Break Glass Protocol

How to create a break-glass protocol with Apono Access Flows

Intro

Break Glass Protocol or Procedure: Granting Emergency Access to Critical Systems. Break glass (which draws its name from breaking the glass to pull a fire alarm) refers to a quick means for a person who does not have access privileges to certain information to gain access when necessary.

In case of emergency, like a production incident or downtime, we want to have quick ways to give respondents elevated, admin access to investigate and fix the issue.

Usually, break glass protocol applies to highly sensitive environments or resources or to very powerful permissions, which is why you want good protections and workflows around it.

If you're working with PagerDuty, OpsGenie, VictorOps, Jira or any other incident response/on-call tool, this is for you.

Interested in Break Glass Protocol? Read more from Yale here.

How to create a break glass protocol

With Apono, you can easily create "break glass" Access Flows that would enable developers-on-duty to and incident responders to mitigate issues quickly, and without compromising on security.

  1. Integrate Apono with your on-call/incident response tool to continuously sync Shift members:

  1. Create Bundles for your sensitive environments and resources.

  • These can be cloud environments, databases, servers, machines, apps, pods, and more.

  • Bundles can represent a job to be done, an environment or app to fix, a customer tenant, or any other scope that helps on-call developers access what they need in an emergency.

  • Change to your environment or stack? Add anything to your bundle and it will affect all break glass Access Flows. Read more about dynamic access management here.

  1. Set the Break Glass protocols:

    1. Create an Access Flow

    2. Insert the relevant bundle

    3. Set the requester as the on-call shift

    4. Set the approver to automatic

  2. Developers-on-duty can now request access quickly in Slack, Teams or CLI

Developers need access outside working hours?

Set access flows with on-call shift members as approvers, and they can approve access to their peers

Automatic access grant triggered by incidents

Want developers on duty to gain access even faster?

Trigger an Apono break glass Access Flow when a new incident is created in your incident response tool

Audit and Security

Even during crisis, you don't want to compromise on your compliance and security.

That's why with Apono:

  1. All Access Requests are logged and audited, including automatic access.

  2. Every Access Request can trigger a ticket to be created in your ITSM.

  3. Admins and developers-on-duty can revoke access at any time.

  4. You can set the access time from minutes to hours, so that access is short-lived.

  5. Even during on-call incidents, you can still require approval by groups, shifts, managers or individuals.

Last updated