undefined | Better HN

0 pointsaerostable_slug5y ago0 comments

Me consulting at a major media company, paraphrasing:"It's, um, interesting that most of the development staff has ssh to essentially every production system as well as sudo privileges. And logging isn't super great."

PHB: "They need access to all the systems."

Me: "Well, um, what if one of them got disgruntled and just tossed some malicious JS in one of your many, many front end servers? Given the procedures here, it would be unlikely anyone would stumble across it, but they'd get a good amount of hits before the browsers block the entire site and traffic precipitously drops."

PHB: "Nobody would ever actually do that. Besides: we have to give them access. (looks at me as if he's explaining something to a five year old) We're a devops shop..."

0 comments

6 comments · 1 top-level

malka5y ago· 5 in thread

With GDPR, it's not really kosher to give devs access to production database if it contains data about people.

fendy30025y ago

Honest question, who can keep the access to production in the eye of GDPR?

saratogacx5y ago

Operations staff gets access to production machines with Operations being explicitly forbidden from producing code that runs on the systems.

There are still vectors for bad actors of course, but the idea is to firewall those who write the code from those who run it.

malka5y ago

the production team can. it has made very hard to debug. Now the production team has to do most of the debug work, they have to give us anonymised data (and you cant turn personal data in anomymous data. it would be pseudonymous at best) that trigger the bug.

It can be pretty hard if your organization was not organized with this in mind in the first place.

netsectoday5y ago

Honest answer, everyone who claims to be GDPR or HIPAA compliant is lying and hopes you never find out.

Multicomp5y ago

Is this true? If so, GDPR, like SOX 404 will stink from an actual getting devs to own their own code perspective.

It devolves into a bunch of managers saying no ops person can have any write access to git at all and no dev person can have any read access to prod, let alone deploy code, thus throwing up a wall to have stuff thrown over.

Separation of duties is the worst, stupidest, clumsiest control ever but all the auditors and management types love it because it doesn't require them to think.

IT controls are far less used as the only control as the Phoenix Project alludes and yet the default state for any auditor is "it's all in Sox scope and everything is an IT control, lock it all down" and unless management has a clue and a care, they just do it.

In the process, they contort the CICD pipeline in horrible ways to say that yes, they have obtained the magical way of separation of duties.

j / k navigate · click thread line to collapse