Hi All,
Infrastructure as code (IaC), baselines, and golden images are terms growing in usage across the cloud industry. These terms refer to templates that are used to deploy resources across on-premises and cloud infrastructures. IaC uses code to automate the deployment of compute, network, and storage services, as well as security policies (often denoted as policy as code). The terms baselines and golden images are often used interchangeably. They both use predefined templates to serve as starting points for secure system deployments. Languages and formats used to define IaC templates vary by vendor, but are written to be human readable. Cloud service providers (CSPs) have built-in IaC services that can be used to deploy their specific resources. Open source and commercial IaC tools that are vendor-agnostic are also available for on-premises and cloud deployments. This cybersecurity information sheet outlines key benefits of IaC and practices that should be considered before and after deploying IaC templates.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA, CSA Research Fe
------------------------------