Webinar Transcript:
Why Code Development Needs Data Security
First, let's address the crucial need for securing development environments. Recent news has highlighted the increasing frequency of company breaches, exposing sensitive data such as intellectual property, source code, and customer information. Such breaches can result in significant problems, including regulatory fines under GDPR or other regulations like HIPAA in the medical field. As a result, companies are taking proactive measures to safeguard their source code and sensitive data, which is the focus of our discussion today. I've listed some notable hacks that have occurred recently, including Intel's source code leak, breaches involving companies like LastPass and Samsung, among others. These incidents underscore the importance of securing sensitive information, driving many companies to adopt strategies like Desktop-as-a-Service (DaaS) and Virtual Desktop Infrastructure (VDI) to mitigate such risks, although these solutions come with their own challenges. Cloud Environments to Accelerate Testing and Deployment
Before we dive deeper, let's briefly clarify what cloud development environments are and how they play a crucial role in the DevOps process. Cloud environments based on containers are lightweight virtual environments designed for code development. They serve to isolate all the dependencies required to run an application, making it easier to test, implement, and test code locally while moving through various stages such as build, test, release, and deployment. This isolation ensures that code behaves consistently across different environments, addressing the common problem of "it works on my machine." This consistency is vital for many companies as it enables a seamless transition from local development to testing, staging, and production environments.
How Are Containers Used for Code Development?
Now, let's break down the two primary ways containers are used for development: locally on the developer's laptop or online via the internet. While using containers locally involves downloading container definitions from a registry to your machine, it has drawbacks, such as the lack of centralized management and potential issues with local data modifications.
Alternatively, containers can be hosted online, originating from an online registry and managed within clusters, often orchestrated by platforms like Kubernetes. Access to these containers can be through cloud-based Integrated Development Environments (IDEs) or local tools like VS Code with remote development capabilities. This approach offers centralized management, eliminates the need for local data storage, and aligns with industry trends in remote development. It's important to note that our solution complements platforms like GitHub for code repository management. GitHub also provides containers online, a feature to utilize alongside its core source code management functionality. Optimizing Remote Coding With Cloud Environments
Now that you understand what containers are, let's discuss when you might need Virtual Desktop Infrastructure (VDI), Desktop as a Service (DaaS), and Cloud environments. The major cloud providers offer these functionalities. Let's start with AWS, which provides AWS Workspaces, a DaaS offering for both Windows and Linux desktops accessible remotely via a browser.
Moving on to GCP (Google Cloud Platform), they use Teradici, a third-party provider for Windows DaaS. Google Cloud doesn't have a native solution for this.
Azure offers Azure Virtual Desktop, providing online Windows and Linux desktops. Microsoft also has Codespaces for container access via VS Code online, but it's Linux-based and specific to GitHub repositories. Codespaces is not a replacement for DaaS; it serves a different purpose. Citrix, a well-known name, offers a DaaS version on major clouds with added security features, especially in monitoring clipboard activities for enhanced data security during remote work.
And then there's Strong Network, our solution, offering cloud development environments deployable on major clouds. However, our unique approach involves self-deployment by the purchasing organization. We don't own the data; it's the customer who deploys our solution on their private cloud, including AWS, GCP, Azure, and even Huawei in some cases, given our presence in Asia. From Virtual Desktops to Agile DevOps Platform
To give you an idea of what a DaaS looks like, consider Amazon Workspaces. It essentially provides a full desktop experience. Now, if you're curious about what VS Code Online or in cloud environments looks like, let me show you. In this case, it's not a full desktop like the Windows example earlier.
In a DaaS setup, you install and run applications locally on the desktop. However, with a cloud environment and a cloud IDE, you only get the IDE without the full desktop experience. You have access to the container, as shown here with a terminal, where you can install packages and run console-based applications, but not graphical ones. It's familiar to developers but not the same as running applications on a full desktop. However, you can run web applications on specific ports.
Now, let's discuss the differences between VDI, DaaS, and cloud environments. VDI and DaaS stream a desktop environment that runs remotely, resulting in high bandwidth consumption, often using protocols like RDP.
On the other hand, cloud environments provide access to a pure terminal and tools like VS Code Online. This approach has low bandwidth requirements since it's text-based and doesn't involve video streaming. Developers find it more comfortable, especially compared to laggy experiences with DaaS.
In terms of key differences, VDI and DaaS focus on machine-based virtualization, while cloud environments are process-based, accessible through a terminal. DaaS offers a full desktop environment with graphical applications, while containers are terminal-based and can't run graphical apps. DaaS prioritizes data protection, implementing measures like clipboard monitoring, while cloud environments like Codespaces don't emphasize data protection.
