Romina Druta, Sr. Cloud and Security Research Engineer, VISMA
As organisations are increasingly hosting theirs services in the cloud, Infrastructure as Code tools(IaC) are highly used in automating the provisioning of the cloud services. Those tools can introduce security weaknesses and risky changes to the cloud platforms which started to become a highly attractive attack surface for the hackers. This presentation is a study about IAC security of 22 Visma projects having theirs cloud infrastructure hosted in GCP, AWS and Azure. The aim of this presentation is to make practitioners aware of vulnerabilities that can appear in their infrastructure when using IaC but also it shows what we have learned in our journey to Shift-Left security for the cloud.
