Status
Three talks that have little in common at first glance: a live attack on a Microsoft tenant, an engineering toolkit built over fifteen years and a database provisioned in under ten seconds. TechTalk #28 covered more ground than most, and that is exactly what made the evening stand out. As always, Thomas Hug, our CEO and founder, opened the evening with a short introduction before handing over to the three speakers.
“The Shift From Hack In to Log In”
Jan Brons and Marc Willaredt from Kleeo GmbH are cybersecurity consultants, and they walked us through a shift that many organisations are only just starting to recognise. Attacks have moved on: human passwords are often still the entry point, but the real target today is what are called Non-Human Identities (NHIs). These are all identities that do not belong to people but to systems: API tokens, OAuth apps, service accounts, CI/CD pipelines and AI agents.
The risk is real. NHIs cannot be protected with MFA, often hold broad permissions, have no clear owner and are rarely reviewed. The concrete example was the Microsoft breach of 2024, where attackers gained access to executive emails by exploiting a forgotten test account and a misconfigured OAuth app. Marc reproduced the same flow live in a test tenant, from a compromised app secret to reading a mailbox in a matter of minutes.
The key takeaways: NHIs with privileged access deserve the same attention as privileged user accounts. Permissions should be minimal, and NHIs should never be able to grant permissions to other identities. Regular reviews of these identities are something most organisations still do not do at all.
For us as an infrastructure provider, this topic is directly relevant. Kubernetes clusters, CI/CD pipelines and AI integrations create new NHIs every day. Awareness needs to grow, within our own teams and across our customers.
“How to Navigate Complex Systems Using Non Software Toolkit”
Florian Sommerfeldt is a test and software engineer with fifteen years of experience across banking, e-commerce and public transport. His talk was not a framework pitch but a personal toolkit he has built over those years.
The starting point: software does not get less complex. The easier a system is for users, the more complexity is hidden behind it. Florian draws a distinction between “simple” (few moving parts, but hard to use) and “easy” (convenient, but internally highly complex). That tension shapes every modern software stack.
His tools are accessible but effective. Questionnaires, structured lists of questions, help with onboarding into new projects or when analysing the impact of a feature: what do I know, what am I assuming, what am I missing? Personas structure not only end-user expectations but also those of internal stakeholders like operations teams and customer support. Feature maps are mind maps that reveal what a feature actually does in full. Florian had used Gmail every day for years and was unaware of most of its functionality until he created one of these maps. The compose window alone has far more capabilities than are visible at first glance.
One point that particularly resonated with us: Florian closed with a note on AI. AI assistants perform better when given structured, context-specific knowledge. The tools he presented are therefore not only useful for human teams, but also good preparation for working effectively with AI tools.
“Zero to SELECT: Providing Databases in 10 Seconds”
The closing talk came from Daniel Wilhelm and Marco Streich, both from our own managed services team. They used the TechTalk to announce a new product tier and proved live that the title was not an exaggeration.
For context: we have been running managed databases for over fifteen years. We currently manage around 730 instances totalling more than 15.5 terabytes. That works reliably, but there was a gap. For small applications on Deploio or CI/CD pipelines that just need a quick database, the previous setup, with provisioning times of up to ten minutes, was overkill.
The answer is Economy Databases. Postgres or MySQL, up to ten gigabytes, ready in under ten seconds. Via nctl, our CLI tool, or directly in Cockpit. A new feature is credential injection: access details are automatically injected into Deploio apps, removing the need to copy secrets around manually.
The technical foundation is pragmatic reuse. Rather than building new infrastructure from scratch, the team extended the existing business database systems with a Kubernetes reconciler that handles schema and user management in the background. What looks like a new product to customers is technically an extension of a proven stack.
Still in progress: automated restore via a single click in Cockpit, notifications when a database is nearly full, and simplified user management for the business tier as well. The philosophy behind it fits our broader approach: start small on a production-grade stack, and migrate when you need to, without losing your data.
Find out more about our managed databases and the new Economy Databases on our product page. Questions about any of the topics from the evening? Get in touch. We announce the next TechTalk on our channels, including our Meetup group «TechTalk @ Nine».
