Why BDR is the Secret to DevOps Security Testing
December 06, 2017

Gabe Gambill
Quorum

There was a time in cybersecurity strategy when most IT leaders considered perimeter and endpoint guards like antivirus and authentication controls to be the sum of network protection. But as attacks continue to increase in frequency and sophistication, leaders and DevOps teams have been focusing on the role of backup and disaster recovery in mounting a strong defense.

By stockpiling copies of your data, backup and disaster recovery (BDR) is clearly the last line of defense when all other defenses fall to attackers. But today's solutions go beyond simple backups and can strengthen security in several ways:

Speed. Long delays in recovery are a security risk, with Ransomware being a clear example. If your attackers shut you down in a demand for money, you only have a short window in which to get back online and evade the attack. Downtime can also create additional security gaps and risky user workarounds. A good BDR solution lets you spin up a replica environment in minutes after any security, site, systems or storage failure – helping you maintain services while you deal with the breach.

Simplicity. A unified BDR solution can dispense with the chaos of multi-vendor solutions, giving your team time to focus on more important security work. A simplified failover process can accelerate recovery, while automation can further protect the availability and integrity of your backup data.

Encryption. Because criminals can steal backups like any other information, a good BDR solution will encrypt backup data to disguise it from unauthorized eyes. This can also help mitigate the cost and damage of notification laws after a breach, as HIPAA and other regulatory institutions will often lessen certain financial penalties and requirements when encryption is in place.

Modern BDR offers another security benefit that's particularly of interest to developers – testing.

The Challenge of DevOps Testing

Both DevOps and BDR teams have this in common: you both strive for speed. Just as developers want to move fast in testing and deploying products, a good BDR solution helps teams shrink downtime windows from hours to mere minutes. So it's no surprise that modern BDR solutions can now provide an advantage when it comes to DevOps testing.

Just about every dev manager wishes they could do more testing. It's the golden rule of software development: Always Be Testing. Wait for the end of the development lifecycle to check all your components and you've created a mountain of do-overs for the team. But ongoing testing helps you course-correct as you go along, hitting your target dates for successful development cycles. Without that adequate testing, the likelihood of security vulnerabilities grows to almost a certainty.

But if your dev team is typical, you're constantly heads down on your latest and greatest project. Time is usually in short supply. You know that you need to write and test your code in a perfect copy of the production environment, if you want your software to meet security requirements when it goes to production. But it's usually tough to find time to run the newest changes or do so in a virtualized workspace that can completely simulate a real-world environment.

This is when using a sandbox testing feature in modern BDR solutions helps.

The Value of Sandbox Testing

Today's next-gen BDR offerings can do double duty: they offer advanced backup and disaster recovery and act as a valuable development platform. A sandbox feature can offer a carbon copy of your environment running a critical production workload, helping you identify security and performance issues in an ideal testing ground. You can test on the fly, teasing out vulnerabilities without sacrificing speed or efficiency.

Because not every BDR solution will offer the right kind of sandbox testing feature, here's what to look for:

■ A sandbox with enough compute, storage, and flexibility to handle most of your DevOps initiatives

■ The ability to test patches, service packs, database migrations and other updates before deploying them into production

By turning a BDR sandbox into your newest virtual DevOps workspace, whatever you're testing is that much more likely to look like the finished product once the project goes live.

Stronger Defenses, Smarter Development

We all know that with numerous test phases comes more security. With the ongoing rise in cybersecurity, the importance of adequate testing is stronger than ever. Your DevOps team no longer needs to choose between timely development cycles and identifying security issues. When your team has the ability to fully vet a new platform, software or development initiative, you can feel confident that your product will be successful and secure. A BDR solution with a secure sandbox feature that's essentially a built-in DEV environment provides you with that ability – giving you safe and speedy disaster recovery, an easier dev cycle and a better-defended product in the end.

Gabe Gambill is VP of Product & Technical Operations at Quorum

The Latest

September 20, 2018

The latest Accelerate State of DevOps Report from DORA focuses on the importance of the database and shows that integrating it into DevOps avoids time-consuming, unprofitable delays that can derail the benefits DevOps otherwise brings. It highlights four key practices that are essential to successful database DevOps ...

September 18, 2018

To celebrate IT Professionals Day 2018 (this year on September 18), the SolarWinds IT Pro Day 2018: A World Powered by Tech Pros survey explores a "Tech PROactive" world where technology professionals have the time, resources, and ability to use their technology prowess to do absolutely anything ...

September 17, 2018

The role of DevOps in capitalizing on the benefits of hybrid cloud has become increasingly important, with developers and IT operations now working together closer than ever to continuously plan, develop, deliver, integrate, test, and deploy new applications and services in the hybrid cloud ...

September 13, 2018

"Our research provides compelling evidence that smart investments in technology, process, and culture drive profit, quality, and customer outcomes that are important for organizations to stay competitive and relevant -- both today and as we look to the future," said Dr. Nicole Forsgren, co-founder and CEO of DevOps Research and Assessment (DORA), referring to the organization's latest report Accelerate: State of DevOps 2018: Strategies for a New Economy ...

September 12, 2018

This next blog examines the security component of step four of the Twelve-Factor methodology — backing services. Here follows some actionable advice from the WhiteHat Security Addendum Checklist, which developers and ops engineers can follow during the SaaS build and operations stages ...

September 10, 2018

When thinking about security automation, a common concern from security teams is that they don't have the coding capabilities needed to create, implement, and maintain it. So, what are teams to do when internal resources are tight and there isn't budget to hire an outside consultant or "unicorn?" ...

September 06, 2018

In evaluating 316 million incidents, it is clear that attacks against the application are growing in volume and sophistication, and as such, continue to be a major threat to business, according to Security Report for Web Applications (Q2 2018) from tCell ...

September 04, 2018

There's a welcome insight in the 2018 Accelerate State of DevOps Report from DORA, because for the first time it calls out database development as a key technical practice which can drive high performance in DevOps ...

August 29, 2018

While everyone is convinced about the benefits of containers, to really know if you're making progress, you need to measure container performance using KPIs.These KPIs should shed light on how a DevOps team is faring in terms of important parameters like speed, quality, availability, and efficiency. Let's look at the specific KPIs to track for each of these broad categories ...

August 27, 2018

Protego Labs recently discovered that 98 percent of functions in serverless applications are at risk, with 16 percent considered "serious" ...

Share this