DevOps Tools: Balancing Efficiency and Data Protection
So, what do developers need in a coding environment today? For modern development, a full desktop is increasingly unnecessary. Web and mobile app development and productivity applications can be done via web applications or terminal-based apps. An Integrated Development Environment (IDE) is essential for coding, and repositories for code storage, like GitHub or GitLab, are typically used. DevOps tools like Azure DevOps and JIRA are also necessary for the development cycle. When it comes to data protection in modern development environments, you need to safeguard the entire developer workflow. This includes protecting the IDE, Git applications, DevOps tools, and other services used in the process. To achieve this, you must remove local data, implement data prevention measures, and monitor resource access.
Optimizing DevOps: Containers for Productivity and Security
Virtualized environments like VDI and DaaS benefit various scenarios in organizations. They are useful for efficiently onboarding remote developers, providing fully configured workstations to new hires. They also enable remote access in a Bring Your Own Device (BYOD) mode, allowing employees to work from home on their own devices while preventing data leaks.
Additionally, virtualized environments can enhance productivity for non-development tasks. They improve IT efficiency, offer centralized management, and support better governance. However, they are often criticized for being slow and laggy, which can negatively affect developer productivity. Their complexity and resource-intensive nature make them less suitable for modern web and mobile app development. So what do cloud development environments do that virtual machines do not? I think it's something that we want to know. Why, you know, what did they do in addition? Well, first of all, containers are much closer to development than DaaS, right? I mentioned that, if you do co-development, you will use containers, right? So why don't you work directly from a container? You don't need physically to have a desktop and then work on this remote desktop with containers, that would be a bit silly. So you can skip, you know, the step and work directly from a container.
And since you work directly from the container here, you can use containers across all the DevOps cycles. You will use this container and use it like a way to transition quickly to testing and to production and so on. It's just going to really remove a lot of friction, right?
It also improves resource allocation, right? Because actually think of it like they're virtual processes as opposed to virtual machines. So they're much lighter. So you don't actually don't need as much resources to run a container for development as you would need resources to run a DaaS, right? Or VDI, this is one of these. Really interesting aspect is that you can really save a lot of money, a lot of resources because it's much lighter, right? And especially if you improve productivity of the developer.
Boosting DevOps Productivity with Secure Containers
I think this is one of the main aspects of cloud environments, and if you read studies from some of the vendors that do that (I put some of the logos here), is that what's put forward, and including for us, is the increasing productivity for the developers. This is really something that jives very well with the entire team. It's something that people appreciate and so on. So quickly run, you have shorter builds, you have quickly running environments, configuring environments and so on here. But now, and this is what Codespace is, or Gitpod or like Coder is doing. And we do a little bit more. So that's why I put the thumb down because still, what is the issue with if you have standard containers, not secure containers? First here, because these are not designed for data protection. I mentioned this, all these vendors, except for us, don't deal with data protection because it's not the focus of the product, right? And the second, so they're not designed for data protection. Secondly, obviously they remove data from the desktop, right? And these vendors say it's secure by design, yes. But, you know, people can execute the data to the clipboard, they have access to the internet for the containers so that they can zip the entire data and curl it, send it FTP somewhere. I think there's really no guarantee at all for that as security. So it's often not, you know, but it's not, DaaS and VDI will prevent all these cases that I mentioned. So it's something that needs to be considered. And this is not, that's why it's not a replacement for DaaS. It's terminal-based, not full desktop, access to a Linux machine that did not access the execution of a locally running GUI-based application. So you cannot , fat clients will not run on DaaS as the issue, but you can install, you know, terminal-based applications and so on. The one that did not have a graphical interface.
DevOps Strategy : Data Protection and Access Control
Our objective is clear: we require containers that offer robust data protection to replace DaaS and VDI. While I initially mentioned "video" instead of "VDI," let's focus on the latter. The core issue is that current container offerings lack adequate data access and usage protection for development.
To address this gap, we need a solution that eliminates the use of credential tokens within developers' environments. Instead, we aim to provide controlled access and secure single sign-on (SSO) for various services, including Git applications, data buckets, APIs, SSH, and databases. This means developers won't need multiple credentials; they'll rely on platform authentication and their private workspace keys.
While this level of security can be found in some non-standard solutions, it's not a common feature in DaaS or VDI. In industry terms, this setup resembles a "security proxy" with comprehensive features.
Additionally, we require remote browser isolation to safeguard data even within third-party applications like GitHub, GitLab, or JIRA. This entails using a monitored, secure version of Chrome to prevent unauthorized clicks and actions, including IDE security and clipboard monitoring. While DaaS and VDI offer some data prevention features, modern development demands even more.
