Why all speed and no security makes Infrastructure as Code a risky business

Sep 21, 2021



Over the last 5 years software delivery has completely transformed. Infrastructure today is designed and delivered as-code in languages such as Terraform, CloudFromation, ARM templates, Kubernetes Manifests and more. Increasingly this ownership of this code is now falling under the umbrella of software development. This code today represents the entire application architecture and enables development teams to deliver infrastructure capabilities in an agile manner where foundational architectural changes are made from release to release. This has enabled development teams to achieve incredible velocity and agility. However, every security design & engineering team that I have worked with has unfortunately struggled to keep up with the velocity and unprecedented rate of change that infrastructure-as-code (IaC) adoption brings. In this talk we will provide a practical guide to how security teams can adapt to IaC. We will outline the typical challenges security teams face when their development team embraces IaC. We will also present the opportunity that this presents to security design & engineering teams. We will discuss how security design & engineering teams can transform their practices to drive improved standardization and adoption of security design patterns to ensure that applications are secure and compliant by design.



About DevOpsDays Houston

Devopsdays is a worldwide series of technical conferences covering topics of software development, IT infrastructure operations, and the intersection between them.

Store presentation

Should this presentation be stored for 1000 years?

How do we store presentations

Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%


Recommended Videos

Presentations on similar topic, category or speaker

Interested in talks like this? Follow DevOpsDays Houston