Get startedGet started for free

Policy as code and infrastructure as code

1. Policy as code and infrastructure as code

Documentation is just as important as implementation. As a security professional, writing and updating policies that protect assets in the cloud will be an important part of your job. In this video, you'll learn how infrastructure and policy as code can help you mitigate risk and meet compliance obligations. In IT, a policy is any type of rule, condition, or instruction that governs operations or processes. A policy could be a rule that defines which conditions must be met for code to pass a security checkpoint and be deployed. It could also be a set of procedures that are executed automatically in response to a security event to limit damage and reestablish controls. Let’s first review a related process: infrastructure as code. Infrastructure as code, or IaC, is the practice of automating and managing infrastructure using reusable scripts. There are many benefits to deploying IaC, like consistent configurations, decreased risk, application controls are clearly described in code, faster deployment, increased operational efficiency, and financial savings through less manual effort. When you apply IaC, you’ll likely experience stronger security, faster incident recovery, and improved accountability. Let’s discuss an important subset of IaC next. Policy as code, or PaC, is the use of code to define, manage, and automate policies, rules, and conditions using a high-level programming language. Using PaC is a straightforward way to automate policies across an organization. With a PaC approach, the compliance checks that you want to apply will be automated. You’ll be able to write out policies using a programming language, like Python, YAML, Rego, or use tools like Terraform, Chef, Puppet, and Ansible. The specific programming language depends on which PaC management and enforcement tools that you’re using. You can then apply this code to different groups in the cloud hierarchy. PaC allows you to write continuous assessment checks against the infrastructure to determine that it’s secure and compliant, and remains that way. There are many benefits to using PaC for security and compliance. Efficiency: a security team can share policies and automatically enforce them, rather than manually. Speed: security team operations are faster when the team automatically enforces policies. Visibility: it’s easier for all stakeholders to understand what’s happening in the system. They can check the code rather than asking engineers or making assumptions. Collaboration: PaC provides a clear and uniform way of managing policies, and so simplifies collaboration, not only within the same team, but also between different departments or teams. Accuracy: when a security team automatically enforces policies, there’s less risk in making a mistake. Version control: if your team keeps track of policy files as they change, PaC makes it easy to revert to an earlier configuration if you run into a problem with the new policy. Testing and validation: with PaC, it’s easier for a security team to utilize automated auditing software to check that the code is valid and doesn’t have any gaps or errors. Using PaC enables teams to efficiently set policies and controls that protect assets and meet compliance obligations. Understanding how and when to use PaC will improve efficiency, speed, accuracy, and more when it comes to securing assets in the cloud.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.