IT Infrastructure Costs: VDI vs Secure Cloud Environments
Now, let's delve into the cost aspect, as it's essential to compare the expenses associated with various options: VDI, cloud environments (in our case, Strong Network), AWS workspaces, and traditional laptops. To do this, we've structured our cost model to provide a fair assessment. Figure : Economic Impact of Secure Cloud Development Environment
First, we need to consider the number of supported users and workspaces, along with the licensing type. Many vendors offer user or workspace-based licensing on an annual basis.
Next, resource allocation is crucial. We've assumed a baseline of four virtual CPUs and 16 gigabytes of RAM, which is standard for DaaS and VDI. Even when considering Citrix, we're talking about the online version. This standard machine configuration is what we assume for running instances.
When it comes to hardware, we recommend the use of FIT devices, which cost around $1,000. These devices, like the Asus Chromebook I have here, offer an excellent solution without requiring complex installations. We estimate their replacement every two years, amounting to $500 annually. For comparison, a development machine without virtualization typically costs around $3,000 and has a similar replacement cycle.
We also have various one-time costs, including migration, deployment, operation, training, onboarding, maintenance, compliance, and different levels of support, such as level one and two, and incident response.
And if you look, this is really the bird-eye view of the cost study that we did so far. And you can see that in terms of resource cost, it's pretty much the same, right? Whether you use cloud environments, AWS workspaces, Citrix cloud, developer laptop, resources kind of cost the same, but you see there's going to be a but, there's going to be a caveat. But obviously in operational cost, cloud environments are much cheaper. This is one of the things. You will save money in operational cost. This is one of the important things here, but it's not the end of the story because there's something that happens.
Optimizing Costs with Container Efficiency and Kubernetes
We said we run every container on a virtual CPU. But actually this resource can be shared much more dynamically and efficiently in the case of containers because they are lightweight, because they can be booted very quickly. Things are much different on a DaaS and you also need fewer resources to run.
And also, Kubernetes allows you to reuse their unused capacity. So even if multiple developers are sharing the same instance for CPUs, they can actually work very well. This is actually something. So there's really a lot of potential to at least have, or even like to get into 25% of this cost. So you can, there's a possibility to run this. And actually, our largest customer, which is Broadcom in San Jose, California, asked us to work on all these aspects of optimizing cost for the cluster and making sure that they don't get this out of the way.
And we were just talking to your customer like an hour ago, and we talked about that also that there is sometimes a surprise sometime of the bill they receive from AWS, right? So I think cost governance and the infrastructure management is critical here and tools to monitor resources used are critical. So it's something that we actually focus on.
We can allocate these resources across multiple regions. So make sure the optimizer sees the comfort of all the developers and so on. So there's actually a lot of potential for this. So if you really got a very dry aspect of things, you can really, oh, you might be comparable, but actually you can see that if you go in detail, then there's really a lot of potential for saving here.
Comprehensive Benefits of Secure Cloud Development
And it's not over because there's also a quantified benefit of using those platforms that do not come directly from that model. We didn't want to put some kind of blur over the model. We want to stay really fair with this model. But , I mentioned here that resources can be shared dynamically needing significant cost reduction. Also, when moving to containers, it's actually less disruption than it will be from moving to DaaS.
So it's a thing that actually migrates, the one-time cost is actually much cheaper. One thing also that is important is that we have not really accounted for here. The compliance is that in our case, the platform implements over 60 risk controls of ISO 27001. We do this also for other standards, but this is something that is implemented straight in the platform. So for instance, if the organization needs to be compliant with a standard like ISO 27001 and risk controls, which is the appendix part, is something that will be very easy because they will have just by adopting the platform, they will have compliance with all these things here. And last but not least, because something that is mentioned in many studies is that the user container really yields a lot of productivity. So there will be gain also due to this that did not come from the result that I put here. Here we don't gain productivity, right? Which is something that really will be evidence and parents a lot with user containers, something that I think that's very important.
Replace Your Virtual Desktop With Secure Cloud Development
In conclusion, why should we replace DaaS and VDI with secure cloud environments? Regular containers may not suffice, but secure containers like the ones offered by Strong Network present an efficient replacement.
Cloud environments are tailor-made for developers, boosting their productivity significantly. By integrating robust data security, they become the ideal replacement for DaaS and VDI.
This transition works because companies initially adopt containers for enhanced security. As they realize that modern web and mobile development don't necessitate full desktop environments, containers become a natural fit. They enhance developer productivity, support DevOps practices, and lead to substantial resource and operational cost reductions.
Providers like GitHub Code Spaces may offer some benefits but don't secure data to the extent that DaaS does. Strong Network bridges this gap, providing secure containers, DevOps efficiency, and robust data security.
All material in this text can be shared and cited with appropriate credits. For more information about our platform, please contact us at hello@strong.network 
