Global Security Practices¶
System users management¶
Users privileges, accounts and SSH keys are managed by our Ansible playbooks.
Adding a new user or removing an outgoing employee is fully automated.
Global password management¶
We use a password manager to share all passwords, secrets and keys between related teams.
Passwords are never shared by another way.
Sharing is managed according to our groups and hierarchy policies set by the Toucan Toco administrators.
Toucan Toco’s hardwares hardening¶
All employees’ mobile devices are enrolled in our Mobile Device Management system which imposes a set of rules like to have a lock screen, to encrypt the partition.
Toucan Toco administrators can also erase any mobile devices remotely.
Computer’s data partition for all the product team are all encrypted.
Office accesses are only granted by building badges.
All building badges got an uniq ID associated to each employee or visitor.
A leaving procedure has been written and is systematically applied when an employee is leaving.
This procedure includes:
- retrieving building badge
- disabling email, password manager and SSO accounts
- removing data on laptops and mobile devices
- removing access to the infrastructure (if the employee is an admin)
This procedure is regularly updated and challenged.
A large part of this procedure is fully automated by our Ansible playbooks.
We regularly challenge and test what we do, create and manage.
For example, we test our backup restoration process every month.
We also audit our infrastructure and our application security every year by external ressources.
All audits are made on our current master version which is available on demo.toucantoco.com.
Please note demo.toucantoco.com is a real production instance with fake data, we apply the same security and monitoring policies to all our production.