当前位置:首页 > 报告详情

安全还是便利——为什么不能两者兼得?.pdf

上传人: 竿*** 编号:981581 2025-11-29 70页 1.57MB

1、Dorota Parad,CEO Security or convenience-why not both?Get pagedCheck the incident reportInvestigate the errorCode the fixMerge&deployVerify the fixDone!Portal blockedConnect to VPNNo access to productionWebsite blockedNo test infra accessBuild failedDeployment failedGet pagedCheck the incident repor

2、tInvestigate the errorCode the fixMerge&deployVerify the fixNo access to productionPasswordSlow machineAnnoying OSDorota Parad,CEO authentication&authorization APIBased in SwitzerlandPrivate,for profitEngineering team 20 peoplenFADP-privacy by design&by defaultBulkheadsReducing the blast radius Leve

3、lsWhat are we protecting?ImpactSo what?SimplicitySimpler=more securePit of SuccessCorrect by defaultPit of uccessevelsulkheadsmpactimplicityPortal blockedConnect to VPNNo access to productionWebsite blockedNo test infra accessBuild failedDeployment failedGet pagedCheck the incident reportInvestigate

4、 the errorCode the fixMerge&deployVerify the fixNo access to productionPasswordSlow machineAnnoying OSMDM software=constant productivity drainLets secure our perimeter!84%35%Phishing attacksImpersonationOther malware(e.g.viruses or spyware)Account takeoverHacking of bank accountsRansomwareDDoS attac

5、ksOther breaches or attacks17%8%7%6%5%6%Source:Cyber security breaches survey 2024(GOV.UK)Minimizing impactSo what?Emails,chatCredentialsSource code-store in the cloud-create a pit of success-ughWhat are we protecting?CI/CD minimizes security riskof malicious commitsMultiple levels of protectionCode

6、+commitPull requestTestMergeDeployGit access controlCredentialsSecond pair of credentialsCode+commitPull requestMergeNo manual interventionsReliable builds=better securityRobust pipelines=simple pipelinesNo commits outside of pipelinePasswordSlow machineAnnoying OSPasswordSlow machineAnnoying OSPort

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容围绕网络安全和最佳实践展开,强调安全与便利性的平衡。以下是关键点: 1. **安全与便利性**:文章提出安全和便利性可以同时实现,例如通过使用VPN和限制生产环境访问。 2. **网络安全威胁**:数据表明,84%的网络安全事件与钓鱼攻击有关,其他威胁包括仿冒、恶意软件、账户接管等。 3. **最小化影响**:通过存储源代码在云端、使用CI/CD流程和访问控制来减少安全风险。 4. **密码管理**:遵循NIST指南,避免任意更改密码,并选择复杂且易记的密码。 5. **访问控制**:实施单点登录(SSO)和最小权限原则,以减少密码使用和钓鱼风险。 6. **安全措施**:包括使用环境变量、Git服务器、密钥管理服务和内部数据库。 7. **应急准备**:制定易于遵循的应急响应流程,并保留审计记录。 8. **合规性**:遵守各种安全标准和法规,如SOC2、ISO 27001、GDPR等。
"如何平衡安全与便利?" "打造无懈可击的网络安全!" "密码安全,你做到了吗?"
客服
商务合作
小程序
服务号
折叠