Data Loss Prevention For Development Workspaces

How to Purchase

Data Loss Prevention Allows Companies to Expand Their Collaboration Opportunities by Providing New Ways to Securely Share Data

Data Loss Prevention is a Mission-Critical Function For Global Companies

Source code and data are the main IP assets consumed and generated throughout development processes today. From a security standpoint, a Data Loss Prevention (DLP) mechanism is one of the key features of a Virtual Workspace Infrastructure (VWI). It allows companies to give access to source code and data without the risk of exfiltration. Using DLP, companies might not be required to anonymize their data anymore before sharing it.

Recall that, because workspaces are based on Cloud-based Integrated Development Environments (IDE), no data ever "lands" on the physical device used by the developer, i.e. contrary to the use of a machine with a locally-installed IDE, there is no copy of the data or source code on the local device storage. While being a good thing for security, this does not prevent exfiltration of the data through other means, e.g. clipboard or network operations. To prevent this, the DLP function allows the protection of data against exfiltration while in use in a workspace, as shown in the diagram below.

Diagram: Using a Virutal Workspace Infrastructure, all data stays in the cloud and inherits the physical location of the server. The DLP function protects against exfiltration from the developer's terminal running the workspace's user interface.
User Home Dashboard
How Data Loss Prevention Fosters Collaboration

The DLP function is an important enabler when collaboration involves the need to share sensitive data. For example, when internal or remote developers need to access sensitive data to perform their job, whether it's coding or data science exploration. The DLP function does not only protect the data but also the source code that is created with the workspaces. Hence, companies can increase the size of their workforce easily by getting help from temporary, probably remote development teams and avoid sharing their intellectual property assets, i.e. source code and data. In addition, companies might not be required to anonymize data before making it available in for their code development or Data Science process.

A cool application is the participation in Crowd-based innovation tournaments. Innovation tournaments are routinely run today on several platforms such as Kaggle, AICrowd and others. These platforms allow companies to publish competitions and invite any individual (i.e. the Crowd) to participate in the challenge. Companies can then get an external perspective on an internal research problem. The output often takes the form of a trained model for Artificial Intelligence (AI) applications that can be put into production to support the function of a product or service. In return, the company pays the winning team a monetary prize.

Business Scenarios for Data Loss Prevention (in a Zero-Trust Architecture)
Hiring remote or temporary developers, e.g through outsourcing companies such as TopTal, UpWork, etc.
Developers working on sensitive projects that require protection of source code and data
Collaboration around coding or Data Science between companies when data has to be secured
Projects where data locality has to be enforced by regulation
Running data-secured innovation tournaments with the Crowd, e.g. on Kaggle, AICrowd, etc.

Innovation Tournaments

Outsourcing

Outsourcing

The VWI Plaform Provides a Continuous Audit Function That Includes Live Logs of All Operations to Show Compliance With Most Industry Information Security Standards

Scope of the Data Loss Prevention Mechanism

As explained above, workspaces have access to a set of whitelisted project resources, with some that might be of confidential nature. These resources are copied on a storage attached to the workspace (see previous diagram) and the aim of the DLP mechanism is to ensure that the copied data cannot leave the volume unintentionally or maliciously. The platform's DLP mechanism is securing several functions of the developers workbench such as the network, the IDE's clipboard and others. This process is illustrated in the diagram below.

Diagram: The scope of the Data Loss Prevention mechanism is the protection of all the workspace's functions that can serve to the exfiltration of data, for example the IDE's clipboard and the network connection.
repository import

The VWI platform allows companies to have a complete control of the network operations performed from workspaces and can enforce granular security policies using the Zero-Trust Architecture implemented by the platform. The clipboard in workspaces is equally well monitored such that exfiltration through it is not possible.

In addition, as explained on the VWI page, the platform uses an Attributes-Based Access Control (ABAC) model as part of the Zero Trust Architecture. Dyamically-assessed policies using attributes to manage the DLP function are based on requirements from the ISO 27001 information security standard.

The platforms Audit Dashboard provides live logs of the workspace's operations such that data exfiltration can be easily detected and the creation of security reviews automated. This capability provides companies with an easy way to improve their DevSecOps maturity. For companies that need to show compliance with security standards, e.g. ISO 27001, generating a compliance report that covers the scope of applicability is trivial with the VWI platform.

Screenshot: The VWM platform provides a live audit trail of all operations on workspaces (User and Origin fields removed for privacy). Logs are used in security policies to show compliance with standards such as ISO 27001.
repository import

Learn More about the Uses of a Virtual Workspace Infrastructure by Reading About Business Scenarios Below or Book a Demo

Book a demo

How Companies Use Our Platform

  • Secure Code Development Outsourcing

    Expand your code development capability by onboarding any talent from any location while protecting your source code and data using our Zero-Trust Architecture with Data Loss Prevention. We created a Virtual Workspace Infrastructure (VWI) to deploy Cloud IDEs with plenty of collaborative features, data security and automation.

  • Data-Secure IDEs for Data Science

    Improve the data security of your Data Science process by using our platform to deploy Data Science Workspaces as full IDEs in your company or anywhere. Share your data securely during innovation tournaments on Kaggle. Connect to cloud pipelines and experiment management applications such as MLFlow, Kubeflow, etc. Connect your workspaces securely to code repositories, data buckets from all major cloud providers.

  • Zero-Trust, DLP-Enabled Cloud Coding

    You can operate your company like we do, we develop our platform using our platform. Our enterprise-grade cloud IDE platform allows you to put your entire DevOps process, including all coding activities in the Cloud. Our platform enforces zero-trust architecture principles in addition to providing data loss prevention. This will provide you with a leap improvement in your DevOps security and master DevSecOps automation.