In this brief article we review the benefits of implementing such a migration using secure CDEs, in the context of a diverse, partly in-shore, near-short and off-shore development workforce.
Secure CDEs: Addressing Both Productivity and Security Concerns
The use of Cloud Development Environments (CDEs) allows the migration of coding environments online. Solutions range from using a self-hosted platform or a hosted service. In particular, the advantage of using CDEs with data security, i.e. secure Cloud Development Environments provide the dual benefits of enabling simultaneously productivity and security.
Examples given in this article are based on the CDE platform proposed by Strong Network. The implementation of CDE platforms is still in its infancy and there is no clear consensus on what should be the standard functionalities.
The approach taken by Strong Network is to have a dual focus, i.e. leverage CDEs from both a productivity and security standpoint. This is in contrast to using CDEs primarily as a source of efficiency. Embedding Security in CDEs allows for their deployment in Enterprise settings where security of data and infrastructure is a requirement.
Furthermore, it is possible to deliver via CDEs security mechanisms in a way that actually improves productivity as opposed to setting additional hurdles for developers. This is because these mechanisms aim at automating many of the manual security processes falling on developers in classic environments, for example the knowledge and handling of credentials.
The review of benefits in this article spans three axes of interest for organizations with structured processes. They also align with the main reasons for enterprise adoption of CEDs as suggested in Gartner's latest DevOps and Agile report. The reasons hover around benefits in centralized management, improved governance and opportunities for data security. We revisit these themes in detail below.
Figure - The positioning of Cloud Development Environments in Gartner's Technology Hype Curve, in comparison with Generative AI, is noteworthy. The emergence of this technology provides significant opportunities for CDE platform vendors to deliver innovative functionalities.
Streamline the Management Of Cloud Development Environments
Let's first consider a classic situation where developers each have the responsibility to install and manage their development environment on their devices. This is a manual, often time-consuming and local operation. In addition, jumping from one project to another will require duplicating the effort, in addition to potentially having to deal with interference between project’s specific resources.
Centralized Provisioning and Configuration
The above chore can be streamlined with a CDE managed online. Using an online service, the developer can select a development stack from a catalog and ask for a new environment to be built on demand, and in seconds. When accessing the platform, the developer can deal with any number of such environments and immediately start developing in any of them. This functionality is possible thanks to the definition of infrastructure as code, and lightweight virtualization. Both aspects are implemented with container technology.
Figure - The centralized management of Cloud Development Environments allows for remote accessibility and funnels all resource access through a single entry point.
Development Resources and Collaboration
Environment definition is only one of the needs when starting a new project. The CDE platform can also streamline access to resources, from code repositories to APIs, down to the access of secrets necessary to authenticate to cloud services.
Because using a CDE platform, coding environments are managed online, it opens to the possibility for new collaboration paradigms between developers. For example, as opposed to more punctual collaboration patterns such as providing feedback on submitted code via a code repository application (i.e. via a Pull-Request), more interactive patterns become available thanks to the immediacy of using an online platform.
Figure - Using peer-coding, two developers can type in the same environment, for example in order to collaboratively improve the code during a discussion via video-conference.
Some of the popular interactive patterns explored by vendors are peer-coding and the sharing of running applications for review.
Peer-coding is the ability to work on the same code at the same time by multiple developers. If you have used an online text editor such as Google Docs and shared it with another user for co-editing, peer-coding is the same approach applied to code development. This allows a user to edit someone else's code in her environment.
When running an application inside a CDE-based coding environment, it is possible to share the application with any user immediately. In a classic setting, this will require to pre-emptively deploy the application to another server, or share a local IP address for the local device, provided this is possible. This process can be automated with CDEs.
Cloud-Delivered Enterprise Security Using Secure CDEs
CDE are delivered using a platform that is typically self-hosted by the organization in a private cloud or hosted by an online provider. In both cases, functionalities delivered by these environments are available to the local devices used to access the service without any installation. This delivery method is sometimes referred to as Cloud-delivery. So far, we mentioned mostly functionality attached to productivity such as the management of environments, access to resources and collaborative features.
In the same manner, security features can also be Cloud-delivered yielding the additional benefit of realizing secure development practices with CDEs. From an economic perspective, this becomes a key benefit at enterprise-level because many of the security features managed using locally installing endpoint security software can be reimagined. It is our opinion that there's a great deal of innovation that can flourish by rethinking security using CDEs. This is why the Strong Network platform delivers data security as a core part of its functionalities.
Figure - Using secure Cloud Development Environments, the data accessed by developers can be protected using different mechanisms enabled based on context, for example based on the status of the developer in the organization.
Why Development Data Requires Security
Most if not all companies today deliver some of their shareholders value via the development of code, the generation and processing of data, and the creation of intellectual property likely through the leverage of both aforementioned resources. Hence, the protection of the data feeding the development workforce is paramount to run operations aligned with the shareholders’ strategy.
Unfortunately, the diversity and complexity from an infrastructure perspective of the development processes often makes the protection of data an afterthought. Even when anticipated, it is often a partial initiative based on opportunity-cost considerations.
In industries such as Banking and Insurance where regulations forbid any shortcuts, resorting to remote desktops and other heavy, productivity-impacting technology is often a parsimoniously-applied solution.
When the specter of regulation is not a primary concern, companies making the shortcuts may end up paying the price of a bad headline, in a collision-course with stakeholder interests. In 2023, security-minded company Okta leaked source code, along with many others such as CircleCI, Slack, etc.
The Types of Security Mechanisms
The opportunity using CDEs to deliver security via the Cloud make it efficient because, as mentioned previously, no installation is required, but also because:
- mechanisms are independent from the device’s operating system;
- they can be updated and monitored remotely;
- they are independent from the user’s location;
- they can be applied in an adaptive manner, for example based on the specific role and context of the user.
Regarding the type of security mechanisms that can be delivered, these are the typical ones:
- Provide a centralized access to all the organization resources such that access can be monitored continuously.
- Centralized access enables the organization to take control of all the credentials for these resources, i.e. in a way that users do not have direct access to them.
- Implement data loss prevention measures via the applications used by developers such as the IDE (i.e. code editor), code repository applications, etc.
- Enable real-time observability of the entire workforce, via the inspection of logs using a SIEM application.
Conclusion: Realize Secure Software Development Best-Practices with Secure CDEs
We explained that the use of secure cloud development environments jointly benefits both the productivity and the security of the development process.
From a productivity standpoint, there's a lot to gain from the centralized management opportunity that the use of a secure CDE platform provides.
From a security perspective, delivering security mechanisms via the Cloud brings a load of benefits that transcend the hardware used across the developers to participate in the development process. In other words, the virtualization of development environment delivery is an enabler to foster the efficiency of a series of maintenance and security operations that are performed locally. It brings security for software development and allows organizations to implement secure software development best-practices.
This also provides an opportunity to template process workflows in an effort to make both productivity and security more systematic, in addition to reducing the cost of managing a development workforce.
All material in this text can be shared and cited with appropriate credits. For more information about our platform, please contact us at hello@strong.network
Copyright © 2020-2024 Strong Network All rights reserved.
Top comments (0)