Why BDR is the Secret to DevOps Security Testing
December 06, 2017

Gabe Gambill
Quorum

There was a time in cybersecurity strategy when most IT leaders considered perimeter and endpoint guards like antivirus and authentication controls to be the sum of network protection. But as attacks continue to increase in frequency and sophistication, leaders and DevOps teams have been focusing on the role of backup and disaster recovery in mounting a strong defense.

By stockpiling copies of your data, backup and disaster recovery (BDR) is clearly the last line of defense when all other defenses fall to attackers. But today's solutions go beyond simple backups and can strengthen security in several ways:

Speed. Long delays in recovery are a security risk, with Ransomware being a clear example. If your attackers shut you down in a demand for money, you only have a short window in which to get back online and evade the attack. Downtime can also create additional security gaps and risky user workarounds. A good BDR solution lets you spin up a replica environment in minutes after any security, site, systems or storage failure – helping you maintain services while you deal with the breach.

Simplicity. A unified BDR solution can dispense with the chaos of multi-vendor solutions, giving your team time to focus on more important security work. A simplified failover process can accelerate recovery, while automation can further protect the availability and integrity of your backup data.

Encryption. Because criminals can steal backups like any other information, a good BDR solution will encrypt backup data to disguise it from unauthorized eyes. This can also help mitigate the cost and damage of notification laws after a breach, as HIPAA and other regulatory institutions will often lessen certain financial penalties and requirements when encryption is in place.

Modern BDR offers another security benefit that's particularly of interest to developers – testing.

The Challenge of DevOps Testing

Both DevOps and BDR teams have this in common: you both strive for speed. Just as developers want to move fast in testing and deploying products, a good BDR solution helps teams shrink downtime windows from hours to mere minutes. So it's no surprise that modern BDR solutions can now provide an advantage when it comes to DevOps testing.

Just about every dev manager wishes they could do more testing. It's the golden rule of software development: Always Be Testing. Wait for the end of the development lifecycle to check all your components and you've created a mountain of do-overs for the team. But ongoing testing helps you course-correct as you go along, hitting your target dates for successful development cycles. Without that adequate testing, the likelihood of security vulnerabilities grows to almost a certainty.

But if your dev team is typical, you're constantly heads down on your latest and greatest project. Time is usually in short supply. You know that you need to write and test your code in a perfect copy of the production environment, if you want your software to meet security requirements when it goes to production. But it's usually tough to find time to run the newest changes or do so in a virtualized workspace that can completely simulate a real-world environment.

This is when using a sandbox testing feature in modern BDR solutions helps.

The Value of Sandbox Testing

Today's next-gen BDR offerings can do double duty: they offer advanced backup and disaster recovery and act as a valuable development platform. A sandbox feature can offer a carbon copy of your environment running a critical production workload, helping you identify security and performance issues in an ideal testing ground. You can test on the fly, teasing out vulnerabilities without sacrificing speed or efficiency.

Because not every BDR solution will offer the right kind of sandbox testing feature, here's what to look for:

■ A sandbox with enough compute, storage, and flexibility to handle most of your DevOps initiatives

■ The ability to test patches, service packs, database migrations and other updates before deploying them into production

By turning a BDR sandbox into your newest virtual DevOps workspace, whatever you're testing is that much more likely to look like the finished product once the project goes live.

Stronger Defenses, Smarter Development

We all know that with numerous test phases comes more security. With the ongoing rise in cybersecurity, the importance of adequate testing is stronger than ever. Your DevOps team no longer needs to choose between timely development cycles and identifying security issues. When your team has the ability to fully vet a new platform, software or development initiative, you can feel confident that your product will be successful and secure. A BDR solution with a secure sandbox feature that's essentially a built-in DEV environment provides you with that ability – giving you safe and speedy disaster recovery, an easier dev cycle and a better-defended product in the end.

Gabe Gambill is VP of Product & Technical Operations at Quorum
Share this

Industry News

December 11, 2019

Bonitasoft announced that the Bonita platform is now available with advanced low-code features that permit better collaboration between citizen developers and professional developers.

December 11, 2019

Solo.io announced WebAssembly Hub, a service for building, sharing, discovering and deploying WebAssembly (Wasm) extensions for Envoy Proxy-based service meshes.

December 11, 2019

Datawire unveiled the new Ambassador Edge Stack 1.0, an integrated edge solution that empowers developer teams to rapidly configure the edge services required to build, deliver and scale their applications running in Kubernetes.

December 10, 2019

Redgate Software launched its fourth annual State of Database DevOps Survey.

December 10, 2019

Compuware has signed a definitive agreement to acquire the assets of INNOVATION Data Processing, a provider of enterprise data protection, business continuance and storage resource management solutions serving the mainframe market.

December 10, 2019

Dynatrace announced its Autonomous Cloud Enablement (ACE) Practice to accelerate DevOps’ movement to autonomous cloud operations.

December 09, 2019

NS1, announced the expansion of its suite of integrations to include Kubernetes, Consul, Avi Networks (VMWare NSX), NGINX, and HAProxy.

December 09, 2019

CloudBees announced an extension of its partnership with Google. As a Google Cloud Run launch partner, CloudBees will offer developers more flexibility in their deployment of containerized applications.

December 09, 2019

EPAM Systems has expanded its crowdtesting software solutions to enable user story testing.

December 05, 2019

Parasoft announced the newest release of Parasoft C/C++test, the unified C and C++ development testing solution for enterprise and embedded applications.

December 05, 2019

Datadog announced Security Monitoring, a new product that enables real-time threat detection across the entire stack and deeper collaboration between security, developers, and operations teams.

December 05, 2019

Pulumi announced the availability of Pulumi Crosswalk for Kubernetes, an open source collection of frameworks, tools and user guides that help developers and operators work better together delivering production workloads using Kubernetes.

December 04, 2019

CloudBees announced a Preview Program for CloudBees CI/CD powered by Jenkins X, a Software as a Service (SaaS) continuous integration and continuous delivery solution running on Google Cloud Platform.

December 04, 2019

Rancher Labs announced the general availability of K3s, their lightweight, certified Kubernetes distribution purpose built for small footprint workloads, along with the beta release of Rio, their new application deployment engine for Kubernetes that delivers a fully integrated deployment experience from operations to pipeline.

December 04, 2019

WhiteSource announced a new integration with Codefresh, the Kubernetes-native CI/CD solution.