this is interesting. i see you've added functionality to use these via a browser. have you considered making these tools available via a cli interface too?
That's a really good idea, especially for the private notes functionality where you could pipe some output into a private note and get an e2e encrypted URL back. On the list, thanks!
Logged in specifically to agree and upvote this comment!
- on-demand preview of changes before i hit save
- source code is always embedded with the diagram and anyone can reference and edit
- source controlled history via confluence history
I've used mermaid extensively but ultimately abandoned it because it didn't have a good flow for sharing the source and history. Confluence + PlantUML is a great solution.
For too long information security has been a blocker instead of an accelerator. My nightmare scenario was a few years ago when we had to halt all production work for 6 months while we met with endless lawyers and CPAs to try and explain how our entire infrastructure was built. Developers hated it, product hated it, marketing hated it, maybe the CPAs loved it?
I've seen huge deals fall through because of failing to get compliance fast enough, or basic security missteps (how many articles about turning on MFA do we need?) lead to major incidents. And don't even get me started on consultants and spreadsheets. I have stories to share...
That is why we built Control - to solve compliance with one integration.
Controls accelerates and automates SOC2, ISO 27001, PCI and more - so that you can build your company, not work on compliance. No more legalese, writing policies or manually running endless compliance scanners across your systems.
At VGS, we're on a much bigger mission - to protect the world's information. This means that we are relentlessly committed to real security and fast compliance.
That's why as a part of this launch, we're offering guaranteed SOC2 compliance on Control for FREE. Just create an account, commit to real security, and we'll take care of the rest.
As a cloud ops minded person, we thought it would be compelling to allow people to simply connect AWS to a free read only tool, from a company I can trust with our info like VGS, just to see what security results came back.
We'd love to hear your feedback, and if you have questions about Security/Compliance, let us know. My team and I will be around all day to help.
Can you provide a ballpark/average cost of this ? I see that you can start for Free but let's get real. The real thing costs money. I am interested but want an idea of the ballpark cost if you can share.
I work at VGS. Because of our mission is to secure the world’s sensitive information we will never let pricing get in the way of security. So yes, our product really is free. There is a cost for the external auditor and that ranges from 15k-25k for SOC 2.
It would be really interesting to hear you talk about how you test the policies that are written for opa.
are the policy documents stored alongside the service or kept in a central registry? do you need to include opa when doing unit testing for the individual services or can it just be layered on and integration tested?
As for where policies are stored, we keep them with the service and later mount in a K8s pod as a ConfigMap. OPA then downloads missing data from the Bundle Service. Integration testing is more or less the same, with OPA declared as a container in Docker Compose.
Encryption is one part of PCI (data stored at rest and in transit). There's still a slew of controls that need to be satisfied when you have access to the data and there's no getting around them if you chose to take this burden on yourself.
The technology involved in persisting sensitive data on disk is a small portion of becoming compliant.
Tokenization is just one part of the solution and you're correct, tokenization providers are plentiful.
VGS also handles compliance, audits, assumes liability and handles custodianship of the data, and provides a convention (versus configuration for most tokenization security) that provides a simple integration.
If you're looking for someone to help offload and get you compliant quickly without having to get mired into the world of compliance yourself it's a solid offering.
If you don't exercise then now would be a great time to start. Endorphins feel great and sometimes the intensity of physical activity is a good way to hit the reset switch on your brain.
As primarily a Python/Javascript shop, we welcome polyglots and believe very strongly in open source. We use the right tool for the job. You should be familiar with at least 2 of the 3 requirements below:
## Application Development
You are comfortable working on very external-facing applications in a distributed services oriented architecture. Must be able to work in an environment where deploying multiple times a day is a norm, but can step back and think about polishing the product. You understand that you must test everything. You live and breathe tests.
## Infrastructure / Systems
You're familiar and comfortable with everything below the application layer. You want to work on performance tuning, database instrumentation, and server architecture. You think, live, and breathe statistics.
## Machine Learning / Data Engineer
You're good with math. Really good. You understand terms like feature extraction, selection, and know what a Euclidean space is. You love linear algebra. People have previously commented about how algorithms are your best friend. You're constantly innovating on how to collect, slice, dice, and analyzing data. You recognize that visualizations are important. You also have a good understanding of how to construct good clean code.
Using our (Balanced's) open source projects for paid trials for potential hires is working really well for us.
It's now a standard part of bring any engineer into the team.
It's easier to do this with front end candidates with our dashboard but also works well with backend hires using Billy, our recurring billing product, and we can now do it with infrastructure candidates since we've started opening up our cookbooks etc.
