Core concepts

What is Infrastructure as Code?

Infrastructure as Code (IaC) is the practice of managing IT infrastructure through machine-readable files rather than through manual processes. The goal of IaC is to automate infrastructure provisioning and management, saving time and reducing the risk of errors.

IaC provides reproducible, version-controlled, and testable infrastructure, improving reliability and consistency of IT environments.

Why should you secure it?

As more and more organizations adopt IaC, the need for secure code management becomes increasingly important. Leaving your IaC insecure can result to:

Insecure network configuration by exposing your infrastructure to the internet, making it vulnerable to attack. For example, if an IaC file opens up a port to the public internet, an attacker could exploit that port to gain access to the infrastructure.
Insecure storage by leaving sensitive data exposed, making it vulnerable to theft or attack. For example, if a service stores sensitive data in an unencrypted format, an attacker could easily steal that data.
Excessive permissions by misconfiguring security controls, such as firewalls, intrusion detection systems and access control lists, which could therefore be bypassed by attackers, leaving your whole infrastructure vulnerable.
Service disruptions by causing your services to become unavailable, impacting your customers, business operations or even your brand’s reputation.
Compliance violations by not complying your infrastructure with organisation's security policies or regulatory requirements, leading to fines, penalties, or even legal actions.
Configuration drift by fixing the vulnerabilities directly within the actual infrastructure’s services rather than within the intended IaC files. This leads to leave security gaps and vulnerabilities that attackers can exploit once the IaC is redeployed.

Secure your IaC

Start using Gitguardian's Infra as Code Security module to secure your IaC and proactively avoid breaches in your infrastructure.