Securing Internal Applications

Show notes

Key topics on Access Control Podcast: Episode 10 - Protecting Internal Apps at Figma

  • In hyper growth companies, hyper growth itself is one of the key assets that need to be protected.
  • It's important not to draw too many lines between security roles in different subfields (securing engineering, data security, production security) since there are increasingly crossover points between infrastructure, security, and application security in the cloud age.
  • There are differences in how B2B and B2C companies think about scale and about compliance.
  • The desire to have nicely designed, effective internal web applications (such as a web UI to support various operations) is definitely growing. Figma decided to invest time in this area and built a really well-structured, effective approach early on.
  • Some functionality works best as a command line tool, and in certain cases, it’s the right approach.
  • Figma uses AWS for most of its cloud infrastructure, and uses Okta for employee authentication and authorization.
  • Application load balancers (ALBs) are powerful reverse proxies that Amazon provides as a service, basically giving you an API to configure them.

New comment

Your name or nickname, will be shown publicly
At least 10 characters long
By submitting your comment you agree that the content of the field "Name or nickname" will be stored and shown publicly next to your comment. Using your real name is optional.