Elements of DevOps: Control

The third of our four essential application development elements is Control. It means quite simply that data is available to authorized users for sanctioned purposes and fully restricted from any unauthorized use or for any unauthorized purpose.

We’ve already demonstrated that Actifio can create near immediate access to full production data sets. But in development as in production, data has to be both accessible and secure. It’s a tricky balancing act, made all the more difficult by excess copy growth. Twenty copies of the production database with no masking or audit tracking and failed compliance doesn’t do it. More data copies will just increase the “attack surface”. That gives the bad guys more opportunity to get at it. So, the idea is to create fewer copies, decrease the number of security targets, mask sensitive data, create an audit trail and reduce overall risk.

Control of sensitive data starts with the reduction of excess copies as a common sense means to manage potential vulnerabilities. To be effective, it must be combined with audit logs and access controls and several other security protocols like intrusion detection and integrity monitoring. What’s essential is that the system incorporates all key technical standards and multiple levels of data security that will address physical, virtual and hybrid environments. It’s fast, simple to understand and operate. It supports and helps to reinforce broader enterprise security strategies.

Actifio enables IT administrators or application owners to set role-based data access controls (RBAC). This provides a fine-tuned capability to manage who gets access to which data sets on which test servers. It also includes an audit trail, all automated and updated automatically.

We know that developers get more complete and accurate results when working with full production data sets. At the same time some sensitive data has no bearing on the development process. So, for security and privacy reasons this data can be automatically masked before DEV & QA teams get access

It’s all part of Actifio’s workflow that permits an authorized administrator to create a specific data masking script, server and schedule. An image is then mounted to the server and the masking script invoked. As a result, all accessible virtual copies are created from the masked version ensuring only safe copies are used in development and QA. As the db is updated incremental changes also get masked.

Another aspect of control comes with industry specific regulations. For example, financial rules can require a database or application to recreate a particular point-in-time for analytics or forensic analysis. Actifio can be set for each individual application to retain images that enable this in short-term history or deduplicated and compressed for long-term retention. The innovation and effort applied to development and test data is also efficiently protected so that users can browse back in time to restore any point-in-time data- set.

All of the Actifio capabilities for secure and efficient development are available for remote or cloud development, including replication optimization, continuous updates, and automated data masking. That means capabilities can be efficiently deployed in remote office locations, at a service provider, or in the public cloud. In some cases service providers also take advantage of available APIs to integrate Actifio functionality into their own portals. It helps to promote easy service access and provide their clients with heightened data control.

[hs_action id=”13417″]