Accurics Product Review by HelpNet Security
It is no big secret that infrastructure has changed over the last decade. We went from tools such as autossh, to configuration management, and ended up with Infrastructure as Code (IaC) concepts. We came a long way from racking servers and spinning up machines by hand and are now opting to leave that work to cloud providers large and small.
For setting up and managing the modern infrastructure, tools such as CloudFormation or Terraform are rapidly becoming unavoidable. Codifying everything, including every infrastructure component, is fast becoming a daily routine for every system administrator, developer, and DevOps practitioner.
With these new concepts and tools come numerous benefits, but also some potential issues. With every change, there is an increasing chance of introducing drift between the state of real-world infrastructure and the state described in the source code management (SCM) solution like GitHub or GitLab. Ensuring that the infrastructure-level tooling is used in a secure manner while keeping it accessible to both system administrators and developers is a hard challenge for most organizations.