5 Developer Workstation Security Best Practices

Security breaches are happening earlier in the software development lifecycle. Malicious actors are

Security breaches are happening earlier in the software development lifecycle. Malicious actors are targeting developer workstations for several reasons. Primarily, workstations have access to critical code and infrastructure. And the earlier a vulnerability is introduced, the more difficult it can be to identify the breach. Developers need to be able to trust their direct dependencies but also transitive dependencies.  Supply chain attacks increased by . In 2021, most were caused by human error, while a smaller portion involved attacks on computers. And as we see more , developer workstation security should be a top priority for security-conscious organizations. Poor security practices in software development translate to trust-breaking breaches and expensive losses. In fact, the average cost of a security breach in the United States . Developers are increasingly responsible for not only the development of products but also for development. Organizations, regardless of industry, must be securing developer workstations in order to be prepared for the evolving and growing number of attacks.  In , we cover the top security risks when developing with containers — and how to secure your workstations with Docker. By understanding the potential attack vectors, your teams can mitigate evolving cyber threats. Let’s take a look at five actions you can take to secure your workstations. Malware refers to malicious software meant to attack software, hardware, or networks. In container development, malware can be particularly damaging because of the potentially harmful activities to be run within the container. Malicious actors can also gain access to external systems like the host’s file system and network. To prevent this, containers should only use trusted images and dependencies. You should also isolate and restrict permissions where possible, and run up-to-date software in up-to-date environments. , and security experts don’t expect them to slow down any time soon. Supply chain attacks exploit direct and transitive dependencies. For example, you may be familiar with Log4Shell, a vulnerability affecting an estimated hundreds of millions of devices. The vulnerability behind the infamous SolarWinds security incident was also a supply chain attack. are the best way to mitigate supply chain attacks. These include making sure every step of the supply chain is trustworthy, adding key automation, and making sure brand environments are clearly defined. Local admin policies ideally satisfy individual developer needs, for example, many prefer to have local admin rights. But it’s also crucial that these policies keep teams secure. Organizations are responsible for creating and enforcing these policies that help developers work securely. And how your team handles local admin rights is a team decision. Finding the balance of security and autonomy is an active state. You cannot achieve balance and then forget about it. Instead, organizations must regularly review tools and configurations so developers can do their jobs. Otherwise, they may run into unnecessary blockers or jeopardize their team, product, and customers by accident. Configurations are necessary at almost every step of the software development lifecycle. They also connect development tools with production resources, such as environments and sensitive data. While more permissive configurations make anything seem possible — that flexibility can accidentally provide malicious actors access to sensitive resources. On the other hand, configurations that are too strict frustrate developers and limit productivity. People don’t purposefully cause misconfiguration, but they can mitigate it. Every team and organization has its own tooling, process, and network considerations. So there’s no one-size-fits-all solution for configurations. But regardless of your organization’s needs, make sure you’re considering the developer workstations and how your IT admins manage local configurations. While external actors cause most breaches, internal actors caused . Internal attackers use the same tactics as external attackers to get around security measures during the early stages of software development. For this reason, security measures that limit opportunities for external attackers also limit opportunities for internal bad actors. Regardless of where the attack comes from, they’re happening earlier in the development cycle. Keeping this in mind should help inform secure settings, configurations, permissions, and scanning. With capabilities like , we aim to empower Docker developers to work safely and efficiently without any unnecessary interruptions or distractions. In , we share container security best practices developed and tested by industry experts. Read the white paper: .