Page 88 - Cyber Defense eMagazine December 2022 Edition
P. 88

Infrastructure  is  not  just  about  production  workloads.  It  is  something  required  to  support  the  entire
            development process. The great thing about IaC is that everyone can specify what resources are needed
            at every stage of the SDLC: spawn a few isolated environments at the development stage, replicate the
            production conditions for testing, etc. IaC is the standard language for describing these resources and
            how they should be configured.

            This  yields  incredible  benefits  for  go-to-market  strategies:  infrastructure  becomes  as  flexible  as  the
            software it supports and faster to execute thanks to reusable modules, and more consistent at the same
            time. Maintenance costs are lowered, as is the risk of human error when done right.

             Of  course,  as  requirements  become  more  complex,  so  do  IaC  declarations.  But  this  is  where  this
            technology  shines:  having  a  textual  "single  source  of  truth"  (meaning  what's  written  in  the  files
            corresponds at all times to what is deployed and how it is configured), version-controlled (allowing people
            to inspect changes and collaborate easily) saves engineers a lot of time and headaches.

            This paradigm has a name: GitOps. It allows faster and more reliable cloud-native deployments by using
            the same approach for managing infrastructure configuration files as for software source code. Teams
            collaborate more effectively on infrastructure changes and vet configuration files with the same rigor as
            software code. Infrastructure definitions are stored in git repositories, are incrementally modified and
            reviewed pull or merge requests, and finally tested and applied via CI/CD pipelines.

            Since engineers are working directly with code, IaC has made infrastructure workflows shift left.

            But as with everything, this comes at a cost. In this case, it is the need to shift cloud security left as well.



            Securing the infrastructure with code

            Regarding security, IaC has some interesting features: first, it can be used to automate the provisioning
            of security controls. This means that you can enforce security policies more consistently and efficiently.

            Second,  IaC  can  help  you  to  manage  your  security  posture  more  effectively.  By  automating  the
            provisioning of security controls, you can more easily track and monitor your infrastructure for security
            issues. It can help you to identify and resolve any potential security problems quickly.

            Finally, IaC can also help you to improve your incident response capabilities. You can more quickly and
            easily deploy countermeasures in a security incident. This can help minimize the impact of a security
            incident and get infrastructure back up and running as soon as possible.


            But protecting the infrastructure is a considerable challenge. By blurring the line between application and
            infrastructure security, IaC adoption raises a big question: who should be responsible for it?




            Infrastructure-as-Code is a new responsibility

            It  goes  without  saying  that  infrastructure  security  is  paramount.  Traditionally,  specialized  operations
            teams  supervised  this  attack  surface  with  many  tried  and  tested  tools.  But  when  code  manages




            Cyber Defense eMagazine – December 2022 Edition                                                                                                                                                                                                         88
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
   83   84   85   86   87   88   89   90   91   92   93