01
Zero clear‑text secrets in production.
No application reads a credential from a configuration file. Every application authenticates via AppRole and pulls a short‑lived token. Database access uses dynamic credentials issued by Vault.
Augmenta Cyber Security Ltd is a private cyber security firm headquartered in Gaborone, Botswana. Every control we operate is identity-bound, every privileged action is logged with an attributable user, and every secret is short-lived.
The cyber security industry trades heavily on opaque assurance. We do not. Every control we operate is identity‑bound, every privileged action is logged with an attributable user, and every secret is short‑lived.
Our clients receive a service that is not only effective, but explainable - to their boards, their auditors and to the regulators in the markets they operate in.
We have developed one hierarchy for platform administration and a separate, parallel hierarchy for CSOC operations. This segregation of duties is hard-coded to prevent conflicts of interest; it protects the organisation against both accidental human errors and intentional fraud, and provides objective proof to auditors and regulators that the internal controls are fail-proof.
When a client engages us, the controls below are the ones we run inside our own Centre - not a checklist we hand over to you. Every important action our operators take on your behalf is recorded, digitally locked against tampering (HMAC), and shipped to a master security control room (SIEM). When data is viewed or changed, our system produces a paper trail showing exactly who did what, where, when, and how.
To stop conflicts of interest, we run a Segregation-of-Duties check every week and rotate high-security passwords every three months. None of this depends on our people remembering to do it - the schedule is automated and every cycle is documented in our official company procedures, ready for your auditors to inspect.
| Static credential rotation check | Weekly |
| Segregation‑of‑Duties audit | Weekly |
| Audit log shipping health | Continuous |
| Manual rotation cycle | Quarterly |
| Raft snapshots, off‑host | Nightly |
| Disaster recovery rehearsal | Bi‑annual |
No application reads a credential from a configuration file. Every application authenticates via AppRole and pulls a short‑lived token. Database access uses dynamic credentials issued by Vault.
There is no shared analyst account. Human access is mediated by LDAP against Active Directory; AD group membership determines policy, not convention.
Every privileged action is logged with attribution and shipped off‑host. If audit logging fails, the platform fails closed.
Triage, alerting, credential rotation, and configuration audit are automated. Analyst time is spent on judgement; not on chasing tasks that a machine can do reliably.
Call us and we’ll walk you through our governance framework, role-to-policy mapping and a sanitised audit log under NDA.