If you are a Software Engineer at a company where security is important and is taken seriously then you are probably also having a hard time developing modern software. Modern tools and frameworks tend to trust the Internet a lot more than say your network security folks. For example, redirecting Docker to not pull from the central repository first is nearly impossible. For years the answer to developing in a secure manner meant being disconnected from the Internet (air-gapped) and or traversing some fairly aggressive network proxies such that a simple “gradle build” command will not work because it cannot reach maven central to pull down 3rd party dependencies. You and your security personnel do not have the same goals. They are trying to insure that your company doesn’t make the 6 o’clock news as the latest hacked victim and you are trying to get shit done.
I believe there is a way to make everyone happy. I’m going to start a new series on this blog that documents an architecture for a Secure Development Enclave (SDE). This SDE will able to support the newest technologies, from Microservices and Kubernetes to complete continuous deployment pipelines. This will focus on the dev side of DevOps and will draw from my experience (and heartaches) from working in these highly secured environments as a Software Engineer. This will not be just a theoretical exercise. I will also be building out a test lab to validate the architecture.
