Get startedGet started for free

Infrastructure as code, policy as code, and DevSecOps

1. Infrastructure as code, policy as code, and DevSecOps

Infrastructure is the foundation of many services. Working with cloud infrastructure doesn’t always mean working with physical hardware. You can use code to build infrastructure and to define and manage policy. Let’s explore infrastructure and policy as code, then explore how DevSecOps keeps security involved in operations throughout the coding process. Infrastructure as a Service, or IaaS, and other cloud infrastructure hosting platforms, have made infrastructure as code possible. So how does infrastructure as code work? Users create files with infrastructure specifications, meaning they code the infrastructure they want to use. It’s like turning code into components. Infrastructure as code is made available by an application programming interface, also known as API. API is a library function or system access point with well-defined syntax and code that communicates with other applications and third-parties. Infrastructure as code is also compatible with many different coding languages. There are two approaches to infrastructure as code. First is the declarative approach in which you use an infrastructure as code tool to configure the desired state of the system, including necessary resources and any properties those resources should have. This also makes it simpler to manage taking down the infrastructure. The declarative approach focuses on what you need done. Second is the imperative approach, which defines the specific commands you need to achieve the desired configuration. After configuration, these commands need to be executed in the correct order. The imperative approach focuses on how you need something done. As a cloud security professional you can use tools to help automate and manage your infrastructure components like networks, cloud-managed services, firewalls, applications, and other components. But, automation can be used for so much more. Let’s explore another way you can use automation to help with policy management. Policy as code is the use of code to define, manage, and automate policies, rules, and conditions using a high-level programming language. Policy refers to the rules, conditions, or instructions that govern processes or operations in IT. Cloud professionals build policy into infrastructure to help manage policy. So how does security fit into the coding process? There’s a growing movement known as DevSecOps that’s working to integrate security into the coding process. Development Operations, or DevOps, consists of practices designed to increase the frequency of delivery and reduce lead time. DevOps’ goal is to make sure the operations team is collaborating with the development team from the very beginning of a project. When security is incorporated, it’s called Development Security Operations or DevSecOps. An effective DevSecOps model will engage security throughout the operations and development process. With the DevSecOps model, policy as code and other security measures are incorporated throughout the operations and development process. Overall, this process promotes teamwork and collaboration. The increased teamwork helps identify vulnerabilities early, providing faster delivery. DevSecOps employs automation tools to automate several security processes. Some of these processes include: Continuous integration and continuous deployment, or CI/CD, the version control system, continuous testing, continuous monitoring, containerization, orchestration, and configuration management and deployment. In this video, you learned about infrastructure as code, policy as code. Additionally with DevSecOps, you learned how to save time and resources by incorporating security into infrastructure, promoting collaboration, and using automation. You’ll encounter these concepts in your career as a cloud security professional.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.