Why BDR is the Secret to DevOps Security Testing
December 06, 2017

Gabe Gambill
Quorum

There was a time in cybersecurity strategy when most IT leaders considered perimeter and endpoint guards like antivirus and authentication controls to be the sum of network protection. But as attacks continue to increase in frequency and sophistication, leaders and DevOps teams have been focusing on the role of backup and disaster recovery in mounting a strong defense.

By stockpiling copies of your data, backup and disaster recovery (BDR) is clearly the last line of defense when all other defenses fall to attackers. But today's solutions go beyond simple backups and can strengthen security in several ways:

Speed. Long delays in recovery are a security risk, with Ransomware being a clear example. If your attackers shut you down in a demand for money, you only have a short window in which to get back online and evade the attack. Downtime can also create additional security gaps and risky user workarounds. A good BDR solution lets you spin up a replica environment in minutes after any security, site, systems or storage failure – helping you maintain services while you deal with the breach.

Simplicity. A unified BDR solution can dispense with the chaos of multi-vendor solutions, giving your team time to focus on more important security work. A simplified failover process can accelerate recovery, while automation can further protect the availability and integrity of your backup data.

Encryption. Because criminals can steal backups like any other information, a good BDR solution will encrypt backup data to disguise it from unauthorized eyes. This can also help mitigate the cost and damage of notification laws after a breach, as HIPAA and other regulatory institutions will often lessen certain financial penalties and requirements when encryption is in place.

Modern BDR offers another security benefit that's particularly of interest to developers – testing.

The Challenge of DevOps Testing

Both DevOps and BDR teams have this in common: you both strive for speed. Just as developers want to move fast in testing and deploying products, a good BDR solution helps teams shrink downtime windows from hours to mere minutes. So it's no surprise that modern BDR solutions can now provide an advantage when it comes to DevOps testing.

Just about every dev manager wishes they could do more testing. It's the golden rule of software development: Always Be Testing. Wait for the end of the development lifecycle to check all your components and you've created a mountain of do-overs for the team. But ongoing testing helps you course-correct as you go along, hitting your target dates for successful development cycles. Without that adequate testing, the likelihood of security vulnerabilities grows to almost a certainty.

But if your dev team is typical, you're constantly heads down on your latest and greatest project. Time is usually in short supply. You know that you need to write and test your code in a perfect copy of the production environment, if you want your software to meet security requirements when it goes to production. But it's usually tough to find time to run the newest changes or do so in a virtualized workspace that can completely simulate a real-world environment.

This is when using a sandbox testing feature in modern BDR solutions helps.

The Value of Sandbox Testing

Today's next-gen BDR offerings can do double duty: they offer advanced backup and disaster recovery and act as a valuable development platform. A sandbox feature can offer a carbon copy of your environment running a critical production workload, helping you identify security and performance issues in an ideal testing ground. You can test on the fly, teasing out vulnerabilities without sacrificing speed or efficiency.

Because not every BDR solution will offer the right kind of sandbox testing feature, here's what to look for:

■ A sandbox with enough compute, storage, and flexibility to handle most of your DevOps initiatives

■ The ability to test patches, service packs, database migrations and other updates before deploying them into production

By turning a BDR sandbox into your newest virtual DevOps workspace, whatever you're testing is that much more likely to look like the finished product once the project goes live.

Stronger Defenses, Smarter Development

We all know that with numerous test phases comes more security. With the ongoing rise in cybersecurity, the importance of adequate testing is stronger than ever. Your DevOps team no longer needs to choose between timely development cycles and identifying security issues. When your team has the ability to fully vet a new platform, software or development initiative, you can feel confident that your product will be successful and secure. A BDR solution with a secure sandbox feature that's essentially a built-in DEV environment provides you with that ability – giving you safe and speedy disaster recovery, an easier dev cycle and a better-defended product in the end.

Gabe Gambill is VP of Product & Technical Operations at Quorum

The Latest

July 19, 2018

Despite 95 percent of CIOs expecting cyberthreats to increase over the next three years, only 65 percent of their organizations currently have a cybersecurity expert, according to a survey from Gartner. The survey also reveals that skills challenges continue to plague organizations that undergo digitalization, with digital security staffing shortages considered a top inhibitor to innovation ...

July 17, 2018

In my first blog in this series, I highlighted some of the main challenges teams face with trying to scale mainframe DevOps. To get past these hurdles, the key is to develop an incremental approach that enables teams to capture value along each step of the journey ...

July 16, 2018

The key to mainframe DevOps success is in quickly identifying and removing major bottlenecks in the application delivery lifecycle. Major challenges include collaboration between mainframe and distributed teams, lack of visibility into the impact of software changes, and limited resource flexibility with scaling out necessary testing initiatives. Now let's take a closer look at some of these key challenges and how IT departments can address them ...

July 11, 2018

How much are organizations investing in the shift to cloud native, how much is it getting them? ...

July 10, 2018

In the shift to cloud native, many organizations have adopted a configuration-as-code approach. This helps drive up application deployment velocity by letting developers and DevOps teams reconfigure their deployments as their needs arise. Other organizations, particularly the more regulated ones, still have security people owning these tools, but that creates increased pressure on the security organization to keep up. How much are organizations investing in this process, and how much is it getting them? ...

June 28, 2018

More than a third of companies that use serverless functions are not employing any application security best practices and are not using any tools or standard security methodologies to secure them, according to the State of Serverless Security survey, conducted by PureSec ...

June 27, 2018

The popularity of social media platforms and applications is spurring enterprises to adopt "social business" models to better engage with employees and customers and improve collaboration, according to a new study published by ISG ...

June 25, 2018

The previous chapter in this WhiteHat Security series discussed Codebase as the first step of the Twelve-Factor App and defined a security best practice approach for ensuring a secure source control system. Considering the importance of applying security in a modern DevOps world, this next chapter examines the security component of step two of the Twelve-Factor methodology. Here follows some actionable advice from the WhiteHat Security Addendum Checklist, which developers and ops engineers can follow during the SaaS build and operations stages ...

June 21, 2018

DevSecOps is quickly gaining support and traction, within and beyond information security teams. In fact, 70% of respondents believe their culture can embrace the change needed to fuse Security and DevOps, according to a new survey of 80 security professionals by Aqua Security ...

June 20, 2018

The larger the company size, the higher the proportion of low IT performers, according to the State of DevOps: Market Segmentation Report from Puppet, based on the 2017 State of DevOps Survey data ...

Share this