👋 Welcome to Corporate Security, we're glad you're here! You may also know us as the former IT Operations team that moved from the Finance to Security division in early 2024.
## Need Help?
Please try exploring the following pages to see if your question has been answered in the handbook pages. If not, please ask in the `#it_help` channel and one of our Support Analysts will reply as soon as possible.
As a remote company, we do not have office buildings, physical datacenters, or other traditional IT environments. All of our team members are issued a laptop that they use to work from home or on the road. Although our engineering and product teams are building software that is deployed on AWS and GCP, almost all of our corporate software is vendor-managed software-as-a-service (SaaS). Although this results in a simpler physical threat landscape, the cybersecurity threat landscape is vast and still requires a lot of attention to do it right.
Our mission is to empower our employees to be productive with the technology provided by the business, enable the business to be successful, protect our customers and their data, and provide internal security for GitLab (the company) and our team member's use of GitLab (the product).
GitLab is both a company and a product. The Corporate Security department focuses on protecting the technology that the company uses to conduct business internally, and provides the hardware, software, and tools that our team members need to get their job done. We have a 24x5 technical support helpdesk for team members and have engineers that configure and maintain many of our company-wide tech stack applications. We also invest heavily in device trust and identity management to provide the highest level of security assurance for the administrators of our product and ensure all appropriate controls are in place when handling customer data.
### Prime Directive
- Safeguard our organization's digital assets, ensuring the integrity, confidentiality, and availability of all data.
- Implement robust security measures, fostering a culture of awareness and compliance among employees, and continuously monitoring and enhancing our information technology systems to protect against evolving threats.
- Leverage the GitLab platform (dogfooding) to assist us in the securing of GitLab.
- Provide reliable, secure and efficient IT and Security engineering, innovation, and services with Zero Trust principals to support cross-functional organizational goals
### Scope
- Architecting next-generation automation and integration between security-related systems that provides data consistency, reliability, strong security, and auditability.
- Building relationships with cross-department system owners and proposing solutions to ensure our tech stack applications conform to our latest security best practices
- Consolidating and refactoring legacy tech debt
- Designing processes and choosing software tools that improves back office automation or mitigates security risks
- Escalation engineering and crisis response for leadership teams
- Factor in cost, security, compatibility, maintainability and user experience when making decisions
- Growing other team members’ skill sets through mentorship to improve operational efficiency and encourage professional development
- Handbook documentation for processes and systems architecture
- Identity and access management (IAM)
- Joint collaboration with process and system owners across the company for improving automation efficiency, security posture, and vulnerability management
- Keeping leaders and stakeholders informed of next-gen initiatives and contributing to creating automated analytics for day-to-day IT and Security operations
- Leading innovation opportunities between several teams with a willingness to experiment and to boldly confront problems of large complexity and scope
- Making technical decisions on behalf of the department and organization while providing presentation support to leaders during technical discussions
- New tech stack (vendor) application onboarding and provisioning
- Policy and configuration management for organization-wide applications and systems that we manage
- Role-based access control (RBAC)
- Shipping laptops to new team members and refreshing older models
- Tech support for team members and temporary service providers
- User experience and productivity optimization for internal software and tools
- Vulnerability and malware risk mitigation
- Workflow automation for employee lifecycle
- X-Men, we are. Always be saving the day with a smile on your face!
- Yesterday's problems are tomorrow's opportunties for iteration
- Zero trust implementation
### Direction and Strategy
- (Internal) [CISO Multi-Year Information Security Goals and Priorities](https://internal.gitlab.com/handbook/security/information_security_goals_and_priorities/)
- (Internal) [CorpSec Direction and Strategy](https://internal.gitlab.com/handbook/security/corporate/direction)
- (Internal) [CorpSec OKRs and Roadmap](https://internal.gitlab.com/handbook/security/corporate/roadmap)
- (Internal) [CorpSec Projects and Initiatives](https://internal.gitlab.com/handbook/security/corporate/projects)
IT Ops has an automated workflow that triggers upon a notification from PeopleOps of a team-member offboarding. This automated workflow is composed of 2 parts that are outlined below. The first part happens within 1 hour of the offboarding. The second part occurs after 90 days of the offboarding. This workflow will send out notifications throughout this 90 day period to let the Former Team member's manager know that the final deadline is approaching.
