I wrote up a post over at the RSA Conference blog this week introducing the idea of immutable infrastructure to security professionals. It is a concept that really highlights some of the massive security benefits when you combine cloud computing and DevOps principles. Here’s a snippet:
A simple example is when you use autoscaling in a cloud provider. You have a standard image of a server, and when you need more capacity the cloud service starts new instances behind a load balancer. When you don’t need that much capacity anymore (based on preset rules) the cloud service shuts down instances. This is exactly how elasticity in the cloud works.
No live patching. No remote logins. No antivirus needed (maybe). Any change, at all, to a running server easily detectable and indicative of an attack.
I skipped a lot… go read the full article.