Improve security and efficiency managing developer desktops with Amazon WorkSpaces
The benefits of virtual desktop infrastructure (VDI) for managing development, test, and other IT-oriented desktop environments have been long understood by many of our global customers. These organizations realize that centralizing the compute for technical users through virtual desktops enables them to stop provisioning expensive laptops, shipping them worldwide, and worrying about how to retrieve that hardware when employees move on. As resource requirements for DevOps roles continue to increase, IT operations teams find themselves spending more time managing complex, distributed environments, where shipping physical endpoints to remote employees exposes organizations to increased business and IT security risk. As a lifelong end-user computing practitioner, it feels as though we’ve reached a breaking point and customers are increasingly embracing cloud-based virtual desktops to address these challenges. By leveraging AWS End User Computing (EUC) services like Amazon WorkSpaces, IT organizations can provision these environments on-demand without any incremental investment in hardware or software.
Distributed approach and challenges
Many companies have globally distributed technical teams consisting of developers, testers, and system administrators. Traditionally, organizations enable these full-time and contract employees with company-owned physical endpoint devices and leverage PC lifecycle management solutions to administer those assets as efficiently as possible. However, laptops have gotten more expensive and shipping costs have increased, especially to international destinations. Additionally, developer workstation resource requirements change rapidly, which means frequently refreshing hardware to maintain developer productivity. These types of technical environments are particularly tricky due to the frequency of high-intensity compiling activities, management of multiple desktop and server builds, and other tasks that are specific to DevOps environments.
Cyber security and audit concerns
Beyond the logistic, financial, and productivity challenges, there are concerns related to IT security risk specific to developers and other technical employees operating with distributed desktop environments. As the guardians of the organization’s digital intellectual property, these users are prime targets for bad actors and malicious attacks. They often, if not always, need admin-level privileges to their development environments, making their system vulnerable to attackers who attempt to gain access to the network through the endpoint.
None of these vulnerabilities are lost on IT security auditors, who are concerned with the physical risks of shipping devices overseas and ensuring their safe return as well as the patching of these company-owned laptops. Most importantly, organizations worry about potential data exfiltration of the company’s core IP, which in a distributed configuration, frequently sits on the endpoint. We often find that Tech Risk teams are the ones who ultimately drive the need to think differently about enabling technical employees.
Amazon WorkSpaces for Developers
By centralizing development environments using WorkSpaces (and Amazon AppStream 2.0 in certain scenarios), many AWS customers have alleviated the aforementioned challenges, have gotten “out of the laptop business”, and no longer need to manage the procurement, shipment, and logistics related to company-owned devices. They simply provision development environments as one or more WorkSpaces instances in the AWS Cloud and have their technical employees connect from personally-owned hardware through a bring your own device (BYOD) model. This approach ensures that sensitive source code is only accessed on centralized systems and never downloaded to the endpoint. Additional development environments are easily provisioned on-demand by the user, a process that can be automated by the IT operations teams. Developers can request resource upgrades or in many cases, provision a more powerful instance type through self-service.
Because all of this is done with AWS EUC services, there is no need for IT to deploy their own VDI stack on-premises or through Infrastructure as a Service (IaaS). WorkSpace instances are available globally through numerous AWS Regions, giving organizations choice and flexibility as to where they provision their virtual developer environments. With WorkSpaces, IT operations teams can realize all the benefits of a centralized computing approach for their most demanding technical employees through a financial model that aligns directly with the utilization of these DevOps environments.
If you are interested in learning more about how to support developers and other technical IT users with AWS End User Computing (EUC) services, please contact your AWS account team or the EUC Specialist team.
|Jeff Fisher has more than 25 years of experience as a pioneer, evangelist, and customer advocate for End User Computing (EUC) solutions. He is currently a Global Sales Specialist for End User Computing at AWS covering the largest Financial Services, Manufacturing, and Telco accounts in North America.|