Developers are increasingly using infrastructure as code (IaC), such as Terraform and CloudFormation, to provision their own cloud infrastructure for faster development cycles. As IaC brings unprecedented ease and speed for self-service infrastructure provisioning, there is a high chance for mistakes and misconfigurations as development teams grow.
While developers have strong expertise in building applications, they may lack experience provisioning and testing IaC. Security teams should work with developers to reduce the risk of misconfigured IaC by setting security standards and automating testing early in the development process. This also helps security teams reduce their workloads by decreasing the number of misconfigurations making their way into production environments. Read my blog, IaC security options help reduce software development risk, to learn more.
