Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

How Developers Can Benefit From SSE 

By: on Leave a Comment

If you’ve been following the developments in the networking and security space, SASE and SSE are all the rage. The advent of the cloud led to distributed applications, then SaaS, and then the events of 2020 created the distributed workforce. The first pushed legacy networking and security solutions to the limit; the second sent them over the red line and the third blew up the engine.  Gluing your network and security together using technologies like IPSec VPNs, split tunneling and firewalls everywhere with a healthy amount of praying you won’t get hacked does not cut the mustard anymore. This approach is risky, expensive and, most importantly, puts an undue burden on a business’s most critical resource: Its human capital and its workforce. But this article is not about how to secure the hybrid workforce; there has already been much ink spilled about that already. Instead, let’s explore how solutions like the security service edge (SSE) can help another critical group be more productive as well as secure: Your developers.

Meet the Wizards of IT

 

 

In any IT shop, the developers are the creators. They are the wizards who construct and integrate the applications a business runs on. To create their art, the developer must rely on stable infrastructure and processes provided by the rest of IT. Therein lies the rub. While ‘demanding’ and ‘exacting’ are often terms used by the teams supporting those developers, the wizards have a point.  Consider how dev, test and QA environments are created. As much as the developers demand (rightfully so) a digital replica of ‘production,’ doing so is an intensive challenge fraught with risk and cost. How do you stand up an exact replica with all the systems and resources (costly)? How do you include all production data (risky from a security perspective) and how do you grant access to these environments? What about networking? How do you manage all the networking needs, such as IP addresses, routing and packet switching, while also managing the requirements for security? This can get expensive from both technology and a human capital perspective, not to mention all the bespoke scripting which must go into such an endeavor.

The Wrong Way to Grant and Secure Access to Environments

And 36 months ago, I was asked to provide such an environment. The need was real. The company I worked for had just spent four years migrating off three monolithic ERP systems supporting their core business, our retail functions and distribution. Like many companies, they moved to a distributed set of applications running on-premises, in the cloud and several SaaS solutions. As each of these environments needed to be integrated, changes in one had to be validated in the other. For instance, if a developer adjusted how an order coming into the main system was presented, would it flow through to the rest of the system? In the legacy monolithic environment, testing was straightforward. It involved one or two IBM AS400s partitioned out. Testing was easy to do. With a distributed solution, the testing involved a federation of systems. Many more moving parts! After a few outages involving bad data, I was asked if we could create digital triplets consisting of dev, test and QA. After several weeks of meetings, the answer was “Yes,” but with the understanding that it would cost the company $2 million in hardware and software and require five new people. The finance team quickly shelved the idea. A substantial part of the cost and headcount was on the infrastructure side. Replicating the environments, the networking, maintaining security and the staff to manage it made up the majority of the cost.

 SSE – The Right Way to Grant and Secure Access

Enter the security service edge (SSE). Simply put, it is cloud-delivered network and security based on zero-trust principles. It starts with identity and allows IT and security to deliver the applications the employee needs and only those applications, nothing else. Even better, the technology is agnostic to the communications medium and location. The service can be delivered on campus, remotely or even at home. It follows and adapts to the needs of the modern employee. This set of solutions can also be leveraged by the developer to gain access to their environments without exposing sensitive data or creating collisions with production systems. Here is an example.  

Say a retail company migrated to a new distributed ERP solution. The new solution runs on-premises, in the cloud and requires a SaaS component. The production version could be replicated into its digital triplets of dev, test and QA. Then each could be accessed and secured using an SSE solution. The result is zero-trust access governed by adaptive trust through both identity and device posture. This means I can now have full replicas (including the exact IP addresses) of production with secured access and validation. With this bubble in place, I can test each environment under real-world conditions. Need to test iPhone access from a remote location to make sure the mobile app can input data? Easily done with full security along with digital experience monitoring. Need to allow a third-party vendor access to make an update to a service? Again, easily done with an agentless solution (again; full security, digital experience along with the ability to monitor their access in near-real-time). Better yet, using SSE does not require the high personnel and infrastructure overhead of the past. You can fulfill the requirements for the developers at a fraction of the cost and manpower.  

SSE is not just for the remote workforce. It can also be a game changer for developers. If you want to hear more, check out episode 20 of the Incubator Podcast. Or, if you would like to discuss this, reach out to me at john.spiegel@axissecurity.com.