Security breaches are happening earlier in the software development lifecycle. Malicious actors are targeting developer workstations for several reasons. Primarily, workstations have access to critical code and infrastructure. And the earlier a vulnerability is introduced, the more difficult it can be to identify the breach. Developers need to be able to trust their direct dependencies but also transitive dependencies.
Supply chain attacks increased by 300% between 2020 and 2021. In 2021, most cyber security breaches were caused by human error, while a smaller portion involved attacks on computers. And as we see more incidents stemming from developer workstations, developer workstation security should be a top priority for security-conscious organizations.
Poor security practices in software development translate to trust-breaking breaches and expensive losses. In fact, the average cost of a security breach in the United States reaches $9.44 million. Developers are increasingly responsible for not only the development of products but also for secure development.
Organizations, regardless of industry, must be securing developer workstations in order to be prepared for the evolving and growing number of attacks.
In Securing Developer Workstations with Docker, we cover the top security risks when developing with containers — and how to secure your workstations with Docker. By understanding the potential attack vectors, your teams can mitigate evolving cyber threats.
Let’s take a look at five actions you can take to secure your workstations.
1. Prevent malware attacks
Malware refers to malicious software meant to attack software, hardware, or networks. In container development, malware can be particularly damaging because of the potentially harmful activities to be run within the container. Malicious actors can also gain access to external systems like the host’s file system and network.
To prevent this, containers should only use trusted images and dependencies. You should also isolate and restrict permissions where possible, and run up-to-date software in up-to-date environments.
2. Build secure software supply chains
Supply chain attacks increased by 300% in 2021, and security experts don’t expect them to slow down any time soon. Supply chain attacks exploit direct and transitive dependencies.
For example, you may be familiar with Log4Shell, a vulnerability affecting an estimated hundreds of millions of devices. The vulnerability behind the infamous SolarWinds security incident was also a supply chain attack.
Secure supply chain best practices are the best way to mitigate supply chain attacks. These include making sure every step of the supply chain is trustworthy, adding key automation, and making sure brand environments are clearly defined.
3. Account for local admin rights in policies
Local admin policies ideally satisfy individual developer needs, for example, many prefer to have local admin rights. But it’s also crucial that these policies keep teams secure.
Organizations are responsible for creating and enforcing these policies that help developers work securely. And how your team handles local admin rights is a team decision.
Finding the balance of security and autonomy is an active state. You cannot achieve balance and then forget about it. Instead, organizations must regularly review tools and configurations so developers can do their jobs. Otherwise, they may run into unnecessary blockers or jeopardize their team, product, and customers by accident.
4. Prevent hazardous misconfigurations
Configurations are necessary at almost every step of the software development lifecycle. They also connect development tools with production resources, such as environments and sensitive data.
While more permissive configurations make anything seem possible — that flexibility can accidentally provide malicious actors access to sensitive resources. On the other hand, configurations that are too strict frustrate developers and limit productivity.
People don’t purposefully cause misconfiguration, but they can mitigate it. Every team and organization has its own tooling, process, and network considerations. So there’s no one-size-fits-all solution for configurations. But regardless of your organization’s needs, make sure you’re considering the developer workstations and how your IT admins manage local configurations.
5. Protect against insider threats
While external actors cause most breaches, internal actors caused 20% of breaches in 2021. Internal attackers use the same tactics as external attackers to get around security measures during the early stages of software development. For this reason, security measures that limit opportunities for external attackers also limit opportunities for internal bad actors.
Regardless of where the attack comes from, they’re happening earlier in the development cycle. Keeping this in mind should help inform secure settings, configurations, permissions, and scanning.
Hardened Docker Desktop: Stronger security for enterprises
With capabilities like Hardened Docker Desktop, we aim to empower Docker developers to work safely and efficiently without any unnecessary interruptions or distractions. In Securing Developer Workstations with Docker, we share container security best practices developed and tested by industry experts.
Read the white paper: Securing Developer Workstations with Docker.