A Startup where Nobody has Root
If I were to start a startup today I would aspire to ensure nobody in the organization has root on anything. This is my information security dream. This might sound crazy to people, but let me explain.
Root access means you can make any changes to the computer you want. Developers commonly take actions as root using sudo. This is a lot of power, and things can go really wrong. If your computer is “rooted,” or compromised to the point where an attacker has root access, your organisation is (to use the technical lingo) completely fucked from the inside.
How would this work in practice?
On the server side, using Google App Engine or Heroku you can avoid needing root access both on the server and in your development environment.
On the work computer side, the best way I can think of avoiding this is giving everybody Chromebooks. The hardest part of this plan would likely be convincing developers to switch away from using MacBook Pros. This is not something I attempt to cover in this post. The developer workflow would involve using Termux, SSHing into machines, or using a web-based IDE like cloud 9.
This wouldn’t prevent all possible attacks on the organization, but it would prevent things like keyloggers and persistent malware. It would also significantly hinder an attacker’s lateral movement.
Once everything in the company is root-less, this post about hardening your Google apps goes further into preventing attacks in a cloud-only environment.