Canary Technologies

Lead Engineer – Platform, Full-time
Tags:
Categories:

Canary Technologies is an industry leader in hospitality management systems.

Strengthening Security and Access Control at Canary Technologies

Canary Technologies prioritized enhancing the security of their AWS environment and controlling access to critical resources. Trip In Tech co-founder, Wael, was engaged to implement a robust access control system and ensure comprehensive auditability. His key contributions included:

Implementing Secure Authentication with Google SSO

To eliminate the security risks associated with managing individual AWS credentials, Wael:

  • Integrated Google SSO for AWS Access: Configured single sign-on (SSO) using Google Workspace, allowing employees to access AWS resources securely with their existing Google accounts.

  • Enforced Read-Only Access for Most Users: Implemented policies to grant read-only access to the majority of users, preventing unintended modifications to critical infrastructure and data.

  • Established Granular Access Control for Specific Roles: Defined specific roles with appropriate permissions for administrators and on-call engineers, ensuring they had the necessary access to perform their duties.

This transition to Google SSO significantly improved Canary Technologies' security posture by centralizing authentication and enforcing least privilege access.

Securing and Auditing Django Shell Access

To further enhance security and control access to sensitive data within their ECS-based applications, Wael:

  • Implemented Role-Based Access Control for Django Shell: Configured role-based access control for the Django shell, restricting access based on user roles.

  • Enforced Read-Only Access for Standard Users: Granted standard users read-only access to the Django shell, preventing accidental or unauthorized modifications to production data.

  • Granted Read-Write Access to Authorized Personnel: Granted administrators and on-call engineers read-write access to the Django shell when necessary, enabling them to perform critical tasks and troubleshoot issues.

  • Enabled Comprehensive Audit Logging for Django Shell: Implemented audit logging to track all Django shell activity, including user logins, commands executed, and data accessed. This ensured accountability and provided valuable insights for security monitoring and analysis.

This granular access control mechanism, coupled with comprehensive audit logging, ensured that sensitive data was protected while still allowing authorized personnel to perform their required tasks.