Latest Articles

Temporary Access To CloudSQL

  • Articles

CloudSQL Access Controls Securing the development environment is a critical challenge for DevSecOps teams that must navigate multiple cloud environments and technologies. To improve collaboration between developers, security professionals, and IT operations staff, we need to provide secure access physical networks and services—which often includes providing elevated levels of permissions for databases such as CloudSQL. […]

Temporary Access To PostgreSQL

  • Articles

PostgreSQL Access Controls PostgreSQL is a widely popular relational structured database management system, PostgreSQL authorization is an ongoing process that checks each command, comparing it with the users account role and its associated privileges. Managing Permissions in PostgreSQL In the era of DevSecOps, ease of access and secure management of resources is essential to facilitating […]

Temporary Access To MySQL

  • Articles

Intro MySQL is a widely popular relational structured database management system, MySQL authorization is an ongoing process that checks each command, comparing it with the users account role and its associated privileges. MySQL Access Controls For many DevOps professionals, managing secure access to the company’s databases is a challenging task. You need to manage user […]

Temporary Access To MongoDB

  • Temporary Access

Intro MongoDB is a highly popular database commonly used for building Highly Available (HA) applications. Apono enables you to create Dynamic Access Flows that allow you to provision “Just–Enough” MongoDB access for “Just-in–Time” duration, assuring access is tailored to the task at hand, and revoking the access at the end of the access window, reducing […]

How streamlining access leads to productive development teams

  • Articles
  • Uncategorized

How Streamlining Access Leads To Productive Development Teams Does your access management hurt your team’s productivity? It does. How do we know? Let’s look at the data. Access and productivity in numbers The average employee has 191 passwords to keep track managing all those different usernames and passwords is a huge time suck. There’s no […]

DevOps Expert Talks: Ask Me Anything With Moshe Belostotsky

  • Articles
  • DevOps Leaders Spotlight

In this Q&A session with Moshe Belostotsky, Director of DevOps at Tomorrow.io, we dive into the changing role of DevOps and how security considerations are changing the way software is being built and delivered. Q: First of all, if you can tell me a little about yourself, what brought you into DevOps? A: “I was […]

The Uber Hack – Advance Persistent Teenager Threat 

  • Articles

Uber, the ride hailing giant, confirmed a major system breach that allowed a hacker access to Vsphere, google workplace, AWS, and much more, all with full admin rights.  In what that will be remembered as one of the most embarrassing hacks in recorded history, the hacker posted screenshots to the vx-underground twitter handle, from the […]

Effective Privilege Management in the Cloud – Mission Impossible?

  • Uncategorized
  • Articles

TLDR: Overprivileged access is a natural consequence of manually granting and revoking access to cloud assets and environments. What DevOps teams need are tools to automate the process. Apono automatically discovers cloud resources and their standing privileges, centralizing all cloud access in a single platform so you don’t have to deal with another access ticket […]

What we can learn from the LastPass hack

  • Articles

LastPass, a password manager with over 33M users reported an unauthorized party hacked into its development environment, the hackers were able to gain access through a single breached developer account.  Don’t act all surprised, getting hacked is a “WHEN” not an “IF” question  Everyone gets hacked eventually, the bigger a company is the bigger the […]

How we passed our SOC2 compliance certification in just 6 weeks with Apono

  • Uncategorized
  • Articles

We recently went through the SOC2 process and are happy to report that we successfully passed our audit! Generating a SOC 2 Type 1 Report generally takes up to six months. In our case, the entire process took only 6 weeks, and we wanted to share how we did it. TLDR: We used Apono’s cloud-native […]

Top 5 AWS Permissions Management Traps DevOps Leaders Must Avoid

  • Uncategorized
  • Articles

As born-in-the cloud organizations grow, natively managed Identity and Access Management (IAM) tools are becoming a growing concern. Although DevOps teams tend to bear the burden of cloud IAM provisioning, the operational challenges transcend functional silos. Even when SREs and infrastructure teams are closely aligned with security leaders, using native IAM tools to provision access […]

How a DevSecOps Initiative Could Have Prevented the IKEA Canada Privacy Breach

  • Uncategorized
  • Articles

Earlier this week, IKEA Canada confirmed that an employee had accessed private customer information. Although the official announcement did not provide details, it’s a safe bet to assume that controls related to data governance and regulatory compliance are the primary guardrails that led to the revelation. Unfortunately, this particular case hardly represents an isolated incident.  […]