Policy and Infrastructure as Code Go Together Like Syrup and Pancakes
Many organizations need better and tighter infrastructure policy for their distributed systems. This need has been underscored by an increasing number of misconfigurations, especially in distributed microservices and Kubernetes environments.
How policy as code extends infrastructure as code was discussed in this latest episode of The New Stack Makers podcast, another one of our “pancakes and podcast” special episodes. The guests were Deepak Giridharagopal, chief technology officer of Puppet; Tiffany Jachja, data engineering manager for Vox Media; James Turnbull, vice president of engineering of the internationally known luxury and art auctioneer Sotheby’s; and Shea Stewart, a self-professed DevOps tech nerd. Alex Williams, founder and publisher of TNS, hosted the podcast along with Darryl Taft, news director of TNS.
“In this past year, we’ve seen a lot of mishaps, and they’ve led to either security vulnerabilities or hacks and the impacts are very lasting. It’s not just impacting a particular team — it’s impacting full businesses and customers and the customers of their customers,” Jachja said. “Misconfigurations are very, very common. I think 80% of security hacks were reported to be caused by misconfigurations and so this is actually people who go into Kubernetes or into a dashboard.”
The complexities associated with managing on-premises and cloud native environments means that DevOps teams have that much more to monitor, compared to monolithic systems of days past. “There are way more knobs and switches on all the different building blocks [compared to how] people used to build their applications and build their infrastructure,” Giridharagopal said. “There’s more stuff and I think there are more ways to configure it. It’s distributed and sprawled out to a certain extent and I think it’s become more important that those knobs and switches have the same state across all the different instances of different things.”
The right policy — or policy as code — helps to solve the complexity conundrum of modern environments and to avoid misconfiguration. Policy, for example, “allows you to sit at a high level,” Turnbull said.
Creating policy involves setting a series of statements or rules across the environment that might either flag or refuse access to applications, networks or data if the attempted access represents a breach in policy, Turnbull said.
Policy as code as an extension of infrastructure as code should also involve DevOps culture. Siloed teams are no longer an option. In other words, the people factor remains critical. “What sticks out in my mind is always the human element of all of this — which is getting it in the hands of more people and allowing them to understand or collaborate around one topic and inviting the right people to the table,” Stewart said.