Why and How We Made Cloud Development Environments Secure

This article is a short story of why and how my co-founder and I created the first Secure Cloud Development platform to jointly address the efficiency and security challenges of cloud-native application development. In particular, I explain how Secure Cloud Development is different from other Cloud-based development approaches and our target market.

Published: February 06, 2024

Author:Laurent Balmelli

Why and How We Made Cloud Development Environments Secure

How Should You Protect Your Software Development Workflow?

The deployment of a productive and secure application development process is often a struggle for many organizations. This is the main challenge that my co-founder and I have been tackling since we created Strong Network back in 2020.
The company name "Strong Network" was chosen to embody the power of collaboration and connectivity within the technology and development community, highlighting the strength that comes from a well-coordinated, productive network of developers working together. It represents the robust and secure infrastructure that facilitates the creation of superior IT products and solutions through smart associations between developers and applications.
Increasingly, developers are being continuously targeted by hackers, notably around credential theft (see also this report), leading to severe data breaches and exposing personal information and source code. For a long time, virtual desktops such as Citrix VDI, VM Horizon and others have been candidates to address this issue by providing data loss prevention measures. More recently, companies such as Island, Talon and others, position themselves as a web-based alternative to virtual desktops, although the focus is primarily securing access to web-applications and SaaS (but desktop access is possible).
Here comes the kicker: these general-purpose technologies are fraught with usability and performance issues in the context of protecting code development. If you want to understand in detail how these technologies are used in the scope of development process security you can read this article.

Combine Security and Productivity in Cloud Development

We created the first secure Cloud Development Platform to address the dual challenge of enhancing the efficiency and governance of the application development process within the DevOps cycle, while simultaneously safeguarding against data leaks.
Like other platforms, the basic goal is to streamline container-based development environments, yet in our case we aim at the same time to provide robust security measures. Even better, we design security measures and controls such that they become part of the developer’s productive workflow.
Cloud Development Environments (CDEs) have recently become a technology category proposed by Gartner and Strong Network is mentioned as one of the vendors in it. CDEs are still early on Gartner’s Hype curve, but their support shows that the industry has clear incentives to move development environments online. Some of the benefits mentioned by Gartner are centralized management, ease of access to environments and better security. We got fixated on that last one.
Gartner Hype Cycle for Agile and DevOps, 2023 with the positioning of Cloud Development Environments.
Figure: Gartner Hype Cycle for Agile and DevOps, 2023 with the positioning of Cloud Development Environments.
In this other article, I delve into all the characteristics and benefits that secure Cloud environments bring, so that here, I can focus on the main conceptual differences between Strong Network’s platform and other platforms.

How a Secure Cloud Development Platform Is Different

The central discussion of this article is to differentiate a secure Cloud development platform from other platforms such as Codespaces, Google Workstation, OpenShift DevSpaces, and other smaller players on the market such as GitPod and Coder.
These platforms provide access to development environments via an Integrated Development Environment (IDE) with the purpose of starting a coding task more rapidly. In other words, these platforms are primarily a productivity-enhancement play.
Notably, there is no goal of protecting the data in the IDE (or outside) from being leaked. In contrast, a secure platform aims at jointly enhancing productivity and protecting the entire development workflow from data leaks. And this workflow extends beyond the IDE. This is the perspective that we took when designing the platform.
Development data flows across a series of tools
Figure: Development data flows across a series of tools during development, hence security is needed across workflow.
Although some of the platforms mentioned above make security claims, the only security measures that are delivered in effect are: in some cases, the platform is self-hosted (which is not really a security measure) and that, like for any Cloud development platform, the development data does not land on the developer’s physical device (because it remains online in the Cloud environment.)
However, when working with any of the platforms mentioned above, it is actually trivial to leak data via clipboard or network operations, or steal any data repository credentials accessed via any one of these environments and leak data out of it, even if MFA is enabled. We actually tested all the existing platforms and were able to easily exfiltrate data (ask me for the exfiltration tutorial videos for any of the above vendors).

How We Made Strong Network Both Productive and Secure for Software Development

Hence for security goals against data leaks to be really fulfilled, adding data loss prevention (DLP) to the IDE -to protect the data from leaking via the developer’s operations- is a necessary yet insufficient measure.
The basic role of the secure platform is to provide joint productivity and security during code development activities. From a process perspective, the platform manages development environments with native security measures against data exfiltration. Importantly, most security mechanisms can be made context-aware so that they have no impact on the developer’s workflow. Examples of security mechanisms that can be implemented are explained in this article.
Since data security must take a workflow perspective, the access to all DevOps applications part of the developer’s workflow (GitHub, GitLab, etc) must be secured as well. This is achieved through the joint use of a specialized secure browser available on the secure platform and dedicated to access and use workflow applications. When enabled, all web applications necessary to the developer for collaboration (e.g. source code, task management) and DevOps are available via the secure browser.
Security settings for a user on the Strong Network platform
Figure: The security settings for a user on the Strong Network platform are represented from a workflow perspective.
Hence, as you can see a secure Cloud development platform is in essence a conjunction of a secured IDE and a secure browser working together to protect the entire development workflow.
Actually, this puts the Strong Network platform in the same range of solutions as a virtual desktop infrastructure and potentially secure browsers when these technologies are applied to securing the development process. In this article, we provide more details on how a secure platform compares to the above two approaches when it comes to secure coding activities.

The Future of Secure Cloud Development is Productive Security

In summary, a secure Cloud development platform focuses on securing all data in development environments (i.e. the CDEs), web applications (GitHub, Jira, etc) used by the developer as well as the access to the organization data resources from the development environments. Measures range from protection against data extraction via phishing attacks or malware, and against data leaks, including from insider threat.
The design of the platform allows control over the entire workflow, from coding in the IDE, using web applications to working in the secure Cloud environments. Hence in contrast to the previous technologies, dev environment-focused data security measures can be implemented such that they provide a more focused threat coverage than virtual desktop or enterprise browsers.
From a developer experience perspective, the aim of the platform is to provide optimal developer experience via lightweight web technology and does not compromise productivity, in contrast to usability issues commonly experienced by developers using virtual desktops (as reported by companies trying to solve them).
In conclusion, we bet that the future of Secure Cloud Development is driven by productivity-enabling, transparent security that doubly benefits organizations and developers.
---
All material in this text can be shared and cited with appropriate credits. For more information about our platform, please contact us at hello@strong.network
Copyright © 2020-2024 Strong Network All rights reserved.

Recomended Reads