Hey, MBS:
*>>If you have a particular dev you don’t trust, fire him/her.* Yes, that's my starting point, but apparently there are folks we trust a little bit, so we need to give them *some* access, but not all of it. :) *>>You could up the ante’ with MFA beyond 2FA. Require a second party to participate in providing a key to unlock the repository.* Good point. I'll see if they want to go there... *>>And, presuming we are referring to Windows, ensure that you are using GPOs that prevent the use of any USB devices.* Already done -- I should have mentioned that. *>>* *Hand in all electronic devices at the door. Most will learn fairly quickly to leave them in their car or at home.* They'll air-gap before they do this one. :) Regards, *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> *Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…* * GPG: *1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A On Thu, Dec 17, 2015 at 12:49 PM, Michael B. Smith <[email protected]> wrote: > > If you have a particular dev you don’t trust, fire him/her. > > > > > You could up the ante’ with MFA beyond 2FA. Require a second party to > participate in providing a key to unlock the repository. > > > > > And, presuming we are referring to Windows, ensure that you are using GPOs > that prevent the use of any USB devices. > > > > > Hand in all electronic devices at the door. Most will learn fairly quickly > to leave them in their car or at home. > > > > > I’ve seen the first two used at “big money” companies. The last at > military installations. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Andrew S. Baker > *Sent:* Thursday, December 17, 2015 11:03 AM > *Subject:* [NTSysADM] Protecting Sensitive Source Code > > > > Good morning: > > > > Does anyone happen to have any experience with the protection of sensitive > source code? > > > > Essentially, we're looking to ensure that we can adequately mitigate the > risk of critical portions of the code being copied and used inappropriately. > > > > This is beyond any protections (real or imagined) offered by the > following, which we have in place today: > > > > -- An NDA > > -- Restricted access to the source code repository, on a need to know basis > > -- Two-factor authentication to access the repository (being considered) > > > > An air-gapped network is not currently on the table for discussion. :) > > > > Regards, > > > > > *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> > *Providing Virtual CIO Services (IT Operations & Information Security) for > the SMB market…* > > * GPG: *1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A >
