How to Secure Environments with Infrastructure Automation

Author:
qualiadmin

Published:
June 11, 2020

<div class="hs-featured-image-wrapper">
<a href="http://blog.quali.com/blog/how-to-secure-environments-with-infrastructure-automation" title="" class="hs-featured-image-link"> <img src="https://blog.quali.com/hubfs/blog_how%20to%20secure%20environments%20with%20IA.png" alt="How to Secure Environments with Infrastructure Automation" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a>
</div>
I had an interesting conversation with a senior FSI cloud architect, and towards the end of the conversation he made a funny observation. “Do you know what could help Dev and Ops collaborate? A common enemy. They both hate security”.
He was kidding, but there’s some truth to it. Attempting to automate can create major security risks. Engineers with automation skills aren’t always security experts, and it’s easy to forget security best practices when automating. And what’s worse, by automating we make things faster, which means security violations are harder to control. Trying to adopt speedy automation we can easily end up with a heap of security issues—from hard coded keys in GitHub to exposed customer data in unintentionally-public development/testing S3 buckets and misconfigured cloud services.
<img src="https://track.hubspot.com/__ptq.gif?a=480344&k=14&r=http%3A%2F%2Fblog.quali.com%2Fblog%2Fhow-to-secure-environments-with-infrastructure-automation&bu=http%253A%252F%252Fblog.quali.com%252Fblog&bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; ">

Topics: DevOps, Automation, Security, infrastructure automation, DevSecOps

Blog