Page 87 - Cyber Defense eMagazine December 2022 Edition
P. 87
Infrastructure-as-Code Security: a Critical Responsibility
By Thomas Segura, Technical Content Writer, GitGuardian
By large, software is still in its adolescence compared to other large-scale industries. Although its
principles have been established for over half a century, it is still undergoing powerful transformations
that regularly expand how it can be used. Recently, enterprises have experienced such a move with the
advent of cloud computing. Moving large swaths of their IT operations to the cloud has been a massive
opportunity for them to deliver new products faster. The cloud offers an unprecedented level of agility
when it comes to allocating or deallocating computing resources on the fly.
But on closer inspection, we find that most of the power of the cloud relies on infrastructure capabilities.
Cloud assets, cloud services, and resources, as well as orchestrators like Kubernetes, and even policies,
are not managed in real-time by human operators. They are software-controlled and defined in code.
Welcome to the era of Infrastructure-as-Code, or IaC!
Democratizing cloud resources
IaC is the new abstraction layer offering DevOps engineers, SRE, and developers a common language
to declare what the IT infrastructure should look like: the number of servers, storage, databases, network
topology, and all the basic configurations (DNS entries, firewalls, etc..).
Cyber Defense eMagazine – December 2022 Edition 87
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.