Improving security posture using ephemeral development environments
Talia Moyal
Head of Outbound Product at Gitpod
May 29, 2024
TL;DR: Securing development environments is especially challenging when developers often find workarounds to security policies that impact their productivity. Ephemeral development environments offer a no-compromise solution where security policies can be applied and followed automatically without impacting developer experience. Why? They drastically reduce attack surface areas and provide security teams with an ‘eject’ button without hurting development workflows. Gitpod is the only cloud development environment vendor on the market with ephemeral development environments.
What is a cloud development environment?
Simply put, cloud development environments are where developers write, test and review code. They are used by companies like Uber, Slack, Stripe and many more in order to improve developer experience, productivity and most importantly, security posture.
A CDE shifts development work off a developer’s physical device and into the cloud. Developers have a ‘window’ into their environment via an editor of their choice, and all of the processing, computation, secrets access and source code is stored remotely, off of the developers device.
Historically, organizations used virtual desktop infrastructure (VDI) to keep sensitive data away from physical devices. However, we now know that VDI can drastically impede productivity and slow a company’s time to market. CDEs don’t have this developer experience or security compromise.
Cloud development environments are automated, ensuring security best practices are adhered to by default. In Gitpod, each new development environment is created according to a configuration file stored in the same repository as the developer’s code. The environment configuration undergoes review cycles, similar to the processes for any other production-ready code. Gitpod environments are also ephemeral, meaning they are short-lived and temporary. But, why is ephemerality so important for security?
The security benefits of ephemeral environments
To reiterate, ephemeral development environments are short-lived. They only have access to code, systems, and networks for a temporary period of time. Any successful attempt to compromise an ephemeral environment will gain minimal system access as that access is only granted for a short-lived amount of time.
Additionally, ephemeral environments are built to be destroyed. If a breach is confirmed, you can wipe and restart an environment without hurting the developers productivity or workflow, and with confidence that any threat is immediately contained. The impact of this is:
No accumulated vulnerabilities
No persistent malware
Limited exposure to security threats
Minimized malware risks
Protection against code exfiltration
Static environments are long-lived and typically hold broad access to more code than the current task, creating a larger vulnerability surface area.
Below is a breakdown of the differences between ephemeral and static environments:
| Ephemeral environments | Static environments | |
|---|---|---|
| Live time | Hours, or even minutes. | Days, weeks, years. |
| Secrets | Secrets are short-lived and temporary. When a developer’s task is complete, access tokens expire. Meaning any leaked access has temporary and short-lived access. | Secrets are long-lived. If an environment is compromised, secrets can be used repeatedly by an attacker for an indefinite period of time. |
| Network access | Ephemeral environments only have access to any networks that they need to complete a given task. | Static environments have access to all networks relative to any work being completed on the device. This often means very broad access to internal systems or networks. |
| Physical compromise | Ephemeral environments run in the Cloud, benefiting from many layers of physical protection. If a compromise is detected, environments can be shut down immediately. | Static environments often exist on physical hardware that can be stolen, preventing easy retrieval of assets like source code. |
| Threat outside of use | Ephemeral environments are shut down when not in use, rendering them only open to attack during active use. | Provided a device has power and is connected to a network, static environments are constantly open to threat. |
| Attack surface area | Ephemeral environments only work on small amounts of source code at a time, and do not provide access to a larger codebase. | Static environments typically store source code for many projects or tasks. If physically stolen, or compromised, exfiltration can be performed on a larger codebase or assets. |
| Ability to reset | Ephemeral environments reset to a known secure baseline, effectively reducing the blast radius upon compromise. | Malware can creep into static environments posing a threat to any future code which is written and pushed to repositories. |
If you’re interested in learning more about how Gitpod cloud development environments can enhance your security posture and developer experience, book time to speak to our team or try Gitpod Enterprise free for 30 days.
Talia Moyal
Head of Outbound Product at Gitpod
Last updated
May 29, 2024
