Yet Another Nifty Gadget

Tech, , , , , , , , , , , , ,

Work from home has come a long way. While office spaces facilitated many technologies and tools which we haven’t really given much thought about, working from home makes you realize the value of some of the gadgets we used every day to communicate.

A typical office would’ve had a conference phone (those triangle shaped ones) that have a multi-microphone configuration and quality amplified audio output, allowing a group on people in a meeting room to comfortably communicate with a remote party, and have a clear audio conversation.

Some offices may take this a step further and have a video conferencing configuration that also relays visual data from the conference room and vice versa, paired with a quality audio configuration… fancy stuff, however in most cases underutilized.

Continue reading Yet Another Nifty Gadget

Back Up and Running in Cloud Native

Tech, , , , , , , , , , , , , ,

Finally had the time to rebuild and refresh the blog site. gotsudo.com in now full Cloud Native running in AWS (has always been, however in a more traditional server-based installation).

The recent migration included an AWS Lightsail service that provides various bundles of OS/applications, which in my case is WordPress running on Linux. Various tiers are also available to fit every budget out there.

I decided to take things a step further, and serve the public facing version of the website in a static configuration, leveraging AWS S3 to host the site files, with AWS CloudFront caching layer sitting upfront for the parent gotsudo.com address.

This allows me to limit access to the actual WordPress site running in Lightsail, transforming it to a true authoring and publishing site, rather than a public front-facing one.

Various WordPress plugins are available that can easily produce a static version of the website, and can also integrate with AWS services (or any other CSP) to auto publish files into S3 or any other repository of choice. While these make things much easier and more integrated, I decided to air-gap the systems, allowing me to selectively produce the published files and upload them to S3 using other means of tailored automation.

Later on, I may add some more integrations to the site, however at this point I’m quite happy with how far it came over a busy weekend’s time.

Tech Audits

Tech, , , , , , , , , , , ,

What systems do security and availability audits cover? A fair question!

Well, the hard truth is that it is your responsibility to identify this as a system owner; and not the duty of an auditor. Don’t sit around waiting for auditors to show up and expect them to answer this question.

Simply put, everything and anything within your ecosystem that may interrupt business continuity should be part of the audit. This can easily include systems that do not even reside in your ‘PROD VPC’, or even be tagged as ‘Production’.

You’ll be surprised how many times it comes down to a small neglected server that sits in the corner and very few folk know about, yet holds a critical role in your supply chain processing, or mailing important notifications and updates to clients.

Do a true/practical risk assessment, identify your systems, minimize your exceptions, properly document your findings, and present them as the lay of the land; your auditors will be very thankful.

Hold my beer!

Tech, , , , , , , ,

Company: “Our data is encrypted at rest, and in transit. We are SOC2 assessed and HIPAA compliant. Our Cyber team conducts quarterly audits, our Security Ops are 24/7, and our employees go through quarterly security training.”

That one developer about to run a wild query exporting all data to a CSV file: “Hold my beer!”

Invest in Data Access Controls