30+ years of tech, retired from an identity intelligence company, now part-time with an insurance broker.
Dev community mod - mostly light gardening & weeding out spam :)
Anders way of thinking about security in a modern cloud environment works for me, it's the 'cattle-not-pets' approach: deploying immutable closed systems (no user access) that have no need of configuration / comissioning, a nice blog post here: tempatrumah.blogspot.com/2021/07/e...
This strategy allows security controls such as full system integrity monitoring and automated intrusion / modification handing (eg: isolate and freeze the affected system for forensics, deploy another one via the automated scaler / pipeline).
Add a well-thought out separation of concerns strategy (be that managed access to deployment pipeline data that gets baked into the system, in-cloud secrets managers that lean on machine identity for access control, separate production data repo with managed access, whatever works for your scale) and you have addressed most of the risk being discussed here.
The problems arise with production systems that are pets, lots of humans poking about and little to no chance of spotting a problem fast enough to act effectively.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Anders way of thinking about security in a modern cloud environment works for me, it's the 'cattle-not-pets' approach: deploying immutable closed systems (no user access) that have no need of configuration / comissioning, a nice blog post here: tempatrumah.blogspot.com/2021/07/e...
This strategy allows security controls such as full system integrity monitoring and automated intrusion / modification handing (eg: isolate and freeze the affected system for forensics, deploy another one via the automated scaler / pipeline).
Add a well-thought out separation of concerns strategy (be that managed access to deployment pipeline data that gets baked into the system, in-cloud secrets managers that lean on machine identity for access control, separate production data repo with managed access, whatever works for your scale) and you have addressed most of the risk being discussed here.
The problems arise with production systems that are pets, lots of humans poking about and little to no chance of spotting a problem fast enough to act effectively.