Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: Add"IAM Best practices" #322

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

lukiccd
Copy link

@lukiccd lukiccd commented Dec 11, 2024

Related Issue

Link to the Github Issue created for this blog post

Link to Google Doc

https://docs.google.com/document/d/1pDYZbLMxkmmToM1BRpJsabPx8ZI5pwQr68wmF9IyI1o/edit?usp=drive_link

Checklist

  • Has cover image been added
  • Have all content images been added. Do they render correctly? (aspect ratio etc)
  • The code inside code blocks gives no
  • Check for SEO keyword?
  • Added call to action to link to supertokens and to link to other blogs.
  • Add reference to how SuperTokens solves this blog's problem (if relevant).

Remaining TODOs

  • ...

Copy link

netlify bot commented Dec 11, 2024

Deploy Preview for gracious-clarke-e6b312 ready!

Name Link
🔨 Latest commit 14cc7f6
🔍 Latest deploy log https://app.netlify.com/sites/gracious-clarke-e6b312/deploys/6760d4bfadb45600086c77ca
😎 Deploy Preview https://deploy-preview-322--gracious-clarke-e6b312.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

Copy link
Contributor

@jscyo jscyo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, overall this blog seems quite superficial and lacks a lot of depth. Although we are hitting the SEO keywords, there is very little substance and actionable steps readers can take from going through this post. I would recommend checking out https://www.strongdm.com/blog/iam-best-practices post for the sort of analysis we are looking for

@@ -0,0 +1,101 @@
Identity and Access Management (IAM) is critical for modern organizations to secure their systems and protect sensitive data. Effective IAM strategies ensure only the right individuals have access to the right resources at the right time. This guide provides actionable IAM best practices supported by real-world examples and case studies to illustrate the principles in action.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add the frontmatter section, this is probably the reason why the automated checks are failing.


## Common Pitfalls in Identity and Access Management

### 1. **Inconsistent or Fragmented Access Controls**
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no need to make heading tags bold

@@ -0,0 +1,101 @@
Identity and Access Management (IAM) is critical for modern organizations to secure their systems and protect sensitive data. Effective IAM strategies ensure only the right individuals have access to the right resources at the right time. This guide provides actionable IAM best practices supported by real-world examples and case studies to illustrate the principles in action.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please also add a Table of Contents


## Common Pitfalls in Identity and Access Management

### 1. **Inconsistent or Fragmented Access Controls**
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
### 1. **Inconsistent or Fragmented Access Controls**
### 1. Inconsistent or Fragmented Access Controls


### 1. **Inconsistent or Fragmented Access Controls**
- **Problem**: Organizations often use disconnected IAM systems across departments, leading to gaps in enforcement and oversight.
- **Example**: A financial institution was fined millions for a data breach caused by fragmented access controls that allowed an employee in one department to access sensitive data from another, unrelated division.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is vague, you should cite the source for this


### 2. **Insufficient User Monitoring and Auditing**
- **Problem**: Without continuous monitoring, detecting and responding to unauthorized access becomes challenging.
- **Example**: In the Target data breach (2013), insufficient monitoring allowed attackers to access sensitive customer data through compromised vendor credentials.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cite the source for the breach

### 2. **Insufficient User Monitoring and Auditing**
- **Problem**: Without continuous monitoring, detecting and responding to unauthorized access becomes challenging.
- **Example**: In the Target data breach (2013), insufficient monitoring allowed attackers to access sensitive customer data through compromised vendor credentials.
- **Solution**: Implement real-time monitoring tools, such as Splunk or IBM QRadar, and establish routine audit processes.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How would this "audit process" actually help though. Maybe elaborating what Splunk or QRadar do in a another sentence and how they would help with preventing the problem from occurring.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants