Week 1: How to Put Your SOC On

By Andrew Brown   •   August 16, 2017
LaunchDarkly

What does a new engineer do during their first week at a SOC 2 Compliant startup? Write code? Maybe. Deploy code? Hopefully. Create accounts? Certainly.  Ad nauseam.

After creating my task tracking and document sharing accounts, half the items I saw on my TODO lists were about creating accounts on more services. Also on my calendar was to attend training for one of LaunchDarkly's newest initiatives: SOC 2 Compliance.

At LaunchDarkly, we maintain mission critical services for our customers (feature flags!). And for those who opt for premium services, we also store sensitive data about their clients as part of our analytics features. It is essential to our business that we protect not only access to control over customer application behavior, but to all client data we store on behalf of our customers.

After our security training, each member of my incoming class made a commitment to:

  • Create a unique password for every service. Use a password generator and a password manager!
  • Enable 2-factor authentication for every service that offers it.
  • Avoid sharing passwords and accounts with team members to keep a precise audit trail.
  • Restrict browser plugins to the minimum necessary to do your job. Those plugins can read your data.
  • Secure your laptop with FileVault and lock screens.
  • Limit connected applications with access to Gmail, GitHub and other accounts.
  • Secure customer data. (Obfuscated links don't cut it!)

These are all great practices even if your business doesn't need SOC 2 certification. Now to deploy some code (if I can just remember where I've written down my SSH key…).

You May Like
FEBRUARY 25, 2021   •   Team & NewsReflections on Black History Month at LaunchDarkly
FEBRUARY 23, 2021   •   PRODUCT UPDATESLaunched: Erlang SDK
FEBRUARY 18, 2021   •   INDUSTRY INSIGHTSBlue-Green Deployments: A Definition and Introductory Guide
FEBRUARY 16, 2021   •   INDUSTRY INSIGHTSRecap: Gene Kim’s Thoughts on DevOps in 2021
FEBRUARY 14, 2021   •   Valentine’s Day Poems, Deployed Just for You
FEBRUARY 11, 2021   •   Team & NewsRegister for Our First-Ever User Conference, Galaxy