🥽Break the Glass, please—we have an emergency

publishedover 1 year ago
1 min read

Danger! Danger Will Robinson!

Ok, maybe you don’t have anyone named Will Robinson on your operational on-call rotations. If not, you really should. It’s fun to wave your hands, yell “Danger! Danger!” and watch them roll their eyes at you. But I digress…

When building modern applications, managing permissions during operational events is a tricky problem.

Do you give your engineers access to everything? That’s dangerous and goes against all basic production security best practices. Have you ever seen how much harm an engineer can do to production at 2 o’clock in the morning without their coffee? To say nothing about what would happen if their credentials were compromised to a bad actor…

No, the best practice is to give your engineers as little access as possible. Then, escalate their permissions as needed during operational events only if and when it is needed.

But how do you create a process to escalate your engineers permissions during operational events without opening yourself up to the same dangerous activities you were trying to avoid in the first place?

Well, let me give you four strategies for how to give your engineers escalated permissions without sacrificing the security best practices that keeps your Chief Security Officer awake at night…dreaming of the robot waving his hands and yelling “Danger! Danger!”.

Software Architecture Insights with Lee Atchison

Lee Atchison is a software architect, author, public speaker, and recognized thought leader on cloud computing and application modernization. His most recent book, Architecting for Scale, 2nd Edition (O’Reilly Media), is an essential resource for technical teams looking to maintain high availability and manage risk in their cloud environments. Lee has been widely quoted in multiple technology publications, including InfoWorld, Diginomica, IT Brief, Programmable Web, CIO Review, and DZone, and has been a featured speaker at events across the globe.

Read more from Software Architecture Insights with Lee Atchison