Facebook Pixel
Infrastructure as Code (IaC)

Written by Mike Hogan

October 13, 2021

IaC List of Benefits

What is Infrastructure as Code (IaC)?

You can think of IaC as a universal configuration file that tells your infrastructure platform—which can include the cloud, Kubernetes, Function-as-a-Service (FaaS), storage, and other services—how to handle a running piece of code. IaC describes rights, scaling constraints, resources, and more.

Prior to IaC, you had to configure each component of the infrastructure individually using each one’s proprietary user interface or config file. This might require one or more individuals with expertise in certain components, which added to the costs. Infrastructure vendors, with proprietary configuration tools, were able to lock-in customers and charge higher prices.

IaC empowers buyers by abstracting this configuration process, providing far more flexibility to deploy on any supporting infrastructure. This drives down costs. IaC also enables automation and other advantages, as described below.

The Benefits of IaC

  1. Shifting the Balance of Power: By abstracting the deployment infrastructure, you gain portability. You can take your code and your IaC file and deploy it anywhere in an automated fashion. This shifts the power balance between you and your infrastructure vendors, commoditizing them and forcing them to compete purely on performance and price, instead of vendor lock-in.
  2. Democratizes Expertise: Instead of hiring or training infrastructure people with expertise in certain vendor environments, IaC encapsulates best practices in files that can be reused. This reduces the headcount and costs associated with traditional configuration and deployment roles.
  3. Standardization: IaC provides a standard format for defining a couple of hundred individual configuration attributes. It is universally accepted/used by vendors. These standard formats make it easy to share best practices in the form of principles, policy rules and even files that can be copied and reused without any expertise in infrastructure. This also reduces the errors inherent in human activity, since shared files are evaluated, tested and debugged by experts over time.
  4. Automation: Automation not only makes developers more productive, it also makes them happier. Why force your developers to learn to configure infrastructure and then slow them down by making them do it, when you can reuse an existing IaC file? Happier and more productive developers results in faster time-to-market and faster product evolution.
  5. Security: By replacing traditionally manual infrastructure configuration with standardized files, computers can then evaluate those files. IaC files can be automatically evaluated against best practices to identify misconfigurations. This reduces errors and makes your code more secure because it flags potential threat vectors that can be exploited. By automating the evaluation of IaC, you can also compare those results against company policy, giving you compliance. By logging all the IaC information—scan results, policy evaluation results, and who changed what—you now have the information you need for governance.

Conclusion

Infrastructure as Code (IaC) delivers huge advantages as detailed above. It enables you to deliver more secure code faster, more easily, more inexpensively and with fewer errors. It also provides much more flexibility to move your code to any target platform. In short, every software development process should be leveraging the benefits of IaC now.

IaC also enables fully automated deployment of containerized code into a Kubernetes platform, called GitOps. It builds on the self-defining configuration of IaC, by adding rules for when and where the container should be deployed. This enables fully automated continuous deployment, fulfilling the promise of CI/CD tools. The next post will dive deeper into GitOps and Secure GitOps.

Related Blog

Choosing the Right Security Policy Solution

Choosing the Right Security Policy Solution

Security policies are a critical component of your security solution and selecting the right security policy is critical to secure development. This article looks at the different types and provides insight into what to look for in a security policy to balance...

read more
Container Security Asset Management

Container Security Asset Management

Container security is the practice of correlating all inherent security risks in conjunction with the context of how the container is deployed and used. The risks can include vulnerabilities, dependencies, secrets, malware, IaC, licenses, and more. By adding the...

read more
Security & CI/CD Toolchains

Security & CI/CD Toolchains

Modern security tools provide a variety of implementation options including full-function clients, APIs and CI/CD plugins. What is the best option for you? The answer to that depends on your role and how you will use the tools. Are you doing software development,...

read more
Share This