have an easy onboarding process to get them access to all of the systems that they will need to access… right? If you just had a moment of panic, then keep reading because you're not alone.  Standardize Roles  Granting access to your databases and servers for a new user can be a painful process if you have to do it

Read more

Implement a BYOD Policy | Best Practices for SOC 2 Compliance

Writing Your BYOD PolicyThis article will point you to the core concepts of BYOD, removable device, and cloud storage policies so that you understand best practices before writing your own. Removable media, cloud storage, and BYOD devices can be a quick and convenient way for employees to handle data.  But with this convenience comes some serious security concerns. Unprotected removable storage is an easy entry point for end users to

Read more

How To Make Network Segmentation More Secure And Less Difficult For Everyone

Why Network Segmentation Is Hard Very few things frustrate me more than administrative roadblocks that slow me down or make it more difficult to do work. I want to get from staging to production with as little interference as possible. The question every engineering team faces is how to allow that without compromising security? That’s the challenge of network segmentation. The goal is a segmentation strategy that creates enough segmentation

Read more

Writing Your Security Incident Response Policy

Writing Your Security Incident Response PolicyThis article will point you to the core concepts within the SIRP so that you understand the purpose of this policy before writing your own. The Security Incident Response Policy (SIRP) establishes that your organization has the necessary controls to detect security vulnerabilities and incidents, as well as the processes and procedures to resolve them.  The tricky thing about this policy is that it needs

Read more