Infrastructure-as-Code Security Adoption Trends

As more organizations develop their cloud environments using infrastructure-as-code, they are recognizing the importance of addressing security vulnerabilities earlier in the process. With recent research revealing the average cost of a data breach is over $4 million, the stakes are high. Implementing proactive, continuous IaC security enables teams to catch misconfigurations or improper identity and access management permissions, and avoid inadvertently making sensitive resources publicly available. 

Manually reviewing infrastructure-as-code (IaC) files is time-consuming and slows down delivery times.  Many organizations only have a few engineers with cloud security expertise, and they could have tens of thousands of objects running in production at one time. 

These challenges will only grow as more enterprise resources move to the cloud. 

To better understand the issues today’s organizations face on their cloud security journey and how they are addressing them, Indeni Cloudrail conducted a survey of over 100 security professionals, site reliability engineers, developers and others. 

Here’s a summary of what we found. 

Companies are taking proactive steps to improve their cloud security posture…

Two-thirds are using cloud security posture management (CSPM) tools to assess their public cloud environments. 

Over half use a combination of open-source and commercially available cloud security tools.

Budget was a factor for 37% of those who opt for open-source or in-house tools. 

51% plan to implement IaC security this year, and 38% plan to address it in 2022.

64% plan to adopt IaC security tools if they don’t already have them.

But detecting issues isn’t the same as fixing them.

91% reported their organization does not address all IaC security issues.

One-third said they address fewer than half of the issues they find.

The top reasons for not addressing IaC security issues are a need to meet product timelines or launch dates and the high cost of resolving them.

Early detection of IaC security issues is key.

85% of respondents believe security scans should happen early in the development process.

75% agree their company is more likely to fix security issues if they find them early. 

Detect the most important security issues sooner with Cloudrail.

While many open-source and CSPM tools can identify security issues during development, they only analyze files in the “build state” and are unable to see how these issues will affect your existing cloud environment. This allows many security issues to go undetected while alerting developers to many false positives. 

Cloudrail analyzes IaC files together with the cloud environments they are targeting and understands the relationship between resources, resulting in three times fewer false positives. With Cloudrail, you can also conduct a dynamic analysis of your live cloud environment and implement guardrails for your development team to ensure continuous compliance. 

It’s free to use for teams of up to 10 developers, and you can start running evaluations within minutes.

Take the first step toward automating continuous compliance for your cloud. Try it today.

Full survey results

Download the full survey “Infrastructure-as-Code Security Adoption Trends” here.

Looking to build secure infrastructure?

Get started with Cloudrail