#### These are the steps that follow immediately upon termination of a team-member
- The former team-member (FTM) is removed from all Google groups
- The former team-member (FTM) is locked from access to their laptop
- The former team-member (FTM) is removed from access to all GitLab provisioned services linked to their Okta account
- The former team-member (FTM) is removed from access to all GitLab provisioned services not linked to their Okta account
- Unless there is a legal hold on their laptop, the laptop is securely wiped
- The FTM’s manager is setup as a delegate to their Gmail and Google Calendar
- The FTM’s manager gains editor privileges to all “My Drive” Google Drive Files
- The FTM’s account is moved to the Former Team Members OU
- Remove the FTM account from the Global Address List
- All of the account’s sign in cookies/sessions are cleared and the account password is reset to a random 64 character password
- The account’s recovery email is set to null
- The account’s recovery phone number is set to null
- The FTM’s auto-response email message is setup.
#### These are the steps that follow after the Former Team Member has been gone for 90 days
- All of the former team-member (FTM) aliases are removed
- Archive of all Google Drive files in the users My Drive that are marked as owner
- These are saved in the Offboarded Users Drive Archive
- Each user has their own folder in the following format
-<emailUsername>_google_drive
- The FTM’s account is suspended
- The FTM’s account will be moved to NoGSuiteLicense OU
- The Google Workspace License is removed from the account
#### The following notifications will be sent out to the FTM’s manager and IT over Slack
**Immediate Slack notification:**
> Hello `<Manager Firstname>``<Manager Lastname>`, you are receiving this notification to let you know that one of your direct reports `<Firstname>``<LastName>` has been deprovisioned from GitLab’s Google Workspace. In keeping with our standard offboarding policy you will receive a copy of this user’s Google Drive data as well as delegated access to their email and calendar account. This delegate access will remain available to you for 90 days after which the account will be closed, and all data will be archived. Please be sure to copy anything you wish to keep to your own account before this time. For more information about how to access this data please see information in this Handbook page (provide link).
>
> You will receive another notification 30 days before and then a final notification at 1 week before this account is closed. If you have any questions about this process, or need assistance with access the data, please feel free to reach out to the Corp IT team in the #it_help Slack channel.
**30 Days Slack notification**
> Hello `<Manager Firstname>``<Manager Lastname>`, you are receiving this notification to let you know that one of your direct reports `<Firstname>``<LastName>` was deprovisioned from GitLab’s Google Workspace 60 days ago. In keeping with our standard offboarding policy you will continue to have delegated access to their email and calendar account for another 30 days after which the account will be closed, and all data will be archived. Please be sure to copy anything you wish to keep to your own account before this time. For more information about how to access this data please see information in this Handbook page (provide link).
>
> You will receive another notification at 1 week before this account is closed. If you have any questions about this process, or need assistance with access the data, please feel free to reach out to the Corp IT team in the #it_help Slack channel.
**7 Days Slack notification**
> Hello `<Manager Firstname>``<Manager Lastname>`, you are receiving this notification to let you know that one of your direct reports `<Firstname>``<LastName>` was deprovisioned from GitLab’s Google Workspace 83 days ago. In keeping with our standard offboarding policy you will continue to have delegated access to their email and calendar account for another 7 days after which the account will be closed, and all data will be archived. Please be sure to copy anything you wish to keep to your own account before this time. For more information about how to access this data please see information in this Handbook page (provide link).
>
> This is the final notification. If you have any questions about this process, or need assistance with access the data, please feel free to reach out to the Corp IT team in the #it_help Slack channel.
**Final Slack notification**
> The GitLab Google Workspace account for `<Firstname>``<LastName>` has been archived after 90 days as per our standard offboarding policy.
When you ask for help in the `#it_help` channel, this automation will automatically create a new GitLab issue that creates a long term record of your support request, while providing the ease-of-use of a Slack thread.
Each comment in the Slack thread is added to the GitLab issue.
This allows us to dogfood GitLab, and also link to related GitLab issues if additional triage is needed or we are cross-linking the audit trail of change management activity, laptop requests, etc.
Thank you for your interest in the direction of Corporate Security. See the internal handbook for our [direction](https://internal.gitlab.com/handbook/security/corporate/direction) and [roadmap with OKRs](https://internal.gitlab.com/handbook/security/corporate/direction).