I'm trying to understand if it's common practice to have a setup where I host our own cloud environment and then allow a vendor access to our AWS account to implement solutions for our banking system. Specifically, the vendor would push their changes directly to our User Acceptance Testing (UAT) environment using their own deployment pipeline. What are the main controls and risks I should consider in this arrangement?
3 Answers
Honestly, that doesn't sound like a very safe model. Giving a vendor direct access to your UAT where they can push changes without strict oversight can lead to a lot of issues. You definitely want to have tight controls and regular audits to ensure nothing sketchy is happening in your environment.
I would just call it the 'I'm confused' model! It raises a lot of questions about accountability and security. If the vendor can access everything directly, what's to stop them from pushing untested or harmful code?
I totally agree with you! Allowing a vendor to bypass your systems to do their own thing just opens the door for potential security and compliance issues. It's better to keep a tighter control on any development activity within your cloud.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads