Rediscovering DevOps with Secure Cloud Development Environments – The New Stack

12 minutes, 24 seconds Read

Cloud Services / DevOps / Security / Contributed“>Laurent Balmelli”>

Rediscovering DevOps with Secure Cloud Development Environments – The New Stack

How are you coping with the GPU Scarcity in 2024?

A recent study from ClearML pointed out the acute shortage of GPUs for MLops. How are you responding?

Using GPUs BUT not looking for cost-effective alternatives to GPUs.

0%

Actively looking for cost-effective alternatives to GPUs for inference.

0%

Actively looking for cost-effective alternatives to GPUs for training.

0%

Interested in cost-effective alternatives to GPU but not aware of existing. alternatives.

0%

Not using GPUs nor looking for cost-effective alternatives to GPUs.

0%

2024-03-21 10:00:36

Rediscovering DevOps with Secure Cloud Development Environments

contributed,

CDE technology is driving the fastest DevOps transformation trend today with the entire cloud native development industry moving development environments online.


Mar 21st, 2024 10:00am by


Let me start by briefly explaining what a cloud development environment (CDE) is. Typically running a Linux OS with applications, it offers a preconfigured environment that allows for coding, compilation and other operations similar to a local environment. From an implementation standpoint, such an environment is akin to a remotely running process, often virtualized through technologies like Docker or Podman. For a general overview of CDEs, check this article.

CDE technology is driving the fastest DevOps transformation trend today with the entire cloud native development industry moving development environments online. These environments became one of Gartner’s new technology categories in August 2023. Notably, Gartner expects over 60% of cloud workloads to be built and deployed using CDEs by 2026.

Today, organizations can decide to manage them with a self-hosted platform, or use one of the services attached to a cloud provider when available. Yet, overall, platforms that manage these environments are in their infancy, and their features widely differ across vendors. Hence, there is a great deal of flexibility on how to implement the technology and, most importantly, what business use cases should it cover.

When faced with choosing a platform for CDEs, businesses should opt for one that delivers both productivity and data security. Using a secure cloud development environment, meaning one that provides data security, allows organizations to deploy mechanisms that are quite diverse, for example protecting against data exfiltration and infiltration, automating DevSecOps best-practices or generating security reviews.

This type of security is typically the aim of a virtual desktop infrastructure by Citrix or, more recently, the goal of using an enterprise browser (Island, Talon or Chrome Enterprise).

A reason for that is many companies, including technology companies, have suffered attacks on their assets such as source code, customer data and other intellectual property. Recent high-profile cases around source-code leaks include Slack’s GitHub repositories, CircleCI and Okta in December 2022. Most importantly I find it important that security should be positioned as a productivity booster so that it contributes to an improved developer experience, as opposed to being an impediment.

One of the common denominators between existing platforms is the aim to make code development more efficient. Whether or not you choose to consider security in the mix, it is clear that CDEs can potentially unleash a great amount of productivity that benefits a DevOps workflow.

This is the reason why I take here a fresh look at DevOps’ core principles and rethink how these environments can shed a new light on them. These principles are also referred to as the three ways and are explained in “The DevOps Handbook,” by Gene Kim, Patrick Debois and John Willis.

Before we start, if you want to understand the difference between a platform to manage data-secure CDEs and other platforms, you can look at this article.

Online Environments Accelerate DevOps’ Principle of Flow

From a process perspective, DevOps is about implementing the three principles (or ways): namely the principles of flow, feedback and continuous learning. Explaining the benefits of CDEs in this context is a good way to understand some of their key impacts.

DevOps’ three ways — flow, feedback and continuous learning — as pictured in “The DevOps Handbook.”

Let’s start with the principle of flow. The first principle emphasizes the smooth and efficient movement of work from development through testing, deployment down to operations and monitoring. It aims to minimize bottlenecks, optimize processes and enable a continuous and seamless delivery pipeline. The flow is often represented with the series of stages arranged along the infinity sign.

CDEs are an efficient way to implement the principle of flow, because they allow users to have fully isolated workspace settings when dealing with multiple projects, enabling straightforward and impactless context switching between them.

A good CDE platform provides developers with multiple tools to manage and configure their CDEs, in particular, based on company policies. For example, self-service access to CDEs for developers is an important benefit.

CDEs are also easily replicated for testing and can be reassigned across users as necessary. They can be fully templated, provisioned within seconds on pliant resources and accessed by any developer regardless of their location. Here, a good CDE platform offers comprehensive operations to project and IT managers that enable CDE management and observability at scale.

The use of CDEs starts at the DevOps code stage and enables organizations to maintain consistent environments across stages. A CDE and its access mechanisms are represented by a tile and a series of icons, respectively.

Clearly, the online deployment of CDEs allows centralized management, observability and access in such a way that it enhances DevOps’ principle of flow.

Today the inclusion of remote developers is part of most organization’s operations. The online nature of CDEs is great for onboarding developers on fully configured environments, regardless of their location. Providing access to the organizations’ resources is also an important aspect of onboarding.

Here, CDEs provide a new opportunity to access development resources in a centralized manner, in particular one that offers enhanced control and observability.

To couple productivity with flexibility, a good CDE platform must provide an access permission model to resources that allows handling different types of developers, different scenarios of development (internal, collaborative, etc.) and different types of resources. For example, a role-based and attribute-based access control (RBAC/ABAC) coupled with a mechanism to classify resources enables organizations to set up risk controls and ensure governance even in complex workflow situations. This greatly enhances the possibility to design efficient and collaborative development flows.

