Security as code: The best (and maybe only) path to securing cloud applications and systems

Managing security as code enables companies to create value in the cloud securely.
McKinsey Digital
22 JULY 2021

Existing cybersecurity architectures and operating models break down as companies adopt public-cloud platforms. Why? Almost all breaches in the cloud stem from misconfiguration, rather than from attacks that compromise the un So cloud requires secure configuration of applications and systems. But traditional cybersecurity mechanisms were not designed to ensure secure configuration or operate at the tempo required to capture the benefits of agility and speed that business leaders expect. As a result, as companies try to capture cloud value, they must adopt new security architectures and processes to protect their cloud workloads. Cloud migration can increase not only the delivery of business value but also the security of their systems and applications compared with the old on-premises world.

“Security as code” (SaC)1 has been the most effective approach to securing cloud workloads with speed and agility. At this point, most cloud leaders agree that infrastructure as code (IaC) allows them to automate the building of systems in the cloud without error-prone manual configuration. SaC takes this one step further by defining cybersecurity policies and standards programmatically, so they can be referenced automatically in the configuration scripts used to provision cloud systems and systems running in the cloud can be compared with security policies to prevent “drift”2 (Exhibit 1). If the business, for example, sets up a policy that all personally identifiable information (PII) must be encrypted when it’s stored, that policy is translated into a process that is automatically launched whenever a developer submits code. Code that violates the PII policy is automatically rejected underlying cloud infrastructure.

Read more

Knowledge is power
Subscribe to news and updates from avotech.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
By submitting your contact information, you agree to receive marketing communication from avotech and consent to avotech storing, processing and using your personal information as per the Privacy Policy.