Segregation of Duties, or sometimes separation
of duties, is an internal control that requires
multiple people to perform a task.
Segregation of Duties has two primary effects:
First, it reduces fraud by requiring collusion
between multiple people. Having multiple people
involved in crime makes it easier to detect
and harder to conceal.
Second, it reduces the chance of error, and
thus improves the integrity of the data and
systems.
You can think of Segregation of Duties using
the nuclear missile analogy. In this example,
the system issues two different people with
different launch keys, the first arms the
warhead and the second launch the missile.
This co-dependency between the two keys means
Commander Alice and Commander Bob must both
enter their launch keys at the same time to arm and launch the nations nuclear arsenal.
Typically in the world of business and technology
segregation of duties isn't quite as life-threatening
as launching a nuclear missile. However, it
is no less critical, given the threat of identity
theft and fraud.
A great example of implementing Segregation
of Duties is GitHub's Pull Request system.
The rules of this system are as follows:
First, developers may not commit directly
to the master branch.
Second, developers may only merge a branch
to master as part of a Pull Request.
Third, Pull Requests must pass all checks.
Finally, Rull Requests must receive approval
by at least one person not involved in the
creation of the pull request.
By implementing these rules using GitHub's
permissions model, and potentially a CI/CD
platform like Jenkins or GoCD means that to
make any change to code more than one person
must be involved.
Part of the reason GitHub's Pull Request system
has been so successful is that it empowers
individual contributors to deliver business
value safely, rather than creating bottlenecks
by requesting manager, security or operations
approval to make a change to the code base.
Thank you for watching this video. Did you
like it? Use the thumbs up, thumbs down controls
to let me know. While you are at it why not
leave me a comment and tell me what you would
like to see in future videos.
I release videos every week so hit the subscribe
button to avoid missing out.
Do you know someone who would like this video,
go ahead and share it on your favourite social
network, make sure you tag me so I can follow
the conversation!
