While it is necessary to provide adequate security measures in your environment, it's important to be aware of the unique needs of your developers and coders. Their work often involves accessing and interacting with various applications like GitHub, which may lead to issues if proxy services interfere with their work. Here are some recommendations:
Bypass SSL Inspection for Specific Applications
While not generally recommended, it may be beneficial to bypass SSL Inspection for applications such as GitHub, which developers frequently use. This ensures that developers' traffic is not interfered with during their code creation. Instead, opt to utilize Netskope's API-enabled protection to provide visibility and partial control over the data inside GitHub. Remember that GitHub traffic would be inspected if accessed by anyone outside of the Developers User Group.
To cater to developers' needs, you have two main deployment mode options:
API-enabled Protection - This mode gives a deep insight into all files and users within the cloud app instance of GitHub. Administrators can use the personalized dashboard to perform real-time queries and quickly group, filter, and drill-down on data and transactions. An API Data Protection policy with a data loss prevention (DLP) profile is needed to view relevant violation information.
Forward Proxy - This mode provides visibility and control of all websites, applications, app instances, and activities accessed by Developers. This allows control over data movement and storage, ensuring adherence to organizationally mandated storage locations.
Several Forward Proxy and API-Enabled Protection policies could be implemented for Developers, including:
Forward Proxy Policies
Restricted Instances: Provide Justification on the upload of source code to Non-Corporate Instances of Sanctioned Cloud Applications.
Restricted Applications: Provide Justification on the upload of source code to Unsanctioned Applications.
Restrict Endpoint Controls: Provide Justification on the upload of source code to USB. Disallow the printing of any files.
Restrict IaaS controls: Prevent Shutdown or Restart of Resources in Non-Development Instances of IaaS.
API-Enabled Protection Policies:
Notify Admin: An email notification to the administrator should be triggered whenever there's an external share of GitHub repositories.
Remember that these are guidelines and may need to be adapted based on the unique needs and circumstances of your organization. It's also important to ensure that you're compliant with your company's data protection policy and other regulatory requirements. Always aim to strike a balance between security and allowing developers to effectively perform their duties without hindrance.