Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> in a tech company there's always going to be a significant number of people with direct access to the raw data.

Why?

I've worked for a few large tech companies that handled very sensitive customer data, and they didn't allow unsanitized access to it by a significant number of people. Typically (on the dev side, anyway), there was a small designated team (less than 10 people) who were the only ones who had such access. Any dev work that absolutely required access to that data -- which was very rare -- was performed by that team.



It's not like this at smaller companies. It's anything goes.

I worked at one place that had the development network permanently VPN'd into prod. One day, a developer accidentally configured his local environment to connect to a production queue and database. It was like this for over a week.

A previous company didn't bother with the VPN. They had an AWS environment that predated VPC, so SSH and many other service ports were open to the office IP addresses. And several people's homes, for remote work.


> It's not like this at smaller companies. It's anything goes.

It depends on the company (as with large ones, apparently). I currently work for a small company, and it is no less diligent about this stuff than the major companies I've worked for.


Those large tech companies probably had a team or teams of people whose job is to look after the backups for production servers.

Backups generally have "god mode" access (best description) as they need to backup and restore not just filesystem data, but the audit log data as well.

Most (corp) places I worked, the developers and SysAdmin's working on production servers gave little thought to the backup component apart from making sure the software is installs and runs. ;)




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: