Putting Security into The IaC Pipeline
Infrastructure-as-a-Code or IaC is the new normal on creating and building any new cloud environment through machine-readable files or code templates. It is important, however, to consider security concerns in regards to the infrastructure that you may be creating to ensure it is following the best practices and compliance from your organization.
Why IaC is the New Normal?
Physical hardware can require you to add in the rack and make the proper configuration before starting to use it, which sometimes could take weeks or months to be able to create a new server. Now with IaC, you can create a complete infrastructure for your application in the cloud in less than an hour. The examples below illustrate the old processes of creating servers vs. the new one:
Before Infrastructure-as-a-Code, IT teams would have to add the server into the data center manually, install OS, and make the proper configs before they could use it. In some cases, they would use some automated scripts to help with some tasks, but it would not make it fully automated. Five years ago, I remember working on some projects with banks, where they needed to wait for one to twoβ¦
