0

I have a few developers who - well, let's just say I don't have much faith in their operational security.

Time was, in the pre-COVID world, it was well understood that they didn't run IDEs directly off their laptops. That seems to have changed. Seeing progressively more requests for remote access to various resources / services, and I'm growing increasingly uneasy about this. Our VPNs are pretty well secured, support app-id and user identification, etc - so from that point of view, I'm sort-of-ok.

What are the other risks I'm dealing with here? I'm presuming normal lost laptop / business data risks...anything else?

I came into infosec from an ops / networking background rather than that kind of space, so I'm not particularly comfortable on this topic - the bounds of my ignorance are almost limitless.

schroeder
  • 123,438
  • 55
  • 284
  • 319
D0gfather
  • 71
  • 4
  • I'm confused. Are you concerned that they are accessing the IDE remotely (via VPN) or that they are running the IDE locally? It appears that you are saying both. Can you clarify? – schroeder Aug 11 '20 at 07:22
  • i am at a loss, What is the Risk here? Do you not trust your developers with the code? Or is it they use production systems / data in there development (that would be a big no no). And if you really can not trust there home environment, supply them with your own @ there home.... (than YOU will have the control you seek) – LvB Aug 11 '20 at 12:31
  • They run IDE's locally but access prod resources over the VPN (eg, SQL dbs.) so without saying as much, I'm guessing that means that yes, they're accessing prod systems in their development. It's while they've been forced to work remotely that this practice is falling more under the spotlight - we have a pretty flat network, so it's been pretty easy for slack working practices to slide under the radar. Providing them with a jump host type IDE is very much on the cards - I know that discussion's going to be a massive bunfight...so you're helping me just by asking me these questions. Thanks! – D0gfather Aug 11 '20 at 19:12

0 Answers0