Understanding Infrastructure-as-Code Risks in the Cloud
Ermetic's Head of Research Igal Gofman takes a closer look at the rise and risks of Infrastructure as Code (IaC)
In his latest article for Dark Reading, Ermetic's Head of Research Igal Gofman takes a closer look at the rise and risks of Infrastructure as Code (IaC), which has become increasingly popular. He defines IaC as a tool to "automate the management and provisioning of IT infrastructure by replacing manual processes with machine-readable configuration (definitions) files that contain specifications that are simple to edit, maintain, and distribute."
While IaC simplifies and speeds up processes, errors and vulnerabilities like misconfigurations and incorrect settings can run rampant.
"It's remarkably easy to miss configuration issues in IaC, especially when a large and complex cloud infrastructure is provisioned. And once the problem exists in the production environment it's usually a lot more difficult and time-consuming to fix," explains Gofman. "As a result, organizations should implement a shift-left approach to IaC security that's designed to fix issues directly when code is written or modified."
IaC does provide great advances for deploying and managing highly complex cloud environments, Igal shares that it does not address the inevitable security issues and configuration errors.
Read the full article on Dark Reading to get Igal's tips and insights on the right processes, procedures, and tools for automating the detection and remediation of security risk in even the largest IaC deployments.