Nebulon, Inc., has announced Two-Person Commit to enhance organizational zero trust management related to Nebulon solutions. Two-Person Commit is a security policy that has its origins in military protocol and protects organizations from accidental or malicious destructive actions by providing an additional layer of security for Nebulon-based clusters or groups of clusters.
Once a user enables the Two-Person Commit security policy, certain operations in the cluster group must be approved by two people in the organization, including deleting clusters, volumes, snapshots, and disabling the security policy.
Nebulon’s Two-Person Commit policy includes three parties: ‘requestor’, the user that requested an action, ‘approver’, a user that is approving the request, and ‘arbitrator’, the Nebulon customer satisfaction team. The role of the arbitrator is to ensure that the requestor and approver are distinct individuals. Without an arbitrator, an administrator could create a secondary (virtual) user account to approve their own requests.