In today's episode, "Don't Give Special Access," we tackle a crucial question: how can we grant developers and operations engineers the necessary access to our applications without compromising customer data or violating business processes?
The Importance of Limiting Access: "Security best practices specify that engineers, both developers and IT operations, personnel, should have as little access as possible to the production application and its infrastructure."
Permission Escalation: "Permission escalation is a process of giving an on call engineer temporary increased system access during an emergency. This increased access typically comes with increased scrutiny."
Preventing Malicious Activities: "All of this ensures that a rogue engineer can't perform malicious activities on the site, including access customer private data inappropriately and cause damage to the system or the business."
"Balancing Security and Access: Giving engineers unrestricted access to everything... is just not safe and is just not good business practice."
----
Today on Modern Digital Business
Thank you for tuning in to Modern Digital Business. We typically release new episodes on Thursdays. We also occasionally release short-topic episodes on Tuesdays, which we call Tech Tapas Tuesdays.
If you enjoy what you hear, will you please leave a review on Apple Podcasts, Podchaser, or directly on our website at mdb.fm/reviews?
If you'd like to suggest a topic for an episode or you are interested in being a guest, please contact me directly by sending me a message at mdb.fm/contact.
And if you’d like to record a quick question or comment, click the microphone icon in the lower right-hand corner of our website. Your recording might be featured on a future episode!
To ensure you get every new episode when they become available, please subscribe from your favorite podcast player. If you want to learn more from me, then check out one of my books, courses, or articles by going to leeatchison.com.
Thank you for listening, and welcome to the modern world of the modern digital business!
Useful Links
Lee Atchison is a software architect, author, public speaker, and recognized thought leader on cloud computing and application modernization. His most recent book, Architecting for Scale (O’Reilly Media), is an essential resource for technical teams looking to maintain high availability and manage risk in their cloud environments. Lee has been widely quoted in multiple technology publications, including InfoWorld, Diginomica, IT Brief, Programmable Web, CIO Review, and DZone, and has been a featured speaker at events across the globe.
Take a look at Lee's many books, courses, and articles by going to leeatchison.com.
Check out Architecting for Scale. Currently in it's second edition, this book, written by Lee Atchison, and published by O'Reilly Media, will help you build high scale, highly available web applications, or modernize your existing applications. Check it out! Available in paperback or on Kindle from Amazon.com or other retailers.
Subscribe here to catch each new episode as it becomes available.
Want more from Lee? Click here to sign up for our newsletter. You'll receive information about new episodes, new articles, new books, and courses from Lee. Don't worry, we won't send you spam, and you can unsubscribe anytime.
Mentioned in this episode:
Architecting for Scale
What does it take to operate a modern organization running a modern digital application? Read more in my O’Reilly Media book Architecting for Scale, now in its second edition. Go to: leeatchison.com/books or mdb.fm/afs.
When building modern applications, an astute observer will quickly see an issue. How do you give developers and operations engineers access to the application to build, fix, and operate the application without exposing customer data or violating business processes and systems? Do you know who has access to your customer's data? Do you know what a disgruntled employee is capable of doing to your application? On this episode, I discuss access, access to production systems, access to production data, access to sensitive business information, and access to sensitive customer data. Are you ready? Let's go. How do you give developers and operations engineers access to the application to build, fix, and operate the application, without exposing customer data or violating business processes and systems. After all, if your engineers have access to all of the data in the database, they have access to customer private information. and if they can modify data in the database or create or change privileged communications between services, they have complete control over your business and your business processes. Security best practices specify that engineers, both developers and IT operations, personnel, should have as little access as possible to the production application and its infrastructure. Sometimes business requirements make these restrictions even more critical, and some industry regulations such as, for instance, HIPAA can even involve legal requirements and restrictions. This security best practice is known as the principle of least privilege. However, this can be a problem. What happens if the site has a problem during the middle of the night and the on call engineer is called in. The engineer will need access to the application in production. Access they may not have because of the security access requirements in place. How can an on call engineer do the work they need to do without the additional permissions they need during the emergency? The answer is permission escalation. Permission escalation is a process of giving an on call engineer temporary increased system access during an emergency. This increased access typically comes with increased scrutiny. The engineer's activities while they have the increased access are typically logged, and sometimes they must be reviewed by a second set of eyes to ensure that only the necessary actions are actually being taken with the escalated permissions. Additionally, an engineer can typically only get escalated permissions during a registered site emergency. All of this ensures that a rogue engineer can't perform malicious activities on the site, including access customer private data inappropriately and cause damage to the system or the business. This process maintains the principle of least privilege. There are many ways to perform permission escalations, including Break the Glass, Logged Escalation, and Two Person Escalation. Another option is to create specialized, restricted, limited scope tooling to assist the engineer in performing specific critical operations, such as rebooting a server. Engineers often don't like the additional headaches and restrictions. that these rules require. They'd rather simply have all the permissions they need all the time. They argue that time is of the essence during the crisis. Any delay caused by excessive hurdles getting in the way during the crisis in their mind is too much of a restriction. However, site owners need to make sure their systems remain secure. And that means following all security and industry best practices. This includes abiding by all industry regulations. Giving engineers unrestricted access to everything in a production application, including and especially customer data, is just not safe and is just not good business practice.