Why BDR is the Secret to DevOps Security Testing
December 06, 2017

Gabe Gambill
Quorum

There was a time in cybersecurity strategy when most IT leaders considered perimeter and endpoint guards like antivirus and authentication controls to be the sum of network protection. But as attacks continue to increase in frequency and sophistication, leaders and DevOps teams have been focusing on the role of backup and disaster recovery in mounting a strong defense.

By stockpiling copies of your data, backup and disaster recovery (BDR) is clearly the last line of defense when all other defenses fall to attackers. But today's solutions go beyond simple backups and can strengthen security in several ways:

Speed. Long delays in recovery are a security risk, with Ransomware being a clear example. If your attackers shut you down in a demand for money, you only have a short window in which to get back online and evade the attack. Downtime can also create additional security gaps and risky user workarounds. A good BDR solution lets you spin up a replica environment in minutes after any security, site, systems or storage failure – helping you maintain services while you deal with the breach.

Simplicity. A unified BDR solution can dispense with the chaos of multi-vendor solutions, giving your team time to focus on more important security work. A simplified failover process can accelerate recovery, while automation can further protect the availability and integrity of your backup data.

Encryption. Because criminals can steal backups like any other information, a good BDR solution will encrypt backup data to disguise it from unauthorized eyes. This can also help mitigate the cost and damage of notification laws after a breach, as HIPAA and other regulatory institutions will often lessen certain financial penalties and requirements when encryption is in place.

Modern BDR offers another security benefit that's particularly of interest to developers – testing.

The Challenge of DevOps Testing

Both DevOps and BDR teams have this in common: you both strive for speed. Just as developers want to move fast in testing and deploying products, a good BDR solution helps teams shrink downtime windows from hours to mere minutes. So it's no surprise that modern BDR solutions can now provide an advantage when it comes to DevOps testing.

Just about every dev manager wishes they could do more testing. It's the golden rule of software development: Always Be Testing. Wait for the end of the development lifecycle to check all your components and you've created a mountain of do-overs for the team. But ongoing testing helps you course-correct as you go along, hitting your target dates for successful development cycles. Without that adequate testing, the likelihood of security vulnerabilities grows to almost a certainty.

But if your dev team is typical, you're constantly heads down on your latest and greatest project. Time is usually in short supply. You know that you need to write and test your code in a perfect copy of the production environment, if you want your software to meet security requirements when it goes to production. But it's usually tough to find time to run the newest changes or do so in a virtualized workspace that can completely simulate a real-world environment.

This is when using a sandbox testing feature in modern BDR solutions helps.

The Value of Sandbox Testing

Today's next-gen BDR offerings can do double duty: they offer advanced backup and disaster recovery and act as a valuable development platform. A sandbox feature can offer a carbon copy of your environment running a critical production workload, helping you identify security and performance issues in an ideal testing ground. You can test on the fly, teasing out vulnerabilities without sacrificing speed or efficiency.

Because not every BDR solution will offer the right kind of sandbox testing feature, here's what to look for:

■ A sandbox with enough compute, storage, and flexibility to handle most of your DevOps initiatives

■ The ability to test patches, service packs, database migrations and other updates before deploying them into production

By turning a BDR sandbox into your newest virtual DevOps workspace, whatever you're testing is that much more likely to look like the finished product once the project goes live.

Stronger Defenses, Smarter Development

We all know that with numerous test phases comes more security. With the ongoing rise in cybersecurity, the importance of adequate testing is stronger than ever. Your DevOps team no longer needs to choose between timely development cycles and identifying security issues. When your team has the ability to fully vet a new platform, software or development initiative, you can feel confident that your product will be successful and secure. A BDR solution with a secure sandbox feature that's essentially a built-in DEV environment provides you with that ability – giving you safe and speedy disaster recovery, an easier dev cycle and a better-defended product in the end.

Gabe Gambill is VP of Product & Technical Operations at Quorum
Share this

Industry News

November 30, 2022

GitLab announced the limited availability of GitLab Dedicated, a new way to use GitLab - as a single-tenant software as a service (SaaS) solution.

November 30, 2022

Red Hat announced an expansion of its open solutions publicly available in AWS Marketplace.

November 30, 2022

Sisense announced the availability of the Sisense CI/CD Git integration module.

November 29, 2022

Codenotary announced TrueSBOM for Serverless, a self-updating Software Bill of Materials (SBOM) for applications running on AWS Lamda, Google Cloud Functions and Microsoft Azure Functions that is made possible by simply adding one line to the application source code.

November 29, 2022

Code Intelligence announced its open-source Command-Line Interface (CLI) tool, CI Fuzz CLI, now allows Java developers to easily incorporate fuzz testing into their existing JUnit setup in order to find functional bugs and security vulnerabilities at scale.

November 29, 2022

Parasoft announced the 2022.2 release of Parasoft C/C++test with support for MISRA C:2012 Amendment 3 and a draft version of MISRA C++ 202x.

November 28, 2022

Kasm Technologies announced the release of Kasm Workspaces v1.12, providing major enhancements to its portfolio of digital workspaces delivering Desktop as a Service (DaaS), Virtualized Desktop Infrastructure (VDI), Remote Browser Isolation (RBI), Open-Source Intelligence Collection (OSINT), Training/Sandboxes, and Containerized Application Streaming (CAS).

November 28, 2022

Cloud4C has achieved Amazon Web Services (AWS) DevOps Competency status.

November 28, 2022

Simplilearn has acquired Fullstack Academy, for an all-cash transaction.

November 22, 2022

Red Hat introduced Red Hat Enterprise Linux 9.1and Red Hat Enterprise Linux 8.7.

November 22, 2022

Armory announced its new cloud-based solution called Continuous Deployment-as-a-Service, now available on the AWS Marketplace.

November 22, 2022

Rapid has has formally rebranded Paw to RapidAPI for Mac.

November 21, 2022

Red Hat announced the general availability of Migration Toolkit for Applications 6, based on the open source project Konveyor, aimed at helping customers accelerate large-scale application modernization efforts.

November 21, 2022

Palo Alto Networks signed a definitive agreement to acquire Cider Security (Cider).

November 17, 2022

OutSystems announced its new cloud-native development solution OutSystems Developer Cloud (ODC).