When It Comes to Remote Access, Developers Have Specific Needs – Security Boulevard

When It Comes to Remote Access, Developers Have Specific Needs – Security Boulevard

Fernando Montenegro

Principal Research Analyst, S&P Global Market Intelligence


It’s now been over slightly over 18 months since the WHO officially declared COVID-19 a pandemic. As organizations raced to respond to the new safety needs, information security emerged as one of the most active areas for accelerated or new initiatives. For many organizations, rethinking remote access – once reserved for back-end IT workers, ‘road warriors’ or the occasional work-from-home (WFH) need, but suddenly affecting a much larger share of employees, particularly ‘knowledge workers’ – shot up as a high priority.

The nuance, though, is that not every knowledge worker has the same needs. Developers or IT engineers, for example, have very distinct work patterns compared to those in sales, marketing, finance, research, legal, etc. Your typical modern developer will be accessing multiple disparate systems, often each with different security postures and requirements. Typical developer access may include application-level access to a source code repository, with the complexity hidden away by a client application; access to an integration system front-end via a web interface; shell access to a variety of development or test systems to investigate application behavior; or even administrative-level access to production systems for occasional troubleshooting of urgent production issues. All of which are likely located in a mixture of datacenter, on-premises, hybrid- and multi-cloud locations.

It goes without saying that all this activity needs to be properly secured. One of the interesting aspects of modern security is that this does not need to be an adversarial relationship: our research indicates that there is broad agreement that security is a top-level requirement and that there is increased usage of security tooling – be it application security, network security, data security, and others – throughout the development lifecycles. The key challenges in deploying security controls are doing so in a way that doesn’t overtly impact developer/engineer productivity and that does so in a way that addresses the inherently siloed nature of each application or system being used.

Some may wonder: “Is it really necessary to rethink this? What’s the worst that can happen if we stick with what we have?” Well, consequences will vary. If nothing else, managing the different needs of developers and engineers the same way as traditional remote workers introduces friction and likely lowers productivity as those professionals need to keep details of diverse login information for different systems and platforms. If, as an alternative to this, access is just left open, there’s evidence of numerous incidents where public interfaces for managing cloud-native information were abused, followed by cryptomining and other unwanted actions. …….

Source: https://securityboulevard.com/2021/11/when-it-comes-to-remote-access-developers-have-specific-needs/