Controlling access to a database is a solved problem… right? It can be straightforward for small teams and a small number of storage engines, but once either or both of those start to scale then things quickly become complex and difficult to manage. After years of running across the same issues in numerous companies and even more projects Justin McCarthy built strongDM to solve database access management for everyone. In this episode he explains how the strongDM proxy works to grant and audit access to storage systems and the benefits that it provides to engineers and team leads.
Your data platform needs to be scalable, fault tolerant, and performant, which means that you need the same from your cloud provider. Linode has been powering production systems for over 17 years, and now they’ve launched a fully managed Kubernetes platform. With the combined power of the Kubernetes engine for flexible and scalable deployments, and features like dedicated CPU instances, GPU instances, and object storage you’ve got everything you need to build a bulletproof data pipeline. If you go to dataengineeringpodcast.com/linode today you’ll even get a $100 credit to use on building your own cluster, or object storage, or reliable backups, or… And while you’re there don’t forget to thank them for being a long-time supporter of the Data Engineering Podcast!
- Hello and welcome to the Data Engineering Podcast, the show about modern data management
- When you’re ready to build your next pipeline, or want to test out the projects you hear about on the show, you’ll need somewhere to deploy it, so check out Linode. With 200Gbit private networking, scalable shared block storage, and a 40Gbit public network, you’ve got everything you need to run a fast, reliable, and bullet-proof data platform. If you need global distribution, they’ve got that covered too with world-wide datacenters including new ones in Toronto and Mumbai. Go to dataengineeringpodcast.com/linode today to get a $20 credit and launch a new server in under a minute.
- Go to dataengineeringpodcast.com to subscribe to the show, sign up for the mailing list, read the show notes, and get in touch.
- To help other people find the show please leave a review on iTunes, or Google Play Music, tell your friends and co-workers, and share it on social media.
- Join the community in the new Zulip chat workspace at dataengineeringpodcast.com/chat
- Your host is Tobias Macey and today I’m interviewing Justin McCarthy about StrongDM, a hosted service that simplifies access controls for your data
- How did you get involved in the area of data management?
- Can you start by explaining the problem that StrongDM is solving and how the company got started?
- What are some of the most common challenges around managing access and authentication for data storage systems?
- What are some of the most interesting workarounds that you have seen?
- Which areas of authentication, authorization, and auditing are most commonly overlooked or misunderstood?
- Can you describe the architecture of your system?
- What strategies have you used to enable interfacing with such a wide variety of storage systems?
- What additional capabilities do you provide beyond what is natively available in the underlying systems?
- What are some of the most difficult aspects of managing varying levels of permission for different roles across the diversity of platforms that you support, given that they each have different capabilities natively?
- For a customer who is onboarding, what is involved in setting up your platform to integrate with their systems?
- What are some of the assumptions that you made about your problem domain and market when you first started which have been disproven?
- How do organizations in different industries react to your product and how do their policies around granting access to data differ?
- What are some of the most interesting/unexpected/challenging lessons that you have learned in the process of building and growing StrongDM?
- From your perspective, what is the biggest gap in the tooling or technology for data management today?
- Authentication Vs. Authorization
- Hashicorp Vault
- Configuration Management
- SSO (Single Sign On
- SOC 2
- Two Factor Authentication
- SSH (Secure SHell)