Skip to main content

5 posts tagged with "DevOps"

View All Tags

· 8 min read
Jascha Beste

DevOps and Compliance

Let's cut straight through the bullshit: if you're an engineer working in a company that deals with sensitive data or operates in a regulated industry, you've probably rolled your eyes at the mention of "compliance" more times than you can count. SOC2, ISO27001, HIPAA, GDPR – these acronyms often feel like speed bumps on the highway of rapid development and deployment.

But here's the kicker: DevOps and compliance aren't natural enemies. In fact, when done right, they're powerful allies that can supercharge your software development process and keep your ass out of regulatory hot water. So buckle up, because we're about to dive into how you can make DevOps and compliance work together without sacrificing your sanity or your velocity.

· 6 min read
Jascha Beste

How to Setup Read-Only Access for Developers with Audit Logs

In today's fast-paced DevOps environment, ensuring that developers have secure yet efficient access to production data is critical. We have written multiple posts on why exactly this is the case, see here and here. Read-only access to production databases is often a good sweetspot to start with for troubleshooting, analytics, and various operational tasks, that in our experience solves 50%+ of all dev access requests. However, this access must be carefully managed to prevent security risks and maintain compliance. In this guide, we'll walk through how to set up read-only access for developers with comprehensive audit logging using Kviklet, so that your SOC2 or ISO 27001 auditor will be happy.

Why Read-Only Access?

Read-only access allows developers to:

· 10 min read
Jascha Beste

I asked myself this question at my first job at Scalable Capital, 4 years ago. I had started at a FinTech startup/scaleup with somewhere between 50 and 100 engineers, enthusiastic about DevOps and a You build it, you run it mindset, which I learned about in my software engineering education in university.
But reality hit hard. You can't simply give every engineer full production access, justifying lax credential management with We want to give people ownership and trust.

· 8 min read
Jascha Beste

Datacenter

In the fast-paced world of DevOps, safely accessing production databases is a crucial competency that balances operational efficiency with stringent security measures. This comprehensive guide explores DevOps database access best practices, ensuring your engineering teams can swiftly address issues without compromising on security or system integrity. We'll cover the importance of giving engineers access, the place of migration tools, analytics, and best practices around maintenance and operational tasks. We'll also look at the role of the Four-Eyes Principle in this post.