0

Asking as a developer:

There seems to be a lot of tension between what developers want/need and what the Security Team would like to have locked down at a lot of development shops.

Approved operating system configurations, anti virus and DLP software frequently conflict with the requirements of developers to efficiently get-stuff-done when it isn't outright causing SDKs to fail, dev toolchains to perform poorly, or blocking access to new and interesting technologies developers need to stay current and relevant. Also, lets be real, developers frequently encountered their passion through gaming, and being able to game prevents burnout and maintains developer passion for their job.

I've seen some solutions mentioned including ideas around running two networks: a clean network thats only connected to via IT approved machines, that is used to access company IP, and a 'developer' network that's more ... wild west.

Are there any white papers or other resources that dive deeper into the best practices surrounding these, and/or other techniques for achieving acceptable compromise between the requirements of developers who need to be able to debug, install software from the internet etc. while maintaining an appropriate degree of network security around Company IP, Operations etc?

At the very least, I'd just like some correct terminology other than "clean/other" network, as the opposite of "clean" is "dirty" and that has negative connotations.

Chris Becke
  • 109
  • 2
  • 3
    Commenting as a developer - I'm not sure I would agree with your profile of developers. I certainly don't want to work in the "wild west." I want to work in a *known, predictable, stable* environment. I want to *eliminate* unmanaged variability (which, besides being a security risk, can cause wasted time troubleshooting code when the real problem is an unrelated environmental change) - not *encourage* it. And sorry, but if you really need to game or download random software, do it at home, not at work. – dwizum May 03 '19 at 18:21
  • It must be great working at your company, on a product architected with timeless paradigms and implemented on the only framework you ever need to know. In the real world you are doing your company, and your career, a disfavor if you remain deliberately ignorant of new technology, apis and directions in the marketplace. It’s not someone else’s job to tell you when to implement new frameworks, that’s yours if you wish to proceed past junior developer 1 that is. – Chris Becke May 05 '19 at 13:49

0 Answers0