Why BDR is the Secret to DevOps Security Testing
December 06, 2017

Gabe Gambill
Quorum

There was a time in cybersecurity strategy when most IT leaders considered perimeter and endpoint guards like antivirus and authentication controls to be the sum of network protection. But as attacks continue to increase in frequency and sophistication, leaders and DevOps teams have been focusing on the role of backup and disaster recovery in mounting a strong defense.

By stockpiling copies of your data, backup and disaster recovery (BDR) is clearly the last line of defense when all other defenses fall to attackers. But today's solutions go beyond simple backups and can strengthen security in several ways:

Speed. Long delays in recovery are a security risk, with Ransomware being a clear example. If your attackers shut you down in a demand for money, you only have a short window in which to get back online and evade the attack. Downtime can also create additional security gaps and risky user workarounds. A good BDR solution lets you spin up a replica environment in minutes after any security, site, systems or storage failure – helping you maintain services while you deal with the breach.

Simplicity. A unified BDR solution can dispense with the chaos of multi-vendor solutions, giving your team time to focus on more important security work. A simplified failover process can accelerate recovery, while automation can further protect the availability and integrity of your backup data.

Encryption. Because criminals can steal backups like any other information, a good BDR solution will encrypt backup data to disguise it from unauthorized eyes. This can also help mitigate the cost and damage of notification laws after a breach, as HIPAA and other regulatory institutions will often lessen certain financial penalties and requirements when encryption is in place.

Modern BDR offers another security benefit that's particularly of interest to developers – testing.

The Challenge of DevOps Testing

Both DevOps and BDR teams have this in common: you both strive for speed. Just as developers want to move fast in testing and deploying products, a good BDR solution helps teams shrink downtime windows from hours to mere minutes. So it's no surprise that modern BDR solutions can now provide an advantage when it comes to DevOps testing.

Just about every dev manager wishes they could do more testing. It's the golden rule of software development: Always Be Testing. Wait for the end of the development lifecycle to check all your components and you've created a mountain of do-overs for the team. But ongoing testing helps you course-correct as you go along, hitting your target dates for successful development cycles. Without that adequate testing, the likelihood of security vulnerabilities grows to almost a certainty.

But if your dev team is typical, you're constantly heads down on your latest and greatest project. Time is usually in short supply. You know that you need to write and test your code in a perfect copy of the production environment, if you want your software to meet security requirements when it goes to production. But it's usually tough to find time to run the newest changes or do so in a virtualized workspace that can completely simulate a real-world environment.

This is when using a sandbox testing feature in modern BDR solutions helps.

The Value of Sandbox Testing

Today's next-gen BDR offerings can do double duty: they offer advanced backup and disaster recovery and act as a valuable development platform. A sandbox feature can offer a carbon copy of your environment running a critical production workload, helping you identify security and performance issues in an ideal testing ground. You can test on the fly, teasing out vulnerabilities without sacrificing speed or efficiency.

Because not every BDR solution will offer the right kind of sandbox testing feature, here's what to look for:

■ A sandbox with enough compute, storage, and flexibility to handle most of your DevOps initiatives

■ The ability to test patches, service packs, database migrations and other updates before deploying them into production

By turning a BDR sandbox into your newest virtual DevOps workspace, whatever you're testing is that much more likely to look like the finished product once the project goes live.

Stronger Defenses, Smarter Development

We all know that with numerous test phases comes more security. With the ongoing rise in cybersecurity, the importance of adequate testing is stronger than ever. Your DevOps team no longer needs to choose between timely development cycles and identifying security issues. When your team has the ability to fully vet a new platform, software or development initiative, you can feel confident that your product will be successful and secure. A BDR solution with a secure sandbox feature that's essentially a built-in DEV environment provides you with that ability – giving you safe and speedy disaster recovery, an easier dev cycle and a better-defended product in the end.

Gabe Gambill is VP of Product & Technical Operations at Quorum

The Latest

November 14, 2018

What to automate? Which parts of the delivery process are good candidates? Which applications will benefit from automation? At first, those sound like silly questions. Automate all your repetitive processes. If you think that you'll do the same thing manually more than once, automate it. Why would you waste your creative potential and knowledge by doing things that are much better done by scripts? Yet, an average company does not adhere to that logic. Why is that? ...

November 13, 2018

I'd love to see more security automation deeply integrated into the development process. Everybody knows since the 1990s that security as an afterthought just doesn't work, yet we keep doing it. The reason, I think, is because it's very hard to automate security ...

November 09, 2018

DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 5, the final installment, covers deployment and production ...

November 08, 2018

DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 4 is all about security ...

November 07, 2018

DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 3 covers the development environment and the infrastructure ...

November 06, 2018

DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 2 covers the coding process ...

November 05, 2018

Everyone talks about automating the software development lifecycle (SDLC) but the first question should be: What should you automate? With this question in mind, DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 1 starts with by-far the most popular recommendation: Testing ...

October 31, 2018

Halloween is a time for all things spooky, but not when it comes to your mobile app experience. A poor experience can not only scare off your customers but keep them away for good ...

October 30, 2018

As organizations have embraced open source, they have become polyglot — using multiple programming languages and technology stacks to accomplish software and hardware related tasks. Enterprises are caught between the benefits provided by a polyglot environment and the complexities and challenges these environments bring. Ultimately, if the situation remains unchecked, polyglot will kill your enterprise ...

October 29, 2018

Factor 5 of the Twelve-Factor App relates more to processes and advises strictly separating the build and run stages. The emphasis is on identifying and separating each stage of app development, and encouraging automation between each so as to accelerate the process ...

Share this