Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Infrastructure as code (IaC) as key to truly secure infrastructure #143

Open
rngadam opened this issue Nov 10, 2023 · 0 comments
Open

Infrastructure as code (IaC) as key to truly secure infrastructure #143

rngadam opened this issue Nov 10, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@rngadam
Copy link

rngadam commented Nov 10, 2023

Problem to solve

Cloud Guardrails makes no mention of Infrastructure as code (IaC). Infrastructure as code is key to a truly secure infrastructure. Teams following the guardrails are left to apply policies using ClickOps with no or little focus put on reproducibility and change management.

Infrastructure as code (IaC) is the process of managing and provisioning resources in the cloud, usually with declarative approaches (Bicep, Terraform) combined with version control.

Benefits: reduce cost, increase speed, and reduce risk

  • cost: by removing the manual component, people are able to refocus their efforts on other tasks
  • speed: Infrastructure automation enables speed through faster execution when configuring infrastructure
  • risk: automation reduces the risk associated with human error

Intended users

  • Developers: facilitate deployment of development environments that mirror production infrastructure
  • DevOps: facilitate developing new services and promotes reuse
  • SRE: traceability in changes
  • Management: facilitate transition of infrastructure management
  • Security: declarative approaches to infrastructure facilitate reviews (and makes possible automated review)

Further details

Version controlled declarative IaC languages enabling cross-cloud deployments to lessen dependency on a single supplier should be strongly recommended.

Proposal

Requirement for IaC should be front and center in the cloud guardrails.

Permissions and Security

Basic infrastructure should allow proper permissions relative to the environment in which it operates:

  • dev: developers can deploy infrastructure resources IaC with unclassified or test data
  • staging or UAT: team devops can deploy infrastructure IaC
  • production: organization-level administration deploy on production data

What does success look like, and how can we measure that?

Widespread adoption of IaC across all our cloud subscriptions.

Links / references

@rngadam rngadam added the enhancement New feature or request label Nov 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant