Security In An IaC Defined World
OVERVIEW
While it would be amazing to focus 100% on our code in our work, the reality of modern DevOps is we also need to worry about where it runs. In a simpler time, the operations team would grant us precious disk and machine resources after a requisition request. Security was tight, as those servers were locked down behind private networks and gateways. Living in the modern world of platforms as a service and infrastructure as code, IaC, means just taking security for granted is no longer an option.
Even if the security team could manage every possible bit of your infrastructure, understanding how to manage security better is going to help everyone stay safe, especially at scale.
Takeaways:
- What does good security look like
- Everything you need to know about Infrastructure as Code in 3 minutes
- The security issues (and benefits) IaC brings
- Securing the world around your IaC
- When the security team should be involved
- Local/individual testing for scale
There is a huge misunderstanding of vulnerability management. It is commonly incorrectly defined as being synonymous with software updates and patches. It is so much more than that! We will take the audience through a hands-on journey of scanning, enriching data, and creating high-value prioritization to protect against the number one method of threat actor initial access: software vulnerabilities.
