Qualys has announced it is adding Infrastructure as Code (IaC) scanning to its CloudView app. This will enable detection and remediation of misconfigurations early in the development cycle, removing risk in the production environment.
As noted in the (ISC)2 2021 Cloud Security Report , security professionals’ biggest threat with public clouds is the misconfiguration of resources. Misconfigurations are often detected post-deployment, leaving companies with a much larger attack surface and more vulnerable to exploits.
Increasingly, organizations are using IaC to deploy cloud-native applications and provision their cloud infrastructure. Thus, it’s important to shift security left to identify and remediate misconfigurations at the IaC template stage.
Detecting security issues earlier in the development cycle accelerates secure application delivery and fosters greater collaboration between DevOps and security teams. More importantly, it enforces better security policies in the production environment.