Agreed. I can only say how I've seen CyberArk implemented at several sites. It has not been a productive outcome. It might not be implemented well.
Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax SQL Down Under | Web: www.sqldownunder.com |http://greglow.me *From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] *On Behalf Of *Ken Schaefer *Sent:* Tuesday, 23 January 2018 11:20 AM *To:* ozDotNet <ozdotnet@ozdotnet.com> *Subject:* RE: Internet access from development machines [OT] Any tool can be badly implement. Poor source control could be just as much a productivity drain poor change management, as much as poor security restrictions. *From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com <ozdotnet-boun...@ozdotnet.com>] *On Behalf Of *Greg Low *Sent:* Tuesday, 23 January 2018 1:18 PM *To:* ozDotNet <ozdotnet@ozdotnet.com> *Subject:* RE: Internet access from development machines [OT] My concern, is that in several sites, what I now see is frustrated people who can't get their work done, at least not efficiently. Mind you, one of the sites was also worried about power. They have all the developer machines running in a lower-power mode. Uses less electricity but builds now take twice as long, etc. (And for this app, that's a long time). Yet they're discussing how to increase developer productivity. Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax SQL Down Under | Web: www.sqldownunder.com |http://greglow.me *From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] *On Behalf Of *Ken Schaefer *Sent:* Tuesday, 23 January 2018 10:11 AM *To:* ozDotNet <ozdotnet@ozdotnet.com> *Subject:* RE: Internet access from development machines [OT] Tools like CyberArk exist for a good reason. And they can sometimes be beneficial. Our platform admins only need to have a single account now – to login to CyberArk. Before they used to have numerous privileged accounts to login to all sorts of systems, and needed to remember and cycle passwords across all of them. Deprovisioning or altering access when people moved roles or left was a PITA. *From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com <ozdotnet-boun...@ozdotnet.com>] *On Behalf Of *Greg Low *Sent:* Wednesday, 17 January 2018 8:18 PM *To:* ozDotNet <ozdotnet@ozdotnet.com> *Subject:* RE: Internet access from development machines [OT] Or even if they are connected, you could endlessly block them from getting to what they need anyway: http://blog.greglow.com/2018/01/09/opinion-treat-staff-like-adults/ Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax SQL Down Under | Web: www.sqldownunder.com |http://greglow.me *From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] *On Behalf Of *Craig van Nieuwkerk *Sent:* Wednesday, 17 January 2018 7:38 PM *To:* ozDotNet <ozdotnet@ozdotnet.com> *Subject:* Re: Internet access from development machines [OT] This sounds like a decision upper management would make with no idea how developers work. It is a great idea if you need to make some layoffs and want developers to quit. Craig On Wed, Jan 17, 2018 at 6:18 PM, David Apelt <david.ap...@transmax.com.au> wrote: Team, I have heard of suggestions that internet connectivity should be prevented from developer machines in case a security issue causes a leak of source code or similar. I know some defence companies have two computers on the desktop to prevent this from happening. Outside of defence, what are peoples experiences? Give developers internet connectivity? Have two machines? Maybe give them a remote desktop connection from internet. How many developers in your company that have internet connectivity? Thanks in advance Dave A
