Paper Type
Complete
Abstract
Internal developer platforms are emerging as a means of reducing the cognitive burden on software developers. They integrate independent DevOps tools into a unified framework and present a streamlined path to code publication. Forward-looking organizations have begun to adopt internal developer platforms in order to improve the efficiency and work experience among their software teams. This transition significantly alters the organization’s software development and deployment architecture. The purpose of this research is to examine the architectural changes in terms of risk management. A semi-quantitative risk analysis of the old and new architectures is performed. The architectures are compared in terms of 74 specific threat vectors. Two high-level implications are: (1) the internal developer platform provides the security team with a centralized point of control over network and authentication parameters and (2) it expands the software attack surface and creates a priority target for attackers. Further implications are discussed.
Paper Number
1412
Recommended Citation
Shropshire, Jordan and van Devender, Maureen S., "Analyzing Risks to Internal Developer Platforms" (2024). AMCIS 2024 Proceedings. 33.
https://aisel.aisnet.org/amcis2024/security/security/33
Analyzing Risks to Internal Developer Platforms
Internal developer platforms are emerging as a means of reducing the cognitive burden on software developers. They integrate independent DevOps tools into a unified framework and present a streamlined path to code publication. Forward-looking organizations have begun to adopt internal developer platforms in order to improve the efficiency and work experience among their software teams. This transition significantly alters the organization’s software development and deployment architecture. The purpose of this research is to examine the architectural changes in terms of risk management. A semi-quantitative risk analysis of the old and new architectures is performed. The architectures are compared in terms of 74 specific threat vectors. Two high-level implications are: (1) the internal developer platform provides the security team with a centralized point of control over network and authentication parameters and (2) it expands the software attack surface and creates a priority target for attackers. Further implications are discussed.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIGSEC