As organizations have embraced DevOps to accelerate software development lifecycles, the need for access to production data has exploded accordingly. Combine with the tendency of DevOps initiatives to be built on cloud infrastructure and to prioritize speed above almost all else, and it’s no surprise that broader access to DevOps production data presents one of the most pressing security vulnerabilities of today’s cybersecurity landscape.
In 451 Research’s Voice of the Enterprise: Storage, Transformation 2020 study, 83% of respondents agreed with the statement that their organization was providing DevOps, developers and testers with self-service access to production data, with only 6% and 11% responding ‘strongly disagree’ and ‘disagree’, respectively. 451 Research also reported that organizations are increasingly turning to new data security technologies to address their at-risk DevOps datasets.
New Data Obfuscation Technologies for Securing DevOps Infrastructure
In particular, new data masking and obfuscation technologies are gaining momentum as a more powerful and nimble form of protection for DevOps data as compared to legacy solutions. In fact, 53% of organizations report they are already using data obfuscation technology, and a total of 79% will be using the technology within the next four years. As the study explains, “Innovation continues to take place in this segment – for instance, startup ShardSecure is looking to disrupt by using its technology to split sensitive data into tiny pieces and distribute them across multiple locations so that the individual pieces are meaningless in the wrong hands, a process known as ‘sharding.’”
At ShardSecure, we are seeing an increase in appetite among our customers to deploy Microsharding to protect DevOps data that is very much in keeping with these industry findings. Microsharding code makes it immutable and immune to code injection at the storage level, while mitigating the risk of accidental exposure and theft. Of course, ShardSecure’s own DevOps data is safely Microsharded as well – so how does it work?
Microsharding Code Bases
With ShardSecure’s Microshard™ technology, the organization’s code no longer resides on the traditional Git server storage. Instead, data is shredded into Microshards that can be as small as four bytes to eliminate data sensitivity, mixed and poisoned to eliminate any value and distributed to multiple storage locations to ensure it is incomplete at rest. This significantly reduces the attack surface, adds considerable friction for would-be attackers and mitigates the risk of accidental exposure by eliminating the sensitivity and value of the code.
All source code files, in Microshard form, that are called to be reassembled are checked for file integrity. If there are changes made to the Microshard data at rest, which contains code, the data will not be reassembled – thus eliminating the risk of compiling or distributing malicious code (e.g., a supply chain attack).
There are no changes to Gitlab (or Github, Bitbucket) administration and the technology is transparent to developers. There are also no performance impact and developer workflows are unaffected – a detail of paramount importance for DevOps practitioners. In fact, through the use of parallel reads and writes Microshard technology can actually yield performance gains of 2-10x. It also the only solution to provide defense in depth for data at rest, as it works with encryption on both the client or server side.
ShardSecure supports coding platforms such Github, Gitlab and more. Microsharding can be used for any unstructured data, databases (cloud and relational), backup solutions (Rubrik, Commvault, Veeam) – and more yet to be discovered. Check out ShardSecure’s Micorshard technology with a free demo here.