this post was submitted on 16 Sep 2024
412 points (97.7% liked)

Technology

59448 readers
3553 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 2 months ago

Exactly. We use a VPN to connect to anything somewhat important, and anything truly important requires manual access and approvals. I'm in a pretty senior dev position, and if I lost my laptop:

  1. they'd have to break my password or biometric login (disk is encrypted) - with this they get access to most of our code, but no secrets
  2. they'd need to hack my phone to access any internal documentation or test environments due to 2FA
  3. they'd need to hack my password manager to access anything non-documentation - code repos, prod logs, etc
  4. they'd need to hack someone else's machine to get access to actual prod data, which is probably what they really want

And I'm not doing anything special here (and I'm certainly not a security professional), that's everyone's machines due to company policy. We also don't handle anything particularly sensitive, the most sensitive thing I have is proprietary algorithms, and we'd sue anyone if we suspected they stole our code.

Oh, and if they try to run something sus, it'll send a report to our IT dept. I actually got contacted by our IT dept because I ran something unfamiliar (I really like my CLI tools), so they added an exception after personally verifying with me that it's not a hack.

We have teams across the globe, both inside the org and outside, and we haven't had any issues with security, and we do regular audits. Our security team isn't particularly special either, I'm sure many other companies have much tighter security than we do.