Tuesday, April 17, 2018

Infosec quotes - prod and non-prod

It’s a security best practice for prod and non-prod environments to never interact with each other. You don’t want a weakness or lax security controls in non-prod to lead to a breach of your prod environment. You also shouldn’t bring un-sanitized prod data down to non-prod for the same reason, now you are protecting 2 copies of prod data!

“... A query was accidentally run against our production DB which truncated all tables ... we connected our development environment to a production DB with write access....”


https://twitter.com/bitfield/status/986327940937011200?s=21 

No comments:

Post a Comment