Cybersecurity threats have become more sophisticated today as attackers continue targeting the infrastructures we rely on most. In fact, over the past 18 months, the European Union identified 24 targeted attacks on supply chains alone. By adding a stronger focus on securing internal environments and enhancing the product development environment, our Secure by Design guidelines are intended to maximize the integrity of the products we deliver. To make the most of the Secure by Design approach, here are some best practices we’ve learned and expanded along the way:
- Implement ephemeral operations. Ephemeral means “temporary,” something all IT pros should utilize during product development. Ephemeral operations are temporary environments unavailable for attackers to compromise. To create an ephemeral environment, IT pros rebuild it each time changes are made during the development process. Almost like a “separation of duties,” resources are produced on demand and tasks dismantled as soon as they’re completed, making it more difficult for threat actors to establish a home base on mission-critical systems.
- Produce deterministic artifacts. Until recently, nondeterministic data has been used during the development process, meaning the data may behave differently, although the same inputs have been used. This can be problematic, as nondeterministic data cannot clearly show if there has been any tampering during the software development process. In response, IT pros should utilize a deterministic build, so the process produces the same results from identical inputs even when run by different organizations. This further reduces the risk of any error.
- Build in parallel. By building in parallel, IT pros can simultaneously produce multiple, highly secure duplicates of new systems and establish a basis for integrity checks. These systems are called consensus-attested builds and utilize three logical environments, each with user access controls:
- Standard pipeline: This is the typical day-to-day build system with which developers and security operations personnel interact. IT pros record each build step taken in each pipeline run, cryptographically sign it, and store it in an immutable ledger database.
- Validation pipeline: Almost no one has access to this highly secure environment, and data doesn’t move beyond the network. All build jobs are handled in the validation environment, and there’s no way to interact with the system other than through highly secured and audited channels available only to DevOps personnel. The purpose of this environment is to replicate the same build process and attested build steps precisely as they’re produced in the standard setting.
- Security pipeline: The security pipeline is a collection of security checks performed at two levels throughout the software development process.
- Record every build step. By creating an immutable record of proof and providing complete traceability attestations, IT pros can produce cryptographically signed statements of fact in every build step. For any given build, the standard, validation, and security environments make receipts of the activities taken and mark them with a key. These attestations from all three pipelines are stored in an immutable database to be analyzed and validated later in the release process.
As the supply chain continues to be a prime target for hackers, it will continue to drive industry-wide initiatives to find viable solutions. We’ll have to become more innovative—and robust—through the learnings from the attacks we face. Advancements in technology have made it possible for organizations worldwide, no matter how large or small, to work together in developing software without fear of a cyber threat.
Brandon Shopp is Group Vice President, Product at SolarWinds.