Bolster Infrastructure as Code Security

HowTo: Bolster Infrastructure as Code Security

Mitigating code-level issues requires that organizations factor security into engineering processes. This “shift-left” approach helps engineers identify and eliminate vulnerable code before deployment and reduce the window of exposure to threats. The approach requires scanning continuously during code creation, code commit, and within CI/CD pipelines.

Address Kubernetes Security

• Teams often put off addressing security until they think they’re ready for production.


• Check installations earlier in the development cycle and look out for issues during runtime to ensure there are fewer security gaps that lead to incidents or breaches.

Create Security Feedback Loops

• Tools like cloud security posture management (CSPM) help maintain security, enable engineers to auto-remediate IaC configurations, close the loop from production to source and prevent runtime security issues.

Support Policy as Code Efforts

• DevOps teams can automate compliance and governance using open policy agent (OPA) policies to scan IaC artifacts and container images pre-deployment and detect drift in runtime.


• Issues can be remediated at the source with a simple pull request.

Include Risk-Based Prioritization

• Filter and prioritize risks based on what's actually running


• The goal is to focus remediation efforts on the most critical risks first


• Knowing the reasons why a control failed may seem unimportant. However, by evaluating the nuances of these control failures, you can uncover knowledge gaps, process gaps, or other organizational structure problems

Promote Automation Wherever Possible

• When remediating failed controls, teams prefer to integrate with their engineering tools and workflow to streamline efforts.


• Ideally, the process is automated, where you remediate the source by creating a pull request that integrates the fix into the manifest for deployment.

Apply Industry Best Practices

• Apply industry best practices around Kubernetes security


• Verify implementation of best practices in code early in the design stage


• Enforce best practices with runtime security controls


• Security tooling must be designed for cloud and container environments that are abstracted and ephemeral.

Tutorials & Guides

• Hello Minikube


• Learn Kubernetes Basics

Top Reading Recommendations

• Test Automation and CI/CD DevOps in the Automotive Industry


• The rise of Kubernetes as a Service


• DevSecOps: Automation is the key to the kingdom

Upcoming Online Events

• One spec to rule them all | Wed, Jan 18, 9:00 AM (PST)


• Geo-distributed Metadata Management System | Jan 19 - 20, 12:00 AM (PST)


• Calico Open Source integration with Prometheus to achieve observability | Jan 19 - 20, 12:00 AM (PST)


• What's new in Kyverno 1.9? | Wed, Jan 25, 9:00 AM (PST)

DevOps Jobs

• Infosys - Check out all the jobs here


• Google - Check out all the jobs here


• Microsoft - Check out all the jobs here


• Accenture - Check out all the jobs here

Sponsored

PS- We are going to release newsletters every week, so don't forget to subscribe and share them with your network. We hope this newsletter has provided valuable information.