Chapter 13. Securing Your Infrastructure

Your organization may have security professionals dedicated to securing infrastructure. Or, you may have no one with “security” in their job title or someone with little to no subject-matter expertise. Whether you have the opportunity to collaborate with others or need to figure out what to do on your own, you can improve your infrastructure’s security by adopting a security mindset.

Ideally, securing infrastructure starts when you plan and build out your system’s required resources. But how do you figure out where to start when dealing with existing infrastructure? Defense in depth tells you to apply security practices at different layers to deter harm to your infrastructure, but it doesn’t mean it’s possible to do everything simultaneously. However, by adopting a security mindset, you can improve the reliability, robustness, and general operability of the specific systems you manage, including your applications, tools, and services (i.e., desired attributes of your particular baked goods).

In this chapter, I model an approach for securing your infrastructure. First, assess attack vectors of a generic build pipeline to find your vulnerabilities, and adopt different lenses to narrow your mitigation efforts (i.e., managing identity access and secrets and securing compute and network) so you address the most frequent attacks. Then, I finish with a set of recommended guidelines for your infrastructure management. This chapter by ...