Automated Assurance: Safeguarding Deployments with Code

As organizations increasingly adopt cloud environments, they become attractive targets for cyber attacks, with many breaches stemming from misconfigurations in cloud setups. The National Security Agency (NSA) has identified ten key strategies to bolster cloud security, each outlined in a corresponding cybersecurity information sheet.

Here are the NSA’s top ten recommended mitigation strategies:

1. Uphold the Cloud Shared Responsibility Model
2. Use Secure Cloud Identity and Access Management Practices
3. Use Secure Cloud Key Management Practices
4. Implement Network Segmentation and Encryption in Cloud Environments
5. Secure Data in the Cloud 6. Defending Continuous Integration/Continuous Delivery (CI/CD) Environments
6. Enforce Secure Automated Deployment Practices through Infrastructure as Code
7. Account for Complexities Introduced by Hybrid Cloud and Multi-Cloud Environments
8. Mitigate Risks from Managed Service Providers in Cloud Environments
9. Manage Cloud Logs for Effective Threat-hunting

In this article, We will examine the implementation of secure automated deployment practices using Infrastructure as Code (IaC) [Strategy 6].

The cloud industry increasingly uses Infrastructure as Code (IaC), baselines, and golden images, which are templates for deploying resources in both on-premises and cloud infrastructures. IaC automates deployment using code for compute, network, storage services, and security policies (policy as code). Baselines and golden images are often used interchangeably, providing predefined templates for secure system deployments. Various languages and formats define IaC templates, designed to be readable by humans.

Cloud service providers offer built-in IaC services, while vendor-agnostic open-source (Terraform, OpenTofu, Pulumi) and commercial tools(Cloudformation, Cloud Deployment manager) are available for both on-premises and cloud deployments. This information sheet highlights the benefits of IaC and essential practices to consider before and after deploying IaC templates.

Role of IaC in cloud security

IaC tackles development and security challenges throughout the software development lifecycle, such as environment drift, reusability issues, and delayed detection of security misconfigurations. It provides solutions to these common problems. Additionally, it outlines various MITRE ATT&CK? and MITRE D3FEND? threat and defensive techniques, serving as illustrative examples, though not exhaustive.

Elimination of manual deployments

Using manual methods to deploy cloud resources takes a lot of time and can lead to mistakes. These mistakes might cause problems with how things are set up and create security risks.

With Infrastructure as Code (IaC), everything is set up in one place and is part of a process called continuous integration/continuous delivery (CI/CD).

This saves time because tasks that need to be done repeatedly in different places can be automated. IaC can also work with policy as code to check if resources are set up correctly before they're deployed. If anything isn't right, the deployment won't happen. Also, if you use a version control system with IaC, you can keep track of all the changes made to the setup files.

Immutable infrastructure

Immutable infrastructure means that the setup of your system is fixed and cannot be changed directly. Any adjustments must be made by deploying new Infrastructure as Code (IaC) templates. This approach minimizes the chance of having unmonitored assets, making it easier to detect potential security threats.

Drift detection

Drift detection is a feature in many Infrastructure as Code (IaC) tools that identify changes made to infrastructure resources outside of the defined template. It alerts users when manual updates occur, helping to maintain consistency.

Avoiding complexity

Avoiding complexity is crucial for maintaining security in your infrastructure. Infrastructure as Code (IaC) simplifies management by defining infrastructure through code, reducing complexity and making it easier to handle. By automating and securing cloud infrastructures, IaC helps mitigate risks related to human error, ensuring compliance standards are met.

Tagging

Tagging is another important aspect, allowing for easy organization and monitoring of resources by assigning metadata. Deploying resources with IaC ensures automatic tagging, promoting standardization and compliance with organizational policies.

It's not just limited above features but it also helps In disaster recovery scenarios, IaC facilitates timely recovery by allowing for redeployment of infrastructure using stored template backups instead of manual rebuilding.

Threat Modeling

Before creating Infrastructure as Code (IaC) templates, it's crucial to conduct threat modeling to identify potential threats, attack vectors, and security measures needed to prevent them. This proactive approach ensures comprehensive coverage of security gaps before resources go live. Utilizing frameworks like MITRE ATT&CK helps identify common adversary tactics and techniques, enabling the implementation of effective mitigations to reduce the risk of successful attacks.

SAST/DAST

Before deploying templates, it's essential to conduct static analysis to detect resource misconfigurations and security gaps. Various tools offer prebuilt policy as code standards for common security issues in Infrastructure as Code (IaC), such as overly permissive access and plaintext secrets. However, it's crucial to choose tools carefully, considering the potential risks of granting access to template files. Deploying templates in testing environments is also vital to ensure that resource definitions work as intended, particularly when deploying against existing resources to avoid accidental overwrites.

Similar to before deployment, it's important to conduct dynamic testing after deploying resources using Infrastructure as Code (IaC), to verify their functionality and ensure that all identified threat vectors have been adequately addressed.

NSA has also listed best practices for deploying IaC to secure deployment in your organization.

Before deploying IaC templates, it's important to follow these best practices:

• Create a threat model to identify potential attack vectors and appropriate mitigations.
• Decide whether organizational rules should be encoded as declarative or imperative.
• Conduct static analysis to detect misconfigurations and security gaps in templates.
• Enable version control for IaC templates.
• Integrate template deployment into existing CI/CD pipelines.

After deploying IaC templates, additional best practices include:

• Conduct dynamic analysis to ensure correct resource deployment and address threat vectors.
• Implement access control on IaC templates.
• Avoid manual changes to resources deployed through IaC.
• Enable continuous logging and monitoring to detect unauthorized changes.
• Audit changes made to IaC templates.

References

[1] NSA’s Top Ten Cloud Security Mitigation Strategies

[2] Automated Deployment Practices through Infrastructure as Code