When building modern applications, managing access permissions during operational events is tricky.
Security best practices specify that engineers—developers and operations engineers—should have as little access as possible to the production application and its infrastructure. Sometimes business requirements or industry regulations require access to production to be severely restricted. But even without industry or business requirements, security best practices, such as the principle of least privilege, dictate that engineers should have as little access to production as possible, including those engineers responsible for managing on-call operational issues.
InfoWorld Cloud ComputingRead More