The responsibility and accountability for security is rapidly shifting toward DevOps engineers, as they have greater visibility into the broader architecture of processes and systems used to deploy applications. Effective DevSecOps makes application deployments, operations, and service monitoring easier and more secure. In particular, DevOps engineers will be responsible for securing the Infrastructure as Code in which they build. In this Refcard, we explore IaC security, how it works, why it's important, and core practices for success.
As the threat landscape continuously evolves, it is crucial for organizations to adopt a shift left for security mindset — ensuring that security is prioritized and its importance equated to that of automation and collaboration among distributed teams.
In this Refcard, you’ll review the challenges associated with integrating security practices into a continuous delivery pipeline, including the blockers development teams in particular often face. Also covered are the key areas to consider when administering and maintaining security of CD pipelines.
Infrastructure as code (IaC) is critical for developing cloud-native applications at scale, but with added complexity comes added security considerations. If gone undetected, one IaC misconfiguration can snowball into hundreds of alerts and cloud risk.
In this talk, we analyzed the most common AWS misconfigurations within Bridgecrew’s IaC scan data to illustrate the importance of IaC security. We’ll walk through each of the misconfigurations, the potential risk they pose, and show how to fix them.
In a typical infrastructure build, developers and IT operation teams work coherently to plan, code, develop, and deploy application infrastructure by creating multiple instances and environments to code, test, and run their applications in. However, many complications can arise during the manual development and operations processes within such a build pipeline. Human fallibility is inevitable in any scenario where repetitive manual processes are the norm and everyone is guilty of making mistakes at work; dev and ops engineers are no different. The consequences of such mistakes are that the build process takes more time, energy, and resources to identify and fix errors in the pipeline so the whole process is affected, delayed, and more costly than planned.
As part of this typical infrastructure build pipeline, development and operations teams are also responsible for individually maintaining multiple deployment environments. Managing multiple environments is a further difficulty to shoulder with each of them operating to its own configuration settings.
