I wrote up a post over at the RSA Conference blog this week introducing the idea of immutable infrastructure to security professionals. It is a concept that really highlights some of the massive security benefits when you combine cloud computing and DevOps principles. Here’s a snippet:
A simple example is when you use autoscaling in a cloud provider. You have a standard image of a server, and when you need more capacity the cloud service starts new instances behind a load balancer. When you don’t need that much capacity anymore (based on preset rules) the cloud service shuts down instances. This is exactly how elasticity in the cloud works.
…
No live patching. No remote logins. No antivirus needed (maybe). Any change, at all, to a running server easily detectable and indicative of an attack.
I skipped a lot… go read the full article.
Comments