构建安全基础设施：开发者需要了解的基础设施即代码（IAC）.pdf

1、BUILDING SECURE INFRASTRUCTURE:WHAT DEVELOPERS NEED TO KNOWINTRODUCTIONMichael McCabeCEO of Cloud Security PartnersHelp clients with cloud strategy and securityPassionate about infrastructure as codeEXPERIENCE Helped move large financial organizations to self service model Thousands of rules Dozens

2、of services Thousands of users Zero security findings from deployed infrastructure Powerful preventative control Maps to internal and external controlsYOUR EXPERIENCE WITH SECURITY.Noting that almost half of organizations have experienced a cloud data breach,Thales said 31%attributed the breach to m

3、isconfiguration or human error,which the company said underscores the need for robust IAM solutions and comprehensive training to mitigate human-related risks.-2024 Thales Cloud Security StudyWHAT ARE WE TALKING ABOUT Terraform Infrastructure as code“Open source”“With Terraform,you can create,modify

4、,and destroy your infrastructure in a consistent and repeatable way.”BENEFITS Centralize deployments Deploy consistent infrastructure Codified infrastructure Can apply security controls for preventative measuresCHALLENGES Terraform is often given high privileged roles Multiple ways to use Terraform

5、to execute code Terraform is a great way to gather data about an environment Various ways to bypass security controlsHOW DOES IT WORK Terraform plan plans what will be created,updated,or destroyed Calculates the current state and end state Creates dependency tree Outputs plan for what will be create

6、d,updated,destroyed Determines unknown values Terraform apply creates the infrastructure Makes changes based on plan Updates state to track the current environment Outputs changesTERRAFORM STATEStores current state of environmentUsed to managed updates,deletesDrift detectionHolds secrets.SOLUTIONS P