Comment on Keep Tier-One Applications Out of Virtual Environments
francisfordpoopola@lemmy.world 3 days agoWould you care to expand on this? I understand many of the pieces mentioned but am not an expert on this and am trying to learn.
Comment on Keep Tier-One Applications Out of Virtual Environments
francisfordpoopola@lemmy.world 3 days agoWould you care to expand on this? I understand many of the pieces mentioned but am not an expert on this and am trying to learn.
ramielrowe@lemmy.world 2 days ago
In a centralized management scenario, the central controlling service needs the ability to control everything registered with it. So, if the central controlling service is compromised, it is very likely that everything it controlled is also compromised. There are ways to mitigate this at the application level, like role-based and group-based access controls. But, if the service itself is compromised rather than an individual’s credentials, then the application protections can likely all be bypassed. You can mitigate this a bit by giving each tenant their own deployment of the controlling service, with network isolation between tenants. But, even that is still not fool-proof.
Fundamentally, security is not solved by one golden thing. You need layers of protection. If one layer is compromised, others are hopefully still safe.
francisfordpoopola@lemmy.world 2 days ago
Makes perfect sense. I’m not as familiar with the admin side of things.