Success lies in security
True separation of developer and security teams is becoming a thing of the past. Today’s cloud environments enable deployments at previously unheard-of speed and scale; there simply isn’t time to build infrastructure, then code, then hand it all off for security cross-checks before deploying. Where can organizations find the time? In the land of left… shifting left, that is.
As security quickly becomes everyone’s responsibility, shifting left empowers developers to take ownership of certain parts of the process. But security organizations must do their part to keep developers on track, not overburden them, and help create a new cycle so that everyone can continue to do their jobs while catching and remediating vulnerabilities earlier in the process—not at runtime.
A key enabler of this shift is Infrastructure as Code (IaC). With IaC, security teams can start to build controls and checks into the development process with templates.
Shaky ground
Automated security tests, versioning control, automated vulnerability scanners: These are the hallmarks of an organization aggressively attempting to shift security into the development process. In this way, teams begin to catch code vulnerabilities earlier.
But oftentimes, DevSecOps operations ignore—willfully or not—the need to address the foundational infrastructure on which their code is written. If that ground is shaky, even teams that successfully shift some operations left will find themselves in a continuous loop of addressing code problems after the fact, as opposed to shoring up the foundation so they can stop many of those problems before they start. Enter IaC (from stage left, of course) to templatize the creation of infrastructure so that it is a shared, progr ..
Support the originator by clicking the read the rest link below.
