Cloud architects are tasked with some of the most important responsibilities in your organization. They work to conceptualize and build an infrastructure that enables new product development, the creation of new service models and the emergence of new capabilities powered by connected and intelligent systems.
This infrastructure serves as the heart of your organization’s innovation engine, whether that infrastructure resides partially on-premises and partially in the cloud or it is an entirely cloud-based environment. Those assets and intellectual property represent the future of your business.
Here at Forcepoint, we focus on supporting cloud architects by providing them with easy-to-use and effective ways to manage security across Amazon Web Services (AWS) development environments, as well as within the cloud-based collaboration hubs that help developers write, share, and test their code, no matter where your development team is located.
Protecting your cloud development environment
When it comes to security and compliance, major public cloud providers operate according to a shared responsibility model: the cloud provider assumes responsibility for the infrastructure, while the customer is responsible for securing their own applications, configurations and data. Though cloud providers do offer native identity and access management and security controls, these don’t always offer the flexibility or granular policy management capabilities required to protect apps, configurations and data. That’s why we partnered with AWS to integrate Forcepoint data loss prevention (DLP) and cloud access security broker CASB solutions into AWS Security Hub.
Deploying a CASB solution over your AWS instance enables you to implement additional layers of access control to protect your development environment from accidental or malicious service disruption. If a privileged user account gets compromised (or that employee gets disgruntled), it’s easy to stop an elastic compute service or to delete or modify data within cloud storage. CASB can provide your security team with additional authentication requirements for critical logins. It also provides enhanced visibility into user activities across the AWS instance, letting you see who’s accessing which resources, and how they’re using them.
Protecting source code from exfiltration
Cloud-based repository hosting services like GitHub and Bitbucket are widely used by software developers all over the world. These collaboration tools allow developers to store, access and share code, and to showcase their skills and learn from others. It’s important to remember that most members of your development team may have personal instances of GitHub. A first important security step is to create a corporate instance. From there, implementing access control tools, such as a CASB, to prevent users from logging into personal GitHub instances from their corporate desktop.
In addition, DLP helps protect invaluable assets like source code stored on AWS. If a user attempts to copy fingerprinted files to GitHub, DLP can block that action entirely. In fact, it can prevent users from moving any data outside AWS—providing protection for both structured and unstructured types of data. When it comes to protecting important intellectual property, the ability to monitor and control data movement from cloud to endpoint is critical. And it’s even more important if your development team works remotely.
It’s not uncommon for penetration testers to discover backdoors, unencrypted passwords, or other exposed vulnerabilities in enterprise software applications when they search public code repositories in GitHub. Developers are often under pressure to work quickly, and may become distracted while multitasking. They might export code accidentally, without realizing the action would enable the infiltration of an application that would soon move into production. Data Protection provides an additional safeguard against this sort of error--which because it takes place unconsciously is otherwise difficult to prevent.
Whether they’re working from home or anywhere else in the world, development teams—software and services they build—hold the key to the future of your business. You can enable their ability to innovate by allowing them to take advantage of the collaboration tools they choose—while also securing your data and protecting priceless intellectual property. And we are here to help.
Scale your security strategy to protect people and data wherever work happens—learn more here.