Why env0
Solutions
Infrastructure as Code (IaC) Automation Teams and GovernanceManaged Self-Service env0 for the Enterprise
DocumentationPricing
Resources
Case StudiesIn the NewsVideosWebinars
Blog
Login
Get a Demo
FREE TRIALContact us
Oct 27, 2022

Top IaC Challenges - Security and Runners

Rebecca Dodd
Product Marketing

In this video series, we’re looking at the most common barriers to Infrastructure as Code (IaC) adoption. We know that cloud security is a prominent concern for many organizations, so in this video Marino Wijay, Developer Advocate at Solo.io, joins us to share his take on the biggest factors impacting cloud security when implementing IaC.

Marino is well placed to talk about these challenges, as he focuses on application networking for microservices and the security concerns regarding communication streams between microservices. 

In the video, we discuss the importance of the following factors in security and IaC:

Role-based access control

No matter the scale of your company or the type of product you build, role-based access control (RBAC) is critical. 

You want to know who has access to what, what they’re able to do, what they’ve done, and then be able to trace actions so if you were to troubleshoot or debug something, you can go back in time. Where RBAC comes into play here is that you are defining a set of groups, a set of individuals, a set of actions, and who can take those actions.—Marino 

Marino notes that we’ve come a long way in our codification of RBAC and how granular we can get based on the use case in question, but that has added complexity to organizations’ security postures. 

In the video, Developer Advocate Tim Davis shares how env0 helps to simplify RBAC while maintaining full control.

Self-hosting

For customers who want to go a step further in controlling access not just by users, but by their IaC management itself, the ability to self-host enables you to run your backend so that your code and secrets are kept inside of your cloud. This can help to address some common concerns from enterprises where the sentiment may be “We can’t trust full SaaS with our IaC.” These concerns usually fall into one of two categories, says Marino:

Visibility

When you have something that’s SaaS-based, you tend to not see a lot of what’s going on underneath. You have a lack of ability to be able to troubleshoot and go deeper, and that creates a bit of a security concern because if you’re trying to trace an attack you’re very limited in what you can trace through.—Marino  

Compliance

"The compliance side of it really falls back to needing things to stay in your own environment so that you have complete visibility as to how it operates and you have complete control over the lifecycle management behind it. Alongside that you actually have control over what that system might be doing in terms of who it’s communicating with and who it’s able to talk to outside of your own network." —Marino Wijay

Secrets management

For many customers, the flexibility to use a trusted and easy-to-implement secrets manager in tandem with their IaC management platform is paramount. HashiCorp’s Vault and AWS Secrets Manager are two of the most commonly used solutions. If you’re looking for an IaC management solution, it’s worth finding out if it supports integration with your chosen secrets manager or if, like some SaaS solutions, you are locked into using their solution. Env0’s approach is not to be prescriptive, so our self-hosted agent supports multiple popular secrets managers, giving you better control. 

Watch the full video below, and stay tuned for the next in the IaC Challenges series, in which we’ll be exploring extensibility challenges in IaC.

Interested in learning more about env0?
Request a Demo
SHARE
You may also like
Day 0 Environment Creation
Share outputs between IaC stacks
Chris' Corner - March 2023
Go back to blog
CNCF Member Badge
Company
About UsIn the NewsPress ReleasesCase StudiesAdditional ResourcesCareers
Developer and DevOps
APITerraform ProviderTerratag Open Source
Terraform Cloud AlternativeDIY AlternativeAtlantis Alternative
FREE TRIAL
Follow Us
Terms of ServicePrivacy PolicySecuritySystem Status
© Copyright env0 2023
This website uses cookies. We use cookies to ensure that we give you the best experience on our website. Learn More
PreferencesDenyAccept
Privacy Preference Center
When you visit websites, they may store or retrieve data in your browser. This storage is often necessary for the basic functionality of the website. The storage may be used for marketing, analytics, and personalization of the site, such as storing your preferences. Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website.
Reject all cookiesAllow all cookies
Manage Consent Preferences by Category
Essential
Always Active
These items are required to enable basic website functionality.
Marketing
These items are used to deliver advertising that is more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the website operator’s permission.
Personalization
These items allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features. For example, a website may provide you with local weather reports or traffic news by storing data about your current location.
Analytics
These items help the website operator understand how its website performs, how visitors interact with the site, and whether there may be technical issues. This storage type usually doesn’t collect information that identifies a visitor.
Confirm my preferences and close