M.14) Provide virtual machines / containers

Category:        Corporate Information Security

Responsible:   CSR together with PSR

Effort:              Initial 3 hours (This actually safes the company a lot of time)

Based on:       Recommendation of the author (Finding during Rentog implementation)

Like mentioned in the previous safeguard it is convenient for new employees to use existing software documentation lists to see what software they need to have installed to get ready for work. A much better solution than lists are preconfigured virtual machines (e.g. VmWare) or software containerization platforms (e.g. Docker). Both mechanisms allow to make copies of existing environments to run them on other endpoints (operating systems). This makes it possible to run a set of programs in the exact same configuration on another computer. In this way new employees (or existing employees with new computers) do not need to setup developer environments any longer, as they can simply use the virtual machine or the containers.

Aside the simplicity and the increase in productivity, this concept has also advantages from the information security perspective:

  • Employees use the same tools for development. This makes it easier to keep an overview of what needs to be updated.
  • The templates can be managed, configured and updated centrally. In this way the PSR and CSR can make sure that tools are configured securely. Also they just need to do this once and not for each employee.
  • Only Virtual Machine: If a developer uses a virtual machine and gets infected somehow by malware, only the virtual machine is infected – the host system stays clean.

 

Disclaimer

The information contained in this website is for general information purposes only. You can find more information about the accuracy of the information on the disclaimer and terms and conditions pages.