I've talked that this idea of "devops" is terrifying. It turns a whole bunch of devs whose security mindsets are in "eh password1! is great" because of convenience. And it turns them into domain admins. Gates are good... Although that means in having "Dev" and "Sysad" as 2 different groups. And I as a sysad can and will actively say "NO" with a reason, because something didn't pass a sniff test.
And with the whole AWS push on everything, do you know what else it does? It gives the devs an unlimited line of credit that company has to pay for. Nowhere before did sysads, devs, or other non-manager and non-C-level have unfettered access to the company wallet. And right now, if you have IAM access in AWS, you do.
I've talked that this idea of "devops" is terrifying. It turns a whole bunch of devs whose security mindsets are in "eh password1! is great" because of convenience. And it turns them into domain admins. Gates are good... Although that means in having "Dev" and "Sysad" as 2 different groups. And I as a sysad can and will actively say "NO" with a reason, because something didn't pass a sniff test.
And with the whole AWS push on everything, do you know what else it does? It gives the devs an unlimited line of credit that company has to pay for. Nowhere before did sysads, devs, or other non-manager and non-C-level have unfettered access to the company wallet. And right now, if you have IAM access in AWS, you do.