The trend toward deploying security as part of the DevOps process has been shifting left the security and compliance processes. The DevSecOps practices have introduced processes to inspect application-code, Docker, and Kubernetes. These practices have allowed teams to detect and fix security issues faster and provide high-quality and compliant code.

Still, many admins of Cloud accounts are securing account configuration by configuring an account via a UI, running a configuration assessment scan, and then fixing any issues found. While this might lead eventually to a securely configured account, they are essentially experimenting with an account until it becomes secure.

Can you afford this type of experimentation? Can you afford having an account exposed for some time until you figure out security? Why don’t you apply DevSecOps to account configuration? If you are in a highly regulated industry, you cannot afford to experiment like this when you know that compromised credentials and cloud misconfigurations are often responsible for the malicious security breaches. And, attackers are constantly scanning for such exposures.

The professional and compliant solution for achieving a secure configuration is to codify all the planned configuration and to check those configurations before they are deployed to an account. Codifying cloud account configuration has been solved by infrastructure-as-code (IaC) solutions like Terraform, Red Hat Ansible, and AWS CloudFormation.

#cloud #devops #security