Secure Prototyping Made Easy

By automating secure sandbox creation and integrating zero-trust access control, teams can innovate faster without compromising security.

Team Members

Members	Division
Thomas Lim	CSG
Darryl SW	GDP
Bosen Zhang	CSG
Jasmine Teh	GDP
Muhammad Danial	CSG
Darrel Huang	CSG

Problem Statement

During the prototyping phase, development teams often focus on experimenting and exploring feature development, which can lead to insufficient attention to security considerations. These security neglects result in unintended exposure, leading to unnecessary cyber incidents.

Project teams need to report incidents, investigate and identify causes, which can cause damage to an organization's reputation.

Problem Formulation Process

Our team first understood the thought process faced by developers when they prototype ideas by setting up their test environments. Through discussions with developers and our VDP team, we identified key pain points:

Project teams often face many constraints during the prototyping phase (e.g., limited time and the need to test new cloud services), which results in less attention on security.
Developing secure authentication mechanisms is often a significant overhead during prototyping.
Simple and effective approaches for provisioning and revoking access during prototyping are inadequate.
This leads to unauthorized access risks, resulting in data breaches.

By understanding these issues, we formulated a problem statement that highlights the need for an automated, secure, and efficient way to manage sandbox access.

Solution Description

Our solution provides project teams with a secure, automated sandbox cloud environment (AWS) that can be easily spun up and torn down, reducing the complexity of manual provisioning. This environment is secured through a zero-trust tunnel (Cloudflare), ensuring that only authenticated and authorized users can access the sandbox from any device.

Key Features

One-click environment creation – Quickly launch secure sandboxes without manual intervention.
Zero-trust authentication – Ensures only verified users can access the sandbox, with any devices
Dynamic access control – Automates permission handling for development team and stakeholders.
Automated teardown – Reduces security risks by ensuring environments are not left exposed.
Cost-efficient security – Provides enterprise-grade protection without high costs.

Impact & Outcome

By implementing this, project teams can:

Expected Impact

Reduce development delays caused by security misconfigurations.
Improve security compliance by automating access controls.
Lower security breach risks with built-in zero-trust policies.

Quantified Outcomes

Reduction of security incidents caused by misconfigurations & unintended access and exposure
Faster go-to-market for developers, enabling quicker innovation cycles

Future steps

Scalability & Enhancements

Expand integration with existing SGTS products such as GCC, Airbase and CStack.
Enhance security by providing SIaC templates as baseline hygiene.

Deployment & Adoption Strategy

Pilot with select teams to gather feedback and refine the solution.
Partnerships with vendors to optimise a secure coding ecosystem.

By addressing these, we aim to scale our solution, making secure prototyping easier and more accessible for WOG officers, strategic partners and vendors.