Security In An IaC Defined World
While it would be amazing to focus 100% on our code in our work, the reality of modern DevOps is we also need to worry about where it runs. In a simpler time, the operations team would grant us precious disk and machine resources after a requisition request. Security was tight, as those servers were locked down behind private networks and gateways. Living in the modern world of platforms as a service and infrastructure as code, IaC, means just taking security for granted is no longer an option.
Even if the security team could manage every possible bit of your infrastructure, understanding how to manage security better is going to help everyone stay safe, especially at scale.
What does good security look like
The benefits and issues IaC brings
When the security team should be involved
Local/individual testing for scale