Infrastructure as Code (IaC) sure is convenient. IaC is a way for DevOps teams to deploy and manage application environments through a model, rather than having to do it manually. And there sure are lots of benefits to deploying infrastructure that way.
Benefits include the following:
- Cost reduction
- Increase in speed of deployments
- Reduce errors
- Improve infrastructure consistency
- Eliminate configuration drift
- IaC tool examples
Of course, with these benefits come some risks—specifically security risks.
Security Risks of IaC
Look over any list of top IaC security risks and you’re bound to see the same culprits on many of the lists. These risks include network exposures; unauthorized access; compliance violations; data exposure; and secret resources. But there is one risk that invariably lands on most lists and that’s configuration drift.
Configuration drift frequently occurs when IaC meets reality. Developers want to follow IaC best practices, but “an urgent situation may force an operations team to make a configuration change directly in the production environment. [The] configuration change may introduce risk which results in the posture of the cloud drifting from the secure posture defined through IaC before the infrastructure was provisioned.”
So, the reality is, for many reasons, just because you manage your infrastructure with code, doesn’t mean that infrastructure is secure. Is there a way to get the best of both worlds? The convenience of IaC with secure infrastructure? It turns out that there is. The secret is to use threat modeling.
Threat Modeling With IaC
The value proposition of threat modeling is pretty straight forward. Model threats in your DevOps environment so you can see them (and do something about them) before you deploy. Of course modeling something that’s constantly changing and may suffer from configuration drift is easier said than done. Still, it would be nice to be able to threat model DevOps environments deployed using IaC.
The good news is that modern threat modeling platforms have two key capabilities that enable DevOps teams to use threat modeling to secure their IaC. The two capabilities are continuous monitoring and IaC analysis.
Continuous Monitoring and IaC Analysis
Continuous monitor is a capability in which the threat modeling platform continues to monitor the DevOps environment even after it has been deployed. Part of the nature of DevOps environments is that they are dynamic and constantly changing to accommodate changes in workloads and other things. It’s essential to be able to threat model these continuous changes on the fly.
IaC analysis is a threat modeling capability in which the platform analyzes the actual code (i.e., model) and models threat based on that code. It’s much easier for DevOps teams to see threats in a threat model developed directly from the code than it is by looking at the code itself.
These two capabilities are why DevOps teams are using threat modeling to secure their IaC. Because these capabilities just cannot be done manually—it just isn’t feasible.
Look no Further
If you’re a DevOps team looking to secure your IaC by taking advantage of these two capabilities, then look no further than ThreatModeler. ThreatModeler’s Cloud Modeler continuously monitors cloud environments for change and IaC-Assist analyses IaC code to identify security flaws. Contact ThreatModeler today for a free demo.