undefined | Better HN

0 pointsoconnor6634y ago0 comments

The tradeoffs for any individual piece of data are different from the tradeoffs of a company-wide policy. Siloing off one little thing (e.g. credit card info) usually doesn't inconvenience very many people, but at the same time it only provides marginal security. No front page headline has ever read "At Least The Credit Card Info Was Safe". On the other hand, a company-wide policy of siloing everything can have more of a security impact, but it also inconveniences everyone frequently. That's the tradeoff that many tech companies don't want to make.

0 comments

zerkten4y ago

I don't see how this precludes just-in-time access. Even if people can re-up on their own, you can still observe the data access patterns and manage the risk. Further, when you see someone is getting blocked a lot you can improve the experience for them so they are unblocked, or have more efficient access to the data. This is just mature data and security management.

Quality of life and developer experience are important topics in many ways, but should they really trump security consistently? It's always going to be dependent on people's risk assessment and comfort, but frequently it skews the wrong way because the people making the decisions know that they'll be gone.

myohmy4y ago

Implementing just-in-time access on legacy systems that pre-date just-in-time architectures is extremely expensive. Its cheaper to either give all info or no info. Which is what every legacy company does instead.

My company can shut off my access to the all the databases when they stop asking me to troubleshoot any and all data issues. Which will never happen.

j / k navigate · click thread line to collapse

0 comments

zerkten4y ago

myohmy4y ago

My company can shut off my access to the all the databases when they stop asking me to troubleshoot any and all data issues. Which will never happen.

j / k navigate · click thread line to collapse