You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
a recent discussion has taken place about how best to address enterprise customer concerns on policies relating to holding of customer data.
While this issue isn't going to target a full solution to this problem, there are some key points that I feel most projects should adhere to.
I fully expect this to turn into a sliding scale, where basic requirements are:
per user access to services
every developer has most rights for ease of use
bastion service for accessing service ports on infrastructure
to super hardened, where requirements are:
per user access to services, with enforced MFA (maybe all of "what you know", "what you have", "what you are")
follow principle of least privilege
auditable access to sensitive material
The text was updated successfully, but these errors were encountered:
a recent discussion has taken place about how best to address enterprise customer concerns on policies relating to holding of customer data.
While this issue isn't going to target a full solution to this problem, there are some key points that I feel most projects should adhere to.
I fully expect this to turn into a sliding scale, where basic requirements are:
to super hardened, where requirements are:
The text was updated successfully, but these errors were encountered: