Peter Tormey

A Practical Approach to Just-in-Time Access for Developers

October 15, 2019

You're the DBA or maybe the Sysadmin at your company. Whatever your title, you’re the gatekeeper, and the key master for your company's database servers. You stay awake at night wondering if you’ve done everything you can to safeguard your database systems. But all those application developers need, errr want, access to production databases and servers. Whether it's relational databases

Read more
Chris Becker
Site Reliability Engineer Betterment

strongDM for Admins— Getting Started

October 10, 2019

You’ve done it— you’ve taken the plunge. You’re ready to move away from complicated user management like LDAP, ready to stop worrying about private keys existing on developer laptops, and ready to up your compliance game with audit trails all of your SSH and database sessions. You’re ready to move forward and implement strongDM in you infrastructure. Lucky for you,

Read more
Tobias Macey
Host, Data Engineering Podcast

Provisioning Your People to be Productive

August 19, 2019

You just hired a new employee, great news! Luckily you have an easy onboarding process to get them access to all of the systems that they will need to access… right? If you just had a moment of panic, then keep reading because you're not alone.  Standardize Roles  Granting access to your databases and servers for a new user can

Read more

Implement a BYOD Policy | Best Practices for SOC 2 Compliance

August 8, 2019

Writing Your BYOD PolicyThis article will point you to the core concepts of BYOD, removable device, and cloud storage policies so that you understand best practices before writing your own. Removable media, cloud storage, and BYOD devices can be a quick and convenient way for employees to handle data.  But with this convenience comes some serious security concerns. Unprotected removable

Read more

How To Make Network Segmentation More Secure And Less Difficult For Everyone

July 16, 2019

Why Network Segmentation Is Hard Very few things frustrate me more than administrative roadblocks that slow me down or make it more difficult to do work. I want to get from staging to production with as little interference as possible. The question every engineering team faces is how to allow that without compromising security? That’s the challenge of network segmentation.

Read more
Brian Johnson

Writing Your Security Incident Response Policy

June 27, 2019

This article will point you to the core concepts within the SIRP so that you understand the purpose of this policy before writing your own. The Security Incident Response Policy (SIRP) establishes that your organization has the necessary controls to detect security vulnerabilities and incidents, as well as the processes and procedures to resolve them.  The tricky thing about this

Read more