Establishing Zero Trust out of the box at Enterprise scale

At most enterprises CIOs are already multiple waves into enforcing Zero Trust policy across their processes, configurations and teams. As a DevOps Lead, being responsible for juggling user empowerment and adherence to your executive’s policy across many SaaS tools can be tricky. This problem is especially challenging in incident management where highly sensitive data is being shared, incidents rely on multiple different types of team members, and response teams fluctuate from incident to incident. 

‍

How Blameless honors Zero Trust with role based access control

‍

To simplify this Zero Trust alignment while balancing team member empowerment we’ve released a set of carefully designed Role-Based Access Control groups available by default to administrators with every Blameless instance. When constructing these roles we considered: 1) What roles are most common in incidents? 2) What does a successful incident look like for this team member? and then 3) What access isn’t critical for them to be successful? The resulting groups are meant to make user access assignment intuitive and maximize successful incident management across many different users in Blameless while tightly restricting unnecessary data access. 

‍

These new groups are Observers, Responders, and Leads. Each group is equipped with their unique sets of hand selected permissions. At a high level they are:

• Observer: Users who participate in discussion and complete certain tasks. Minimum viable permissions.
• Responder: Users who are frequently participating or driving incident resolution in key roles.
• Lead: Users who are frequently incident commanders and have reliability management duties.

(Here is an exact breakdown of these new groups)

Example - How Blameless integrates Zero Trust

Let’s use an example to illustrate our best practice on getting to Zero Trust from day 1 with Blameless. 

You are Rachel the DevOps lead and functioning admin for multiple SaaS tools at a FinTech company. Your company recently partnered with Blameless to address critical challenges in your incident management process. You are responsible for onboarding 100s of users into your Blameless instance over the next few days while meeting your company’s Zero Trust policy. What should you do?

1. Assess the way you want your team to operate and the level of risk you can tolerate
2. Review this article and our docs to understand what these groups offer
3. We recommend setting Observer (minimum useful permissions) as your default group
4. Begin onboarding users, 100s of them :)
5. Every time a new user is added they’re automatically placed in your default, Observer group
6. Later you can decide to upgrade users to Responders, Leads or any custom group you like

That’s it. You are now meeting your company’s policy out of the box while allowing your teams to begin using Blameless!

(How to set default groups)

As we can see here with our example around establishing Zero Trust incident management out of the box, these new default groups make it intuitive to get started with the data access controls your enterprise needs. If you have any more questions about using Reliability Insights, please see our documentation or simply reach out to a member of the Blameless team. Want to see it in action? Schedule a demo today!

‍