Creating a More Productive Developer Environment With Hysolate

By Oleg Zlotnik. January 27, 2021 isolated workspace for developers

Organizations face multiple challenges when they try to secure their developers’ devices:

Developers usually require unlimited access to the internet, in order to use various public resources like external code repositories and knowledge centers. Some of these websites might be malicious and pose a threat to the developer’s device, and to other linked company infrastructure and servers.

Some developers even download and run external tools or play with 3rd party code, sometimes originating from untrusted sources or containing malware.
This unlimited access may be necessary for productivity, but can be a bit of a security nightmare.

To improve developer devices’ security, organizations often install a variety of security products. However, some security products, such as antiviruses, Endpoint Protection Platforms (EPP), and Endpoint Detection and Response (EDR) products, would examine and introspect many of the files that are being accessed or being generated by common build processes or other frequent developers’ activities. 

This bottleneck can introduce significant overhead to build processes, increase the build times, and reduce productivity. Furthermore, some of the more intrusive security products can even cause compatibility problems with development environments and waste precious developer time on troubleshooting security product issues, application whitelists, etc. This can prevent your team from doing work efficiently and will increase frustration.

There is a better way to secure developers’ devices, while not compromising their productivity

Hysolate’s Isolated Workspace-as-a-service (IWaaS) is a locally deployed hyper-isolated virtual environment that provides users with the best possible intersection between user experience, compliance, and security. IWaaS is designed and built to spin up instantly on any Windows 10 computer and managed, at scale, from the cloud. This makes it easy for an admin to instantly provision an additional hypervisor-isolated operating system, splitting the physical device into two environments:

  • A development environment – a native OS restricted only to development activities – access build tools, proprietary source code, sensitive cloud infrastructure, and production servers.
  • An unrestricted environment – a virtual OS with more permissive internet access, an ability to install and test any software and access any public repositories, and a place to perform more risky activities required by the developers. This unrestricted environment is never exposed to the corporate network.

 

 

The results:

  1. Developers can freely access the internet, even on risky websites, without exposing sensitive data such as source code or production servers’ access information to attackers or malware.
  2. As risky activities are no longer performed on the development environment, security software such as antiviruses, EPP, and EDR, can be moved to the unrestricted environment or have their policy relaxed (e.g. disable the on-demand scanner).
  3. Developers can quickly run tests, experiments, and try new software packages. When needed, the VM can be reverted to a clean snapshot, both locally by the developer or remotely by the administrator.
  4. Some developers will no longer require administrative privileges in their development environment, as they have full control over the unrestricted environment.

Benefits of Hysolate for developers:

  • Create clear barriers between sensitive development assets and risky activities.
  • Reduce the build times and increase your developers’ productivity, by moving security software to the unrestricted environment.
  • Allow true freedom to your developers, by letting them access any website and test any software.
  • Reduce the IT overhead of managing the development environment by reducing the amount of software on it, hence making it more predictable.
  • By removing administrative privileges to certain developers, it’s easier to secure the development environment.

Comparing common build tasks

Tested on Windows 10 20H2, Intel i7 CPU, 16GB RAM, SSD

  • A sample NodeJS project build time:
    • EPP/EDR running on the development environment: 1:50
    • EPP/EDR running on the unrestricted environment: 1:40 (~9% improvement)
  • A sample C++ project build time:
    • EPP/EDR running on the development environment: 1:00
    • EPP/EDR running on the unrestricted environment: 0:50 (~16% improvement)
  • A sample Java project build time:
    • EPP/EDR running on the development environment: 1:00
    • EPP/EDR running on the unrestricted environment: 0:55 (~8% improvement)

Want a demo to see just how easy it is to create isolated, developer-friendly, and secure workspaces? Click here to sign up, or download this whitepaper (no contact details necessary).

About the Author

Oleg is a Software Engineer and Cyber Security veteran, with over 15 years of experience. At Hysolate, Oleg led an engineering team for several years, after which he joined as an architect to the CTO's office and has pioneered the next-gen products. Prior to Hysolate, Oleg worked at companies such as Google and Cellebrite, where he did both software engineering and security research. He began his career in the intelligence unit 8200 of the IDF and holds a B.Sc in Computer Science, Cum Laude, from the Technion.

Share this article: