Managing your teams server access while staying GDPR compliant
Unless you have been living under a rock the last few years, you will have come across the General Data Protection Regulation, or GDPR for short. A lot of it boils down to only saving the data you need from the user, allowing them to see and delete the data you store and making sure only the relevant people in your organisation has access to the data, and only when needed.
Accomplishing the latter point in an organisation can be tricky at best but couple that with new hires or leavers and it can make managing access to client data a real nightmare. Especially when you have a scenario where John (who manages one of your clients servers) goes off sick for a few days and you need Jane to cover for him. Jane only really needs access to that server temporarily.
Throw in a sprinkle of 10 to 20 client servers of applications and database and you can be in hell. Especially when 2 years after your remote worker Dave has left the company and you find his SSH key still on one of your servers!
After working in various agencies and teams over the last few years, myself and my co-founder have seen the above scenarios more times than we should have done. There must be a sensible, secure solution to this we said to each other. Now there is.
We’d like to introduce ServerAuth to the world and show you why it’s a great fit for you and your team.
Our main goal was to create ServerAuth in a way which would require as little information about your servers as possible while still providing the functionality needed (all we require is a label for the server and the server accounts that you wish to control via ServerAuth. We don’t need or even want to know the IP address of your server).
We accomplish this by asking you to installing an open source agent onto your servers and having that agent periodically call to our API to retrieve the authorized SSH keys you set via our control panel. We’ve been running a small scale proof of concept on this ourselves and it’s been working amazingly!
We’re hoping to have some more details soon on when we’ll be opening up ServerAuth for early access trials. If you’d be interested in trying it out be sure to add yourself to the mailing list on https://ServerAuth.com
