DEV Community

Cover image for Why and How We Made Our Cloud Development Environment Platform Secure
Laurent Balmelli, PhD
Laurent Balmelli, PhD

Posted on • Updated on • Originally published at strong.network

Why and How We Made Our Cloud Development Environment Platform Secure

A short story of why and how we created the first secure CDE platform to address the dual challenge of enhancing the efficiency and security of the application development process, in particular of cloud-native applications. In addition, we compare our approach to other CDE platforms and look-alike solutions on the market.

How Should You Protect Your Development Workflow?

The deployment of a productive and secure application development process is often a struggle for many organizations. This is the main challenge that my partner and I have been trying to tackle since we created Strong Network.

The company name "Strong Network" was chosen to embody the power of collaboration and connectivity within the technology and development community, highlighting the strength that comes from a well-coordinated, productive network of developers working together. It represents the robust and secure infrastructure that facilitates the creation of superior IT products and solutions through smart associations between developers and applications. You can ask more about our company motto and platform through our custom GPT on OpenAI.

Increasingly, developers are being continuously and increasingly targeted by hackers, notably around credential theft (see also this report), leading to severe data breaches and exposing personal information and source code. For a long time, virtual desktops such as Citrix VDI, VM Horizon and others have been candidates to address this issue by providing data loss prevention measures. More recently, companies such as Island, Talon and others, position themselves as a web-based alternative to virtual desktops, although the focus is primarily securing access to web-applications (but desktop access is possible).

Here comes the kicker: these general-purpose technologies are fraught with usability and performance issues in the context of protecting code development. If you want to understand in detail how these technologies are used in the scope of development process security you can read this article.

Combine Security and Productivity with Cloud Development Environments

We created the first secure CDE platform to address the dual challenge of enhancing the efficiency and governance of the application development process within the DevOps cycle, while simultaneously safeguarding against data leaks.

Like other CDE platforms, the basic goal is to streamline container-based development environments (read “Coding Goes Online” to get the basics of CDEs), yet in our case we aim at the same time to provide robust security measures. Even better, we design security measures and controls such that they become part of the developer’s productive workflow.

Cloud Development Environments have become recently a technology category proposed by Gartner and Strong Network is mentioned as one of the vendors in it. CDEs are still early on Gartner’s Hype curve, but their support shows that the industry has clear incentives to move development environments online. Some of the benefits mentioned by Gartner are centralized management, ease of access to environments and better security. We got fixated on that last one.

Image description Figure: Gartner Hype Cycle for Agile and DevOps, 2023 with the positioning of Cloud Development Environments.

In this other article, I delve into all the characteristics and benefits that secure CDEs bring, so that here, I can focus on the main conceptual differences between Strong Network’s platform and other CDE platforms.

How a Secure CDE Platform Is Different From Other Platforms

The central discussion of this article is to differentiate a secure CDE platform from other CDE platforms such as Codespaces, Google Workstation, OpenShift DevSpaces, and other smaller players on the market such as GitPod and Coder.

These platforms provide access to a CDE via an Integrated Development Environment (IDE) with the purpose of starting a coding task more rapidly. In other words, these platforms are primarily a productivity-enhancement play.

Notably. there is no goal of protecting the data in the IDE (or outside) from being leaked. In contrast, a secure CDE platform aims at jointly enhancing productivity and protecting the entire development workflow from data leaks. And this workflow extends beyond the IDE. This is the perspective that we took when designing the platform.

Image description
Figure: Development data flows across a series of tools during development, hence security is needed across workflow.

Although some of the platforms mentioned above make security claims, the only security measures that are delivered in effect are: in some cases, the platform is self-hosted (which is not really a security measure) and that, like for any CDE platform, the development data does not land on the developer’s physical device (because it remains in the online CDE.)

However, when working with any of the platforms mentioned above, it is actually trivial to leak data via clipboard or network operations, or steal any data repository credentials accessed via any one of these CDEs and leak data out of it, even if MFA is enabled. We actually tested all the existing platforms and were able to easily exfiltrate data.

How We Made Strong Network’s Platform Both Productive and Secure for Development

Hence for security goals against data leaks to be really fulfilled, adding data loss prevention (DLP) to the IDE -to protect the data from leaking via the developer’s operations- is a necessary yet insufficient measure.

The basic role of the secure CDE platform is to provide joint productivity and security during code development activities. From a process perspective, the platform manages development environments with native security measures against data exfiltration. Importantly, most security mechanisms can be made context-aware so that they have no impact on the developer’s workflow. Examples of security mechanisms that can be implemented are explained in this article.

Since data security must take a workflow perspective, the access to all DevOps applications part of the developer’s workflow (GitHub, GitLab, etc) must be secured as well. This is achieved through the joint use of a specialized secure browser available on the secure CDE platform and dedicated to access and use workflow applications. When enabled, all web applications necessary to the developer for collaboration (e.g. source code, task management) and DevOps are available via the secure browser.

Image description Figure: The security settings for a user on the Strong Network platform are represented from a workflow perspective.

Hence, as you can see a secure CDE platform is in essence a conjunction of a secured IDE and a secure browser working together to protect the entire development workflow.

Actually, this puts the Strong Network platform in the same range of solutions as a virtual desktop infrastructure and potentially secure browsers when these technologies are applied to securing the development process. In this article, we provide more details on how a secure CDE platform compares to the above two approaches when it comes to secure coding activities.

The Future of Cloud Development Environments is Security

In summary, a secure CDE platform focuses on securing all data in development environments (the CDEs), web applications (GitHub, Jira, etc) used by the developer as well as the access to the organization data resources from the CDEs. Measures range from protection against data extraction via phishing attacks or malware, and against data leaks, including from insider threat.

The design of the platform allows control over the entire workflow, from coding in the IDE, using web applications to working in the CDE. Hence in contrast to the previous technologies, CDE-focused data security measures can be implemented such that they provide a greater threat coverage than virtual desktop or enterprise browsers as explained here.

From a developer experience perspective, the secure CDE platform provides developers access to a CDE via a web-based IDE (via a local IDE as well, though it impacts the security model) and to web applications via a secure browser embedded in the platform. The web-based IDE is a web application on its own and renders natively in the browser on the developer’s device.

Hence a secure CDE platform provides optimal developer experience and does not compromise productivity, in contrast to usability issues commonly experienced by developers using virtual desktops (as reported by companies trying to solve them). Since developers spend the major part of their time in the IDE and use workflow applications for specific and less frequent operations, delivering a development environment with optimal performance fosters developer experience overall.

In conclusion, we think that the future of Cloud Development Environments is driven by productivity-enabling, transparent security that doubly benefits organizations and developers. Secure CDE platforms can provide developers with a flexible coding environment available anywhere so that they can focus on what they like, where they want, without the burden of security measures in an era where they form the largest attack surface in the application development process


All material in this text can be shared and cited with appropriate credits. For more information about our platform, please contact us at hello@strong.network

Copyright © 2020-2024 Strong Network All rights reserved.

Top comments (0)