The Need for Secure Cloud Development Environments

The use of Cloud Development Environments (CDEs) allows the migration of coding environments online. Solutions range from using a self-hosted platform or a hosted service. In particular, the advantage of using CDEs with data security, i.e., secure Cloud Development Environments, provides the dual benefits of enabling simultaneously productivity and security.

Examples given in this article are based on the CDE platform proposed by Strong Network. The implementation of CDE platforms is still in its infancy, and there needs to be a clear consensus on the standard functionalities.

The approach taken by Strong Network is to have a dual focus, i.e., leverage CDEs from both a productivity and security standpoint. This is in contrast to using CDEs primarily as a source of efficiency. Embedding Security in CDEs allows for their deployment in Enterprise settings where data and infrastructure security is required.

Furthermore, it is possible to deliver via CDE security mechanisms in a way that improves productivity instead of setting additional hurdles for developers. This is because these mechanisms aim to automate many of the manual security processes falling on developers in classic environments, such as the knowledge and handling of credentials.

The review of benefits in this article spans three axes of interest for organizations with structured processes. They also align with the main reasons for enterprise adoption of CEDs, as suggested in Gartner's latest DevOps and Agile report. The reasons hover around the benefits of centralized management, improved governance, and opportunities for data security. We revisit these themes in detail below.

The positioning of Cloud Development Environments in Garther's Technology Hype Curve, in comparison with Generative AI, is noteworthy. The emergence of this technology provides significant opportunities for CDE platform vendors to deliver innovative functionalities.

Streamline the Management of Cloud Development Environments

Let's first consider a classic situation where developers each have the responsibility to install and manage their development environment on their devices. This is a manual, often time-consuming, and local operation. In addition, jumping from one project to another will require duplicating the effort, in addition to potentially having to deal with interference between the project’s specific resources.

Centralized Provisioning and Configuration

The above chore can be streamlined with a CDE managed online. Using an online service, the developer can select a development stack from a catalog and ask for a new environment to be built on demand and in seconds. When accessing the platform, the developer can deal with any number of such environments and immediately start developing in any of them. This functionality is possible thanks to the definition of infrastructure as code and lightweight virtualization. Both aspects are implemented with container technology.

The centralized management of Cloud Development Environments allows for remote accessibility and funnels all resource access through a single entry point.

Development Resources and Collaboration

Environment definition is only one of the needs when starting a new project. The CDE platform can also streamline access to resources, from code repositories to APIs, down to the access of secrets necessary to authenticate to cloud services.

Because coding environments are managed online using a CDE platform, it opens the possibility for new collaboration paradigms between developers. For example, as opposed to more punctual collaboration patterns, such as providing feedback on submitted code via a code repository application (i.e., via a Pull-Request), more interactive patterns become available thanks to the immediacy of using an online platform.

Using peer coding, two developers can type in the same environment, for example, in order to collaboratively improve the code during a discussion via video conference.

Some of the popular interactive patterns explored by vendors are peer-coding and the sharing of running applications for review.

Peer coding is the ability to work on the same code at the same time by multiple developers. If you have used an online text editor such as Google Docs and shared it with another user for co-editing, peer-coding is the same approach applied to code development. This allows a user to edit someone else's code in her environment.

When running an application inside a CDE-based coding environment, it is possible to share the application with any user immediately. In a classic setting, this will require to pre-emptively deploy the application to another server or share a local IP address for the local device, provided this is possible. This process can be automated with CDEs.

Cloud-Delivered Enterprise Security Using Secure CDEs

CDEs are delivered using a platform that is typically self-hosted by the organization in a private cloud or hosted by an online provider. In both cases, functionalities delivered by these environments are available to the local devices used to access the service without any installation. This delivery method is sometimes referred to as cloud delivery. So far, we have mentioned mostly functionality attached to productivity, such as the management of environments, access to resources, and collaborative features.

In the same manner, security features can also be Cloud-delivered, yielding the additional benefit of realizing secure development practices with CDEs. From an economic perspective, this becomes a key benefit at the enterprise level because many of the security features managed using locally installed endpoint security software can be reimagined. It is our opinion that there's a great deal of innovation that can flourish by rethinking security using CDEs. This is why the Strong Network platform delivers data security as a core part of its functionalities.

Using secure Cloud Development Environments, the data accessed by developers can be protected using different mechanisms enabled based on context, for example, based on the status of the developer in the organization.

Why Development Data Requires Security

Most, if not all, companies today deliver some of their shareholder's value via the development of code, the generation and processing of data, and the creation of intellectual property, likely through the leverage of both resources above. Hence, the protection of the data feeding the development workforce is paramount to running operations aligned with the shareholders’ strategy.

Unfortunately, the diversity and complexity from an infrastructure perspective of the development processes often make data protection an afterthought. Even when anticipated, it is often a partial initiative based on opportunity-cost considerations.

In industries such as Banking and Insurance, where regulations forbid any shortcuts, resorting to remote desktops and other heavy, productivity-impacting technology is often a parsimoniously applied solution.

When the specter of regulation is not a primary concern, companies making the shortcuts may end up paying the price of a bad headline in a collision course with stakeholder interests. In 2023, security-minded company Okta leaked source code, along with many others such as CircleCI, Slack, etc.

The Types of Security Mechanisms

The opportunity to use CDEs to deliver security via the Cloud makes it efficient because, as mentioned previously, no installation is required, but also because:

• Mechanisms are independent of the device’s operating system;
• They can be updated and monitored remotely;
• They are independent of the user’s location;
• They can be applied in an adaptive manner, for example, based on the specific role and context of the user.

Regarding the type of security mechanisms that can be delivered, these are the typical ones:

• Provide centralized access to all the organization's resources such that access can be monitored continuously.
• Centralized access enables the organization to take control of all the credentials for these resources, i.e., in a way that users do not have direct access to them.
• Implement data loss prevention measures via the applications used by developers, such as the IDE (i.e., code editor), code repository applications, etc.
• Enable real-time observability of the entire workforce via the inspection of logs using an SIEM application.

Realize Secure Software Development Best-Practices With Secure CDEs

We explained that using secure cloud development environments jointly benefits both the productivity and the security of the development process.

From a productivity standpoint, there's a lot to gain from the centralized management opportunity that the use of a secure CDE platform provides.

From a security perspective, delivering security mechanisms via the Cloud brings a load of benefits that transcend the hardware used across the developers to participate in the development process. In other words, the virtualization of development environment delivery is an enabler to foster the efficiency of a series of maintenance and security operations that are performed locally. It brings security to software development and allows organizations to implement secure software development best practices.

This also provides an opportunity to template process workflows in an effort to make both productivity and security more systematic, in addition to reducing the cost of managing a development workforce.