How infrastructure as code can help deliver next-level digital transformation
- By Drew Epperson
- Dec 03, 2020
Implementing new applications or code at federal agencies has long followed a lengthy path: An IT team or manager makes a request. Infrastructure team members overseeing servers, storage, security or the network then build both development and testing environments. Finally, the application or code is migrated into a separate production environment.
During this slow, manual process, inconsistencies can arise because engineers typically have unique ways of approaching these tasks. Configuration differences also complicate troubleshooting for the quality assurance and testing teams trying to determine if a discovered problem is caused by the code or by the environment.
This situation can lead to disjointed environments and potential deployment and security issues. It also increases costs, as agencies are required to maintain multiple production environments.
Bringing consistency to infrastructure
One answer to this problem is infrastructure as code, which offers a more consistent, efficient and cost-effective approach for new application implementations and cloud infrastructure management. As IBM has noted, IaC allows agencies to develop, deploy and scale applications at greater speed with fewer risks and reduced costs. It treats the configuration of infrastructure -- servers, storage, security and network capabilities -- as code, so environments are more unified, and applications are more consistent and secure.
Using IaC, infrastructure teams can centrally manage their code in one shared repository, enabling them to automatically implement a new firewall, cloud enclave or application rather than manually stitching together disparate assets. This eliminates the need to build multiple environments for every application.
IaC also encourages faster, more agile change processes. If team members want to make improvements within the firewall environment, for example, they can avoid lengthy change request approvals by simply submitting requests inside an IaC management tool, which will merge all pending updates to a master update location. Whoever owns the master update location can either approve or deny the request.
Perhaps one of the greatest IaC benefits is streamlining the authorization to operate process for applications. ATO approval requires validation of infrastructure around the application in question -- the server, storage, security and network supporting it. This traditionally requires a lengthy and often onerous verification audit. Instead, using IaC ensures that the same code is tested across all environments. Baselines can be set from day one to establish the controls needed for the ATO, before even submitting a request.
Because IaC configurations are logged, there is a comprehensive audit trail of any infrastructure changes that may occur during the ATO process, allowing for quick assessment of whether those could impact ATO approval.
There are many advantages for private-sector organizations to adopt IaC. The benefits are available and perhaps even more advantageous to government agencies, which are accelerating their digital transformation in light of 2020’s dramatic shift to telework and other IT modernization demands. Agencies can now leverage IaC to innovate more swiftly and consistently, with enhanced accountability.
In making a case for IaC with agency decision-makers and key influencers, IT leaders should encourage discussion of the following questions:
- Would we benefit with more rapid and standardized development and ATO processes by adopting IaC?
- How do we set up a formal system of managing, tracking and auditing our IaC initiatives?
- Which tools will enable us to inspect our IaC for misconfigurations or vulnerabilities while implementing best practices?
By addressing these questions, infrastructure leaders can help guide their agency toward greater efficiency, consistency and security. Using a formal IaC process will ensure that the code achieves desired outcomes without introducing more vulnerabilities. Ultimately, adopting the “one way” of IaC can bring agencies closer to a fully realized digital transformation.
Drew Epperson is director of federal solution architecture at Palo Alto Networks.