So you’re ready to move away VPN or from complicated user management like LDAP, ready to stop worrying about private keys existing on developer laptops, and ready to up your compliance game with audit trails on all of your SSH and database sessions.
Posts by Category:
- Security
- Access
- Auditing
- Policy
- Privileged Access Management
- Zero Trust
- SOC 2
- Compliance
- DevOps
- Authentication
- Identity and Access Management
- Databases
- Compare
- Team
- Product
- Integrations
- AWS
- Podcasts
- Productivity
- Kubernetes
- SSH
- HIPAA
- ISO 27001
- Dynamic Access Management
- Engineering
- Observability
- Role-Based Access Control
- Secure Access Service Edge
- Webinars
- Events
- NIST
- Onboarding
- Passwordless
- Offsites
- Platform
- PCI
A software development lifecycle (SDLC) policy helps your company not suffer a similar fate by ensuring software goes through a testing process, is built as securely as possible, and that all development work is compliant as it relates to any regulatory guidelines and business needs.Here are some primary topics your software development lifecycle policy and software development methodology should cover
Gone are the days of sharing AWS root account credentials in a shared 1Password vault or worse, via email. With this in mind, one of the first steps to securing our AWS account is setting up AWS IAM.
It has never been easier for your company to build new infrastructure. In just a few clicks, you can spin up shiny new servers and databases in the cloud and start using them in seconds. However, in the rush to deploy new services so quickly, companies often let information security be an ...
Listen to CEO Liz Zalman give opening remarks at the 2019 DevSecOps conference!
While primarily geared towards developers, PostgreSQL is also designed to help system administrators safely and robustly store information in databases. In this post, we will demonstrate how to install a PostgreSQL database and then configure Active Directory users to authenticate to it.
In this policy, you will define the controls, monitoring, and removal of physical access to your company’s facilities.
BYOD lets employees use their own smartphones, tablets, or laptops to access company resources and perform work-related tasks, allowing them to work from anywhere. This practice offers advantages like increased productivity and company savings on hardware costs. Employees are often more proficient with their own devices, which can mean a more comfortable work environment and result in higher job satisfaction.
Production incidents typically require elevated permission to get your services back online quickly, these can be automated.
John Noss is a Senior Site Reliability Engineer at ASICS Digital, formerly Run Keeper. In this talk, he shares how ASICS Digital builds 12-Factor apps with an emphasis on infrastructure.
In this talk, Jim Mortko (responsible for leading all Internet-based engineering and digital production efforts) and DevOps Engineer Manuel Maldonado, they discuss how Hearst eliminated DevOps complexity through automation and tooling decisions. Listen as they walk through their services and application architecture and download the slides now.
Chris Becker is an SRE at Betterment. Previously, he did similar work on Warby Parker's Infrastructure team. At Betterment, he earned the label APT (advanced persistent threat) thanks to consistently tripping alarms with his peculiar scripts and commands. In this talk, he discusses how Betterment's approach to server access controls evolved as the team grew exponentially. With more people and keys to manage, the SRE team needed to find ways to automate more and reduce the maintenance overhead.
