Many articles have discussed the benefits of DevOps in the cloud. For example, the centralization of cloud computing provides DevOps automation with a standard platform for testing and development; the tight integration between DevOps tools and cloud platforms lowers the cost associated with on-prem DevOps automation technology; and cloud-based DevOps reduces the need to account for resources leveraged as it tracks the use of resources by data, application, etc. With all these benefits, cloud-based DevOps seems to provide more flexibility and scalability to organizations, allowing software developers to produce better applications and bring them to market faster.
However, moving the entire application testing, development, and production process to the cloud may cause security issues. In this post, we discuss the security issues associated with a fast-moving, cloud-based DevOps environment and ways to mitigate those issues without impacting speed to market.
Protect Data from Breaches
If the recent Uber data breach taught us anything, it’s that protection around production data disappears as soon as you make a copy of that data. In the case of the Uber breach, the hackers worked their way in via the software engineering side of the house. Software engineers then became compromised users as their login credentials were stolen, giving hackers access to an archive of sensitive rider and driver data (a copy of production data).
Get the Realistic Data You Need, When You Need It
As a developer, you may get frustrated with security restrictions placed around using production data for testing and development. But if you think about it for a moment, a data breach could cost you and the security folks their jobs when the finger of guilt points your way. Nonetheless, while it is important to prevent sensitive data from breach, it is also critical for companies to deliver software faster to the market and maintain high quality, especially when competitors are adopting cloud to increase the pace of software development. As a developer, your mission is to deliver quality code on time and in order to do so, you need realistic data to put your code through its paces. And yet it can be time consuming to get approvals from the security team and wait for DBAs to extract data from production databases.
Data Masking Removes Sensitive Information
The good news is there’s technology available to balance the needs from both ends. Data masking has proven to be the best practice in removing sensitive information while maintaining data utility. Data masking (or pseudonymization) has been referenced by Gartner (account required) and other industry analysts as required elements for data protection. This technology replaces sensitive data (access to which should be limited to a need-to-know basis) with fictional but realistic values to support DevOps in the cloud without putting sensitive data at risk. The masked data maintains referential integrity and is statistically and operationally accurate. For example, let’s say a data record shows that Terry Thompson is 52 years old and that his social security number (SSN) is 123-00-4567. After the data is masked, that record may then become John Smith whose SSN is 321-98-7654. The masked data retains the exact format of the original (real) data, maintaining the data richness that allows developers to do their jobs.
Data masking replaces original data with fictitious, realistic data
Security and Productivity Go Hand in Hand
With data masking, companies don’t have to choose between security and productivity, which tends to be one of the most common dilemmas. Data masking ensures the data being used is anonymized and always protected—regardless of how it is being used, by whom, and how often it is copied. It’s the key for developers to embrace all the benefits associated with the cloud. Masking sensitive information in the cloud gives developers peace of mind when producing better applications and allows you to truly bring those apps to market faster without getting a red light from the security team. Better still, the finger of guilt can’t point in your direction in the event a hacker breaks in because you never had the data to begin with.
Watch our whiteboard video session to learn more about data masking and how it works.
This is a Security Bloggers Network syndicated blog post authored by Sara Pan. Read the original post at: Blog | Imperva