Application Security

Increase security, scale development: the new stack

Increase security, scale development: the new stack
Written by ga_dahmani
Increase security, scale development: the new stack

Modern application development environments are messy. From containers to clusters, microservices, serverless functions, and APIs, there are many dependencies that developers need to keep track of while managing environment setup, IT monitoring, logging, and more.

Governments of Italy

Itay is a DevOps and Cloud Operations Engineer with over 20 years of experience in development and operational efficiency. Itay began his career at Polycom, where he was responsible for the development and management of the entire IT infrastructure, and then worked at Radware, where he oversaw the implementation of CI/CD practices, source code creation, and improvement of processes. He has a Bachelor of Technology in Software Engineering from Shenkar College.

Additionally, business leaders are increasingly pressing DevOps to harden their applications and apply security controls to mitigate potential data breaches. However, that is easier said than done. At the top of the list of cloud-native development challenges are security policies, cited by 41% of IT professionals in a 2021 survey of Red Hat customers.

At the same time, developers are being asked to accelerate development and further push production at an even faster pace. That’s why DevOps teams are turning to Infrastructure as Code (IaC), a method of using code to manage, automate, configure, and deploy continuous improvements to dynamic computing resources. Historically, organizations have relied on multiple highly-skilled employees to understand what their code depends on and how it is provisioned. This practice has created bottlenecks and dependencies that IaC removes.

The IaC approach gives developers the ability to scale their operations with security policies and controls in place. This is critical at a time when application security is growing and becoming more complex. An IaC approach streamlines the development process so developers can securely run self-service operations under a defined standard and can focus on development and increase the speed of innovation.

Faster speed, more consistency

As more organizations adopt the cloud-native computing model to build applications quickly and at scale, development teams need greater autonomy. Infrastructure as code enables that autonomy. This is achieved by creating resources with code stored in the source control repository. The approach enables developers to perform operations automatically, eliminating the need for DevOps assistance and supervision with infrastructure-related tasks. Additionally, IaC enables maintenance of operational reliability of resources, including autoscaling, monitoring, alerting, security, and configuration. By automating these manual processes, IaC mitigates the risk of human error and enables the introduction of IC/CD techniques.

Build quickly and safely

With Infrastructure as Code, DevOps can create a single, trusted code base for the organization. This approach gives security teams something consistent to audit while ensuring that the DevOps team is deploying applications in a way that complies with security standards. Also, because IaC strips production environments down to code, DevOps can quickly take down any applications in production that are compromised or don’t meet the necessary security criteria. This allows developers to move quickly and ensure security without paying for standby failover environments.

Adopting IaC will also allow teams to track inconsistencies in code, making it easier to fix vulnerabilities and prevent false positives. IaC implements configuration best practices within the organization’s security policies and rules. For example, disallow the opening of restricted ports or allow outgoing traffic. IaC helps DevOps quickly repair and remediate common vulnerability and exposure (CVE) issues before they lead to a data breach.

IaC ensures production hygiene by implementing the organization’s tagging policy to enforce security standards for creating new workloads, cleaning up unused resources, and managing security groups. IaC facilitates the standardization required to implement monitoring of every resource within the organization and eliminates the need to spend resources for it. It also helps standardize alerts for your on-call operations.

That said, with great power comes even greater responsibility. While IaC improves the security posture of cloud infrastructure, its automated nature means that it must be thoroughly tested and verified before being deployed.

why you should adopt Infrastructure as code

Infrastructure as code eliminates the need to create “net new” code for each project. This model enables development teams to quickly get environments up and running and provide self-service functionality to developers. In addition, IAC helps reduce development costs, creates efficiency, and enables controls for building secure applications and services.

While IaC enables faster and more efficient development, security risks cannot be overlooked. While the IaC approach enables security at the infrastructure layer, it does not mean that code created afterward is secure by default. Developers still have a responsibility to manage potential vulnerabilities associated with the code they write.

DevOps teams face complex challenges like managing the security of their dynamic development environments, APIs, and more. Using IaC in cloud-native application development is a critical step toward creating a more secure software development lifecycle, as it enables development teams to create a standard of code that can be used to quickly remediate attacks with minimal effort and without compromising security. However, implementing IaC alone cannot stop zero-day attacks. Developers should also use security tools designed to operate at runtime to stop new attacks and protect all paths to their applications.

Photo by Joshua Aragon on unsplash

About the author


Leave a Comment