image credit: Blue Coat Photos / Flickr

Securing infrastructure as code: Perils and best practices

July 8, 2021

As organizations embrace cloud computing, the rate of infrastructure-as-code (IaC) adoption continues to rise. As with many new technologies, security is often bolted onto IaC or forgotten entirely. Securing IaC is important. Here’s how to best do so and the risks of neglecting this critical security activity.

What is infrastructure as code?

Traditional ways of deploying infrastructure involved procurement processes, physical infrastructure, long wait times, and server racks. Even with the advent of cloud computing, initial methods of managing infrastructure involved “click-ops”, as it is called, or manually going into the cloud service provider’s (CSP’s) console and instantiating infrastructure directly. This approach is inefficient, error prone, and doesn’t scale when dealing with enterprise cloud environments.

Read More on CSO Online