TY - GEN
T1 - Preliminary Investigation into a Security Approach for Infrastructure as Code
AU - Zeini, Ammar
AU - Lennon, Ruth G.
AU - Lennon, Patrick
N1 - Publisher Copyright:
© 2023, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
PY - 2023
Y1 - 2023
N2 - IaC is relatively a novel technology, with the result that many security frameworks don’t have a clear strategy for risk management or threat modelling for infrastructure when implementing IaC techniques. In DevOps, infrastructure is initialized, prepared, managed, and configured with a left-shift on quality. The DevOps methodology increases the integrity and stability of the deployment. IaC works best with DevOps practices for code quality, scalability, security, and reliability. Infrastructure as Code (IaC) promotes managing knowledge and experience through reusable scripts of infrastructure code, instead of the traditional method of manual labour technique, which is typically slow and time-consuming. This research determines some security risks that should considered during the IaC development process. It further defines the main security practices that should be added into Infrastructure as Code life cycle to fill the gap in the SDLC for IaC. An initial proposal to secure pipelines for IaC is presented.
AB - IaC is relatively a novel technology, with the result that many security frameworks don’t have a clear strategy for risk management or threat modelling for infrastructure when implementing IaC techniques. In DevOps, infrastructure is initialized, prepared, managed, and configured with a left-shift on quality. The DevOps methodology increases the integrity and stability of the deployment. IaC works best with DevOps practices for code quality, scalability, security, and reliability. Infrastructure as Code (IaC) promotes managing knowledge and experience through reusable scripts of infrastructure code, instead of the traditional method of manual labour technique, which is typically slow and time-consuming. This research determines some security risks that should considered during the IaC development process. It further defines the main security practices that should be added into Infrastructure as Code life cycle to fill the gap in the SDLC for IaC. An initial proposal to secure pipelines for IaC is presented.
KW - DevOps
KW - Infrastructure as code
KW - Security as code
KW - Security development life cycle frameworks
UR - http://www.scopus.com/inward/record.url?scp=85174700079&partnerID=8YFLogxK
U2 - 10.1007/978-981-99-3091-3_63
DO - 10.1007/978-981-99-3091-3_63
M3 - Conference contribution
AN - SCOPUS:85174700079
SN - 9789819930906
T3 - Lecture Notes in Networks and Systems
SP - 763
EP - 783
BT - Proceedings of 8th International Congress on Information and Communication Technology - ICICT 2023
A2 - Yang, Xin-She
A2 - Sherratt, R. Simon
A2 - Dey, Nilanjan
A2 - Joshi, Amit
PB - Springer Science and Business Media Deutschland GmbH
T2 - 8th International Congress on Information and Communication Technology, ICICT 2023
Y2 - 20 February 2023 through 23 February 2023
ER -