+45 45 34 44 00
Need a penetration test?
Contact us for a no-obligation conversation about your security needs.
Contact us3. Secure Development Environment
Security of production, development, and continuous integration servers as well as developers’ workstations must be a priority, as they centralize access to large amounts of data.
Assess Your Risks and Implement Appropriate Security Measures
Assess the risk of the tools and processes used in your development. Make an inventory of your existing security measures and develop an action plan to improve risk coverage. Designate a person responsible for implementation.
Consider the risks for all the tools you use, including the risks associated with SaaS solutions (Software as a Service) and cloud collaboration tools (such as Slack, Trello, GitHub etc.).
Secure Your Servers and Workstations in a Consistent and Reproducible Way
Lists of recommendations regarding security for servers, workstations, and internal networks can be found in sheets no. 5 to 8 in CNIL’s guide on security of personal data.
Prepare a document describing these measures and their configuration, so security measures are implemented uniformly on servers and workstations. To reduce the workload, configuration management tools such as Ansible, Puppet, or Chef can be used.
Update servers and workstations, preferably automatically. You can set up monitoring of the most important vulnerabilities, for example by following NVD Data Feeds.
Pay Particular Attention to Access Control and Traceability of Actions
Remember to document the management of your SSH keys (use of modern encryption and key length algorithms, protection of private keys with a passphrase, regular key rotation). See the document on secure use of (open)SSH for examples of best practices.
Encourage strong authentication for the services the development team uses.
Log access to your systems and implement, if possible, automatic log analysis. To ensure reliable log files, use of generic accounts should be avoided.