|
|
|
|
|
|
by aequitas
1829 days ago
|
|
|
A lot of companies allow RPi's or Nuc's to be installed into the network by teams to setup interactive scrum boards and (CI) monitoring displays. For this reason they are littered with (personal) access tokens with broad permissions on CI and other important systems. Most of the time these have barely any configuration management or security best practices as the teams want to manage these themselves (Devops is what the developers call it, but there is hardly any Ops in there). Often this initiative comes from the actual Ops not being able to provide the services the developers need, for whatever technical or political reason . |
|
|