Data Loss Prevention Allows Companies to Expand Their Collaboration Opportunities by Providing New Ways to Securely Share Data
Source code and data are the main IP assets consumed and generated throughout
development processes today. From a security standpoint, a Data Loss Prevention (DLP)
mechanism is one of the key features of a Virtual Workspace Infrastructure (VWI). It allows
companies to give access to source code and data without the risk of exfiltration. Using
DLP, companies might not be required to anonymize their data anymore before sharing it.
Recall that, because workspaces are based on Cloud-based Integrated Development Environments (IDE), no data ever "lands" on the physical device used by the developer, i.e. contrary to the use of a machine with a locally-installed IDE, there is no copy of the data or source code on the local device storage. While being a good thing for security, this does not prevent exfiltration of the data through other means, e.g. clipboard or network operations. To prevent this, the DLP function allows the protection of data against exfiltration while in use in a workspace, as shown in the diagram below.
The DLP function is an important enabler when collaboration involves the need to share sensitive
data. For example, when internal or remote developers need to access sensitive data to perform
their job, whether it's coding or data science exploration. The DLP function does not only protect the
data but also the source code that is created with the workspaces. Hence, companies can increase
the size of their workforce easily by getting help from temporary, probably remote development
teams and avoid sharing their intellectual property assets, i.e. source code and data. In addition,
companies might not be required to anonymize data before making it available in
for their code development or Data Science process.
A cool application is the participation in Crowd-based innovation tournaments. Innovation tournaments are routinely run today on several platforms such as Kaggle, AICrowd and others. These platforms allow companies to publish competitions and invite any individual (i.e. the Crowd) to participate in the challenge. Companies can then get an external perspective on an internal research problem. The output often takes the form of a trained model for Artificial Intelligence (AI) applications that can be put into production to support the function of a product or service. In return, the company pays the winning team a monetary prize.
|Business Scenarios for Data Loss Prevention (in a Zero-Trust Architecture)|
|✓||Hiring remote or temporary developers, e.g through outsourcing companies such as TopTal, UpWork, etc.|
|✓||Developers working on sensitive projects that require protection of source code and data|
|✓||Collaboration around coding or Data Science between companies when data has to be secured|
|✓||Projects where data locality has to be enforced by regulation|
|✓||Running data-secured innovation tournaments with the Crowd, e.g. on Kaggle, AICrowd, etc.|
The VWI Plaform Provides a Continuous Audit Function That Includes Live Logs of All Operations to Show Compliance With Most Industry Information Security Standards
As explained above, workspaces have access to a set of whitelisted project resources, with some that
might be of confidential nature. These resources are copied on a storage attached to
the workspace (see previous diagram) and the aim of the DLP mechanism is to ensure that
the copied data cannot leave
the volume unintentionally or maliciously.
The platform's DLP mechanism is securing several functions of the developers workbench such as
the network, the IDE's clipboard and others. This process is illustrated in the diagram below.
The VWI platform allows companies to have a complete control of the
network operations performed from workspaces and can enforce granular security
policies using the Zero-Trust Architecture implemented by the platform.
The clipboard in workspaces is equally well monitored such that exfiltration through it
is not possible.
In addition, as explained on the VWI page, the platform uses an Attributes-Based Access Control (ABAC) model as part of the Zero Trust Architecture. Dyamically-assessed policies using attributes to manage the DLP function are based on requirements from the ISO 27001 information security standard.
The platforms Audit Dashboard provides live logs of the workspace's operations such that data exfiltration can be easily detected and the creation of security reviews automated. This capability provides companies with an easy way to improve their DevSecOps maturity. For companies that need to show compliance with security standards, e.g. ISO 27001, generating a compliance report that covers the scope of applicability is trivial with the VWI platform.
Learn More about the Uses of a Virtual Workspace Infrastructure by Reading About Business Scenarios Below or Book a DemoBook a demo
Expand your code development capability by onboarding any talent from any location while protecting your source code and data using our Zero-Trust Architecture with Data Loss Prevention. We created a Virtual Workspace Infrastructure (VWI) to deploy Cloud IDEs with plenty of collaborative features, data security and automation.
Improve the data security of your Data Science process by using our platform to deploy Data Science Workspaces as full IDEs in your company or anywhere. Share your data securely during innovation tournaments on Kaggle. Connect to cloud pipelines and experiment management applications such as MLFlow, Kubeflow, etc. Connect your workspaces securely to code repositories, data buckets from all major cloud providers.
You can operate your company like we do, we develop our platform using our platform. Our enterprise-grade cloud IDE platform allows you to put your entire DevOps process, including all coding activities in the Cloud. Our platform enforces zero-trust architecture principles in addition to providing data loss prevention. This will provide you with a leap improvement in your DevOps security and master DevSecOps automation.