My first job was in a FinTech and the way production access was managed scared me. This is my approach at streamlining the process.
Basically a PR review flow for SQL queries, enforcing the 4-eyes principle so you never accidentally can do a Delete * form users, forgetting the where clause.
Thank you! This was initially a startup idea but it was very hard to sell a cyber security solution with a very bare bones product to companies large enough to have this problem. Because the required features of such large orgs are just too much for such an early stage team.
So I'm now doing it a bit as a side project but I hope to at some point also offer a paid version to fund development long term.
Yes, I already thought about this. In theory all "production access", be it ssh, k8s commands, database access of any kind or even a ruby shell could go through such a a flow.
It's a bit of a pain to integrate well with everything though, but I have a lot of plans, will just take some time to mature :D
My first job was in a FinTech and the way production access was managed scared me. This is my approach at streamlining the process. Basically a PR review flow for SQL queries, enforcing the 4-eyes principle so you never accidentally can do a Delete * form users, forgetting the where clause.