Securing Innovation in the Cloud: Best Practices for Remote Development Teams | CSO Online
Cloud architects are tasked with important responsibilities. They work to conceptualize and build an infrastructure that enables new product development, the creation of new service models, and the emergence of new capabilities powered by connected and intelligent systems.
This infrastructure serves as the heart of your organization’s innovation engine, whether that infrastructure resides partially on-premises and partially in the cloud or in an entirely cloud-based environment. Those assets and intellectual property represent the future of your business.
At Forcepoint, we focus on supporting cloud architects by providing them with easy-to-use and effective ways to manage security across Amazon Web Services (AWS) development environments, as well as within the cloud-based collaboration hubs that help developers write, share, and test their code—no matter where your development team is located.
Protecting your cloud development environment
When it comes to security and compliance, major public cloud providers operate according to a shared responsibility model: The cloud provider assumes responsibility for the infrastructure, while the customer is responsible for securing their own applications, configurations, and data. Though cloud providers do offer native identity and access management and security controls, these don’t always offer the flexibility or granular policy management capabilities required to protect apps, configurations, and data. That’s why we partnered with AWS to integrate Forcepoint Data Loss Prevention (DLP) and cloud access security broker (CASB) solutions into the AWS Security Hub.
Deploying a CASB solution over your AWS instance enables you to implement additional layers of access control to protect your development environment from accidental or malicious service disruption. If a privileged user account is compromised (or that employee becomes disgruntled), it’s easy to stop an elastic computer service or delete and modify data within cloud storage. CASB can provide your security team with additional authentication requirements for critical logins. It also provides enhanced visibility into user activities across the AWS instance, letting you see who’s accessing which resources, and how they’re using them.
Protecting source code from exfiltration
Cloud-based repository hosting services like GitHub and Bitbucket are widely used by software developers all over the world. These collaboration tools allow developers to store, access, and share code, showcase their skills, and learn from others. It’s important to remember that most members of your development team may have personal instances of GitHub. An important first step in security is to create a corporate instance. From there, implement access control tools—such as a CASB—to prevent users from logging into personal GitHub instances from their corporate desktop.
In addition, DLP helps protect invaluable assets like source code stored on AWS. If a user attempts to copy fingerprinted files to GitHub, DLP can block that action entirely. In fact, it can prevent users from moving any data outside AWS—providing protection for both structured and unstructured types of data. When it comes to protecting important intellectual property, the ability to monitor and control data movement from cloud to endpoint is critical. And it’s even more important if your development team works remotely.
It’s not uncommon for penetration testers to discover backdoors, unencrypted passwords, or other exposed vulnerabilities in enterprise software applications when they search public code repositories in GitHub. Developers are often under pressure to work quickly, and may become distracted while multitasking. They might export code accidentally, without realizing the action would enable the infiltration of an application that would soon move into production. Data Protection provides an additional safeguard against this sort of error—which, because it takes place unconsciously, is otherwise difficult to prevent.
Whether they’re working from home or anywhere in the world, development teams—and the software and services they build—hold the key to the future of your business. You can enable their ability to innovate by allowing them to take advantage of the collaboration tools they choose—while also securing your data and protecting priceless intellectual property.
It’s up to you to scale your security strategy to protect people and data wherever work happens. And Forcepoint is here to help. about what you can do now to protect your remote work environment.