Infrastructure as Code Security (IaC) with CyberCX and Lacework

Having secure, properly configured cloud infrastructure is vital. Gartner estimates that at least 99% of cloud security failures through 2025 will be a result of customer actions or inactions, primarily resulting from cloud resource misconfiguration. In another study, 36% of cloud professionals report experiencing a serious cloud data leak or breach from misconfigurations in the span of just one year, according to Sonatype.

Infrastructure as Code (IaC) has changed the game when it comes to provisioning cloud infrastructure. In a nutshell, IaC automates the provisioning of infrastructure through written, human-readable code, which enables teams to scale, automate, and reuse cloud deployment steps. Within the code are all the configurations for your cloud infrastructure: images/OS, compute, storage, networking, security, and more. This IaC, when executed, is sent to the cloud provider’s API to automate the provisioning.

IaC is offered by providers such as Terraform from Hashicorp, AWS CloudFormation, or Kubernetes Helm. IaC represents a major improvement to the old way of deploying cloud infrastructure via hundreds of clicks in the user interface of a cloud provider, which is error-prone and does not scale, or writing custom, brittle code to provision infrastructure.

Using the CyberCX and Lacework IaC developers submit IaC (pull request or commit) to a source code repository, such as GitHub or GitLab, or to their CI/CD pipeline. IaC Security automatically applies up to over 600 pre-built policies to check for misconfigurations or insecure code. Supports Terraform, AWS CloudFormation, or Kubernetes/Helm. Optional one-click auto-remediation via Pull Request or blocking of the insecure IaC.

Reach out to aws-sales@cybercx.com  to learn more about this product.