Preliminary Investigation into a Security Approach for Infrastructure as Code

Ammar Zeini, Ruth G. Lennon, Patrick Lennon

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

IaC is relatively a novel technology, with the result that many security frameworks don’t have a clear strategy for risk management or threat modelling for infrastructure when implementing IaC techniques. In DevOps, infrastructure is initialized, prepared, managed, and configured with a left-shift on quality. The DevOps methodology increases the integrity and stability of the deployment. IaC works best with DevOps practices for code quality, scalability, security, and reliability. Infrastructure as Code (IaC) promotes managing knowledge and experience through reusable scripts of infrastructure code, instead of the traditional method of manual labour technique, which is typically slow and time-consuming. This research determines some security risks that should considered during the IaC development process. It further defines the main security practices that should be added into Infrastructure as Code life cycle to fill the gap in the SDLC for IaC. An initial proposal to secure pipelines for IaC is presented.

Original languageEnglish
Title of host publicationProceedings of 8th International Congress on Information and Communication Technology - ICICT 2023
EditorsXin-She Yang, R. Simon Sherratt, Nilanjan Dey, Amit Joshi
PublisherSpringer Science and Business Media Deutschland GmbH
Pages763-783
Number of pages21
ISBN (Print)9789819930906
DOIs
Publication statusPublished - 2023
Event8th International Congress on Information and Communication Technology, ICICT 2023 - London, United Kingdom
Duration: 20 Feb 202323 Feb 2023

Publication series

NameLecture Notes in Networks and Systems
Volume694 LNNS
ISSN (Print)2367-3370
ISSN (Electronic)2367-3389

Conference

Conference8th International Congress on Information and Communication Technology, ICICT 2023
Country/TerritoryUnited Kingdom
CityLondon
Period20/02/2323/02/23

Keywords

  • DevOps
  • Infrastructure as code
  • Security as code
  • Security development life cycle frameworks

Fingerprint

Dive into the research topics of 'Preliminary Investigation into a Security Approach for Infrastructure as Code'. Together they form a unique fingerprint.

Cite this