Onboarding a diverse set of developers requires a mechanism to manage access permission to resources based on role. Permissions can also be assessed dynamically based on properties such as the user location.

Finally, one of the great aspects of the joint use of CDEs and web-based IDEs is that onboarding developers on thin devices or in BYOD mode becomes an immediate accelerator for business expansion.

How to Bring Immediacy to DevOps’ Principle of Feedback

The principle of feedback involves establishing mechanisms for communication and collaboration between different stages of the development and operations processes. This includes collecting feedback from various sources, such as end users, monitoring systems and testing processes. An important aspect of this principle is that it enables better collaboration between developers.

Realizing the second principle of DevOps is best exemplified with the pull request (PR) mechanism implemented in code repository applications. By using a PR, developers can provide comments on the work submitted from a branch before it is merged into the application.

The online nature of CDEs brings the principle of feedback even closer to the developer, before work reaches the code repository, right at the center of the coding activity. This benefit is realized by the CDEs often being in conjunction with the mechanisms to access or monitor them, such as the IDE, terminal, network, orchestration, etc.    

Because CDEs are online running processes, it is easy to observe the work as it’s being done. This is reminiscent of observing the user experience of websites’ visitors. In my opinion, this is the area where there is the most opportunity for bringing productivity and security to the core of the development.

Because CDEs can be accessed remotely, it is easy to measure some of their properties such as running processes and allocated resources.

For example, it is easy to measure in real time, over a fleet of CDEs, such as those shared by developers working on a common project, the average compilation time necessary to build the application (see the figure above). This brings immediate and valuable information to the project manager about productivity.

It is also easy to look at the information passing through the developers’ clipboard and the CDE’s network traffic. Using these channels, we can provide feedback to developers and managers. For example, from an infrastructure security perspective it is easy to monitor for potential data exfiltration and prevent loss of intellectual property.

But through the same channel, one can also look for potential infiltration of pernicious data. For example, imagine that you can detect a credential inside a developer’s clipboard. Why not inquire about the intention of the developer performing this operation?

The same is possible when a developer is about to paste source code collected from a random website inside your codebase. Would you like to flag it and automate the creation of a security review? What about detecting malware before it reaches your codebase or systematically flagging AI-generated code?

The control on CDEs and their supporting infrastructure is an opportunity to semantically analyze input data such as credentials, licensed source code and potential malware. Similarly, it allows for setting data leak prevention measures.

Clearly CDEs and the infrastructure components that are used to funnel data into them are ways to bring a new crop of best practices to DevOps and DevSecOps and revisit DevOps’ principle of feedback. Through the examples that I gave above, you can see that infrastructure security can liaise with the principle of code security!

A good CDE platform will provide an artillery of new and creative DevOps and DevSecOps automations. In addition there is a great opportunity to revisit standardized and accepted metrics such as DORA and SPACE to bring them closer to the activity that developers spend the most time on: writing code in the IDE.

Close-up on the Principle of Continuous Learning

Let’s finish this discussion with the third principle — continuous learning. This principle underscores the importance of fostering a culture of ongoing improvement and learning within the development and operations teams. It involves regularly gathering feedback, analyzing performance metrics and incorporating lessons learned from each stage of the development and deployment process to enhance efficiency and innovation.

The immediacy of web platforms and the opportunity they bring around the observability of their running business processes also enables organizations to learn about themselves. This is a boon to increase the potential of continuous learning.

Initially, DevOps’ expectations on continuous learning were around bettering applications in operation, such as those in use by the customer. But when the entire development process is run as a cloud application, there are many valuable things that organization can learn about their own platform-based development process.

Along that vein, CDE platforms bring a new level of observability and allow business optimization around several critical areas. I have discussed how organizations can learn about their performance around application delivery and its security posture. But they can also learn about cloud and physical assets’ utilization, as well as monitor the cost of IT functions and resources allotted to development.

The platform also brings a fantastic opportunity to centralize the implementation of productivity and risk controls while systematically enforcing them across geographically scattered teams. In practice, modern CDE platforms need to allow the simultaneous use of multiple clouds across multiple regions. Most importantly, their capability to uniformly deliver complex services to organizations makes it easy to implement governance mechanisms that do not get in the way of users’ daily tasks.

DevOps’ principle of continuous learning can also apply to the development process itself. CDEs yield a new swath of process measurements that benefit governance, accountability and risk controls.

In conclusion, good CDE platforms should bring a wealth of metrics and functionalities to organizations such that they retake control of a development process that is often scattered and non-uniform across hardware and applications, and at times obscured from a security perspective. This is why, in my opinion, the adoption trend will follow unabated. In addition, we should see a greater demand in the ability of CDE providers to enhance security controls while making sure they don’t have any negative impact on developer productivity. Finally, developing CDE properties as a way to enhance the three ways of DevOps is a great framework to drive innovation in a meaningful way for the development community.

YOUTUBE.COM/THENEWSTACK

Tech moves fast, don’t miss an episode. Subscribe to our YouTube
channel to stream all our podcasts, interviews, demos, and more.

Group
Created with Sketch.

TNS owner Insight Partners is an investor in: Island, Docker.

This post was originally published on the 3rd party site mentioned in the title of this this site

Similar Posts