Hey there! This is Platform Weekly, serving you your weekly glass of platform engineering juice 🥐 Let’s get pourin'.
Platform engineering: The cybersecurity holy grail we don’t talk enough about
This month Okta, the identity and access management company, announced they have once again been hit with another cybersecurity breach. If that wasn’t bad enough, their stock dropped by almost 25%. That’s $2.5 billion in market cap wiped out in a few days. I don’t want to get into the weeds of the attack (because I don’t have all the details and I’m not an expert), nor what Okta could have done differently.
But I do want to take this opportunity to talk about something that doesn’t get enough attention: the fact that platform engineering is AMAZING when it comes to security.
Most times when we speak about platform engineering and Internal Developer Platforms (IDPs) we focus on metrics like time to market and velocity, or cognitive load and DevEx. That’s usually what most people want to hear about. But there’s an entire other side of that coin that needs spotlight attention.
Platform engineering, especially when done right (i.e. using a Platform Orchestrator to ship an IDP that is actually enterprise-grade) is a massive boost to your security profile as a company. Golden paths don’t just make devs’ lives easier, they let security teams enforce clear best practices and baseline templates. The Platform Orchestrator lets you roll out an enterprise-level RBAC model that defines clear roles and permissions, across all workflows and environments. It also allows you to audit every new deployment and revert back easily if needed.
When I talk about IDPs I tend to focus on how they drive the metrics that let you ship faster and better. But remember that an IDP is unique to your org, based on your needs.
Having looked at hundreds of setups, I can tell you that the IDP of a bank looks different to that of a shoe company. With platform engineering, you can make sure that security is of the same standard right across the board.
Quick bites
Out on community, the results of the Platform Engineering survey are out! Did you check them yet?
https://platformengineering.org/blog/results-are-in-the-2023-platform-engineering-survey
Articles that blew our minds:
- The 6 Pillars of Platform Engineering: Part 1 — Security - The New Stack, by Michael Fonseca
- https://www.linkedin.com/pulse/unifying-security-through-platform-engineering-martin-van-son/, by Martin van Son
On security, also this great talk at PlatformCon 2022:
Incorporating security into Platform Engineering: The Dos and Dont’s - PlatformCON 2022