• SurpriZe@lemm.ee
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    3 months ago

    Thanks but it’s too late. Here it’s all over unfortunately. I’m just doing my best to mitigate the risks. Anything more substantial?

    • froztbyte@awful.systems
      link
      fedilink
      English
      arrow-up
      8
      ·
      3 months ago

      “better late than never”

      if it already got force-deployed, start noting risks and finding the problem areas you can identify post-hoc, and speaking with people to raise alert level about it

      probably a lot of people are going to be in the same position as you, and writing about the process you go through and whatever you find may end up useful to others

      on a practical note (if you don’t know how to do this type of assessment) a couple of sittings with debug logging enabled on the various api implementations, using data access monitors (whether file or database), inspecting actual api calls made (possibly by making things go through logging proxies as needed), etc will all likely provide a lot of useful info, but it’ll depend on whether you can access those things in the first place

      if you can’t do those, closely track publications of issues for all the platforms your employer may have used/rolled out, and act rapidly when shit inevitably happens - same as security response

      • SurpriZe@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 months ago

        How’s it at your place? What’s your experience been with this whole thing

        • froztbyte@awful.systems
          link
          fedilink
          English
          arrow-up
          8
          ·
          3 months ago

          whenever any of this dogshit comes up, I have immediately put my foot down and said no. occasionally I have also provided reasoning, where it may have been necessary/useful

          (it’s easy to do this because making these calls is within my role, and I track the dodgy parts of shit more than anyone else in the company)

    • MonkderVierte
      link
      fedilink
      English
      arrow-up
      4
      ·
      3 months ago

      Limit access on both sides (user and cloud) as far as you can, train your users if possible. Prepare for the fire, limit liability.