-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: Add"IAM Best practices" #322
base: master
Are you sure you want to change the base?
docs: Add"IAM Best practices" #322
Conversation
✅ Deploy Preview for gracious-clarke-e6b312 ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, overall this blog seems quite superficial and lacks a lot of depth. Although we are hitting the SEO keywords, there is very little substance and actionable steps readers can take from going through this post. I would recommend checking out https://www.strongdm.com/blog/iam-best-practices post for the sort of analysis we are looking for
@@ -0,0 +1,101 @@ | |||
Identity and Access Management (IAM) is critical for modern organizations to secure their systems and protect sensitive data. Effective IAM strategies ensure only the right individuals have access to the right resources at the right time. This guide provides actionable IAM best practices supported by real-world examples and case studies to illustrate the principles in action. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add the frontmatter section, this is probably the reason why the automated checks are failing.
|
||
## Common Pitfalls in Identity and Access Management | ||
|
||
### 1. **Inconsistent or Fragmented Access Controls** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no need to make heading tags bold
@@ -0,0 +1,101 @@ | |||
Identity and Access Management (IAM) is critical for modern organizations to secure their systems and protect sensitive data. Effective IAM strategies ensure only the right individuals have access to the right resources at the right time. This guide provides actionable IAM best practices supported by real-world examples and case studies to illustrate the principles in action. | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please also add a Table of Contents
|
||
## Common Pitfalls in Identity and Access Management | ||
|
||
### 1. **Inconsistent or Fragmented Access Controls** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
### 1. **Inconsistent or Fragmented Access Controls** | |
### 1. Inconsistent or Fragmented Access Controls |
|
||
### 1. **Inconsistent or Fragmented Access Controls** | ||
- **Problem**: Organizations often use disconnected IAM systems across departments, leading to gaps in enforcement and oversight. | ||
- **Example**: A financial institution was fined millions for a data breach caused by fragmented access controls that allowed an employee in one department to access sensitive data from another, unrelated division. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is vague, you should cite the source for this
|
||
### 2. **Insufficient User Monitoring and Auditing** | ||
- **Problem**: Without continuous monitoring, detecting and responding to unauthorized access becomes challenging. | ||
- **Example**: In the Target data breach (2013), insufficient monitoring allowed attackers to access sensitive customer data through compromised vendor credentials. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cite the source for the breach
### 2. **Insufficient User Monitoring and Auditing** | ||
- **Problem**: Without continuous monitoring, detecting and responding to unauthorized access becomes challenging. | ||
- **Example**: In the Target data breach (2013), insufficient monitoring allowed attackers to access sensitive customer data through compromised vendor credentials. | ||
- **Solution**: Implement real-time monitoring tools, such as Splunk or IBM QRadar, and establish routine audit processes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How would this "audit process" actually help though. Maybe elaborating what Splunk or QRadar do in a another sentence and how they would help with preventing the problem from occurring.
Related Issue
Link to the Github Issue created for this blog post
Link to Google Doc
https://docs.google.com/document/d/1pDYZbLMxkmmToM1BRpJsabPx8ZI5pwQr68wmF9IyI1o/edit?usp=drive_link
Checklist
The code inside code blocks gives noRemaining TODOs