Ephemeral development environments are a zero compromise solution where security policies can be applied and followed automatically, without impacting developer experience.
TL;DR: Securing development environments is especially challenging when developers often find workarounds to security policies that impact their productivity. Ephemeral development environments offer a no-compromise solution where security policies can be applied and followed automatically without impacting developer experience. Why? They drastically reduce attack surface areas and provide security teams with an ‘eject’ button without hurting development workflows. Ephemeral development environments are now a critical foundation for AI-native software engineering. They drastically reduce attack surfaces and give enterprises a no-compromise path to combine developer velocity with strict security. Ona is this platform - built for the AI-native era.
Simply put, cloud development environments are where developers write, test and review code. They are used by companies like Uber, Slack, Stripe and many more in order to improve developer experience, productivity and most importantly, security posture.
A CDE shifts development work off a developer’s physical device and into the cloud. Developers have a ‘window’ into their environment via an editor of their choice, and all of the processing, computation, secrets access and source code is stored remotely, off of the developers device.
Historically, organizations used virtual desktop infrastructure (VDI) to keep sensitive data away from physical devices. However, we now know that VDI can drastically reduce productivity and burn out developers, while being an expensive burden on platform and IT teams. CDEs don’t have this developer experience or security compromise.
Cloud development environments are fully automated, ensuring security best practices are adhered to by default. In Ona, each new development environment is created according to a configuration file stored in the same repository as the developer’s code. This includes things like package management, linters, security scanners, and secure networking config.
Ona environments are truly ephemeral, meaning they are short-lived and temporary. But, why is ephemerality so important for security?
Ephemeral environments are short-lived and disposable. This means they only have access to code, systems, and networks for a temporary period of time. Any successful attempt to compromise an ephemeral environment will gain minimal system access as that access is only granted for as long as the environment is actively being worked on by an authorized developer - no persistent network access.
Additionally, ephemeral environments are built to be destroyed. If a breach is confirmed, you can wipe and restart an environment without hurting the developers productivity or workflow, and with confidence that any threat is immediately contained. The impact of this is:
In the age of AI-native development, this becomes increasingly important. AI agents can install outdated or vulnerable packages, and poorly generated code is becoming more commonplace in the name of velocity. Running that code in secured, zero-trust environment sandboxes allows developers to ship fast without risking the security of their machine.
Static environments are long-lived and typically hold broad access to more code than the current task, creating a larger vulnerability surface area.
Below is a breakdown of the differences between ephemeral and static environments:
If you’re interested in learning more about how Ona cloud development environments (CDEs) can enhance your security posture and developer experience, book time to speak to our team or try Ona for free below.
This website uses cookies to enhance the user experience. Read our cookie policy for more info.