Enhance controls, auditing for SRE access to devices/data
Edit: This is still a discussion and there is no policy confirming this yet.
We need to enhance our ability to make guarantees to enterprise customers that individuals with high-levels of access are prevented from potential malicious and destructive behavior. And that our ability to prevent or track such behavior will pass customers' compliance needs.
Example of first iteration:
- Require Bastion for prod access
- Log all commands
- Audit at some frequency
- Document process
CC @sytses