Week 1: How to Put Your SOC On

LaunchDarkly
By Andrew Brown   •   August 16, 2017
LaunchDarkly

What does a new engineer do during their first week at a SOC 2 Compliant startup? Write code? Maybe. Deploy code? Hopefully. Create accounts? Certainly.  Ad nauseam.

After creating my task tracking and document sharing accounts, half the items I saw on my TODO lists were about creating accounts on more services. Also on my calendar was to attend training for one of LaunchDarkly's newest initiatives: SOC 2 Compliance.

At LaunchDarkly, we maintain mission critical services for our customers (feature flags!). And for those who opt for premium services, we also store sensitive data about their clients as part of our analytics features. It is essential to our business that we protect not only access to control over customer application behavior, but to all client data we store on behalf of our customers.

After our security training, each member of my incoming class made a commitment to:

  • Create a unique password for every service. Use a password generator and a password manager!
  • Enable 2-factor authentication for every service that offers it.
  • Avoid sharing passwords and accounts with team members to keep a precise audit trail.
  • Restrict browser plugins to the minimum necessary to do your job. Those plugins can read your data.
  • Secure your laptop with FileVault and lock screens.
  • Limit connected applications with access to Gmail, GitHub and other accounts.
  • Secure customer data. (Obfuscated links don't cut it!)

These are all great practices even if your business doesn't need SOC 2 certification. Now to deploy some code (if I can just remember where I've written down my SSH key…).

You May Like
  •   BEST PRACTICESTesting in Production to Stay Safe and Sensible
  •   BEST PRACTICESWhat Is Continuous Testing? A Straightforward Introduction
MAY 6, 2021   •   BEST PRACTICESRelease Testing Explained
MAY 4, 2021   •   BEST PRACTICESOrchestration vs. Automation in the Cloud: How to Use Both
APRIL 29, 2021   •   POPULAR1-800-FLOWERS.COM, Inc. Migrates to the Cloud Seamlessly with LaunchDarkly
APRIL 28, 2021   •   BEST PRACTICESWhat Is Container Orchestration, Exactly? Everything to Know