COVID-19's impact on infrastructure security

Posted by Cody Valle
July 14, 2020

It’s no secret that COVID-19 is negatively impacting businesses of all sizes in a number of ways. Some more obvious than others. Unless you are in IT, you’re probably not thinking of how COVID-19 can affect the infrastructure security of your organization, but the truth is that as businesses make the tough decision to layoff employees in order to stay in business, basic security hygiene can easily be overlooked. Even organizations that are fortunate enough to not have to make cuts are still impacted in the form of needing access to specialized tools that allow IT & Security teams to enforce infrastructure changes remotely, efficiently, and at scale. If you’re looking to implement a configuration management tool to improve infrastructure security, such as CFEngine, it can be a little overwhelming to understand what types of questions to ask and criteria to consider. To help you brainstorm and prioritize, I’d like to cover what I believe are the top 3 most important criteria to consider during your evaluation.

Security / stability

One of the most important use cases of configuration management tools is to help harden your infrastructure assets. Because of this it is important that as you look to introduce new tools or modify existing ones, that you keep in mind how it can improve or harm your overall security posture.

  • What types of dependencies does this tool rely on? Python, Ruby, etc.
  • Are these dependencies increasing my attack surface?
  • Can these dependencies cause frequent disruptions to my service?
  • Am I able to implement role-based access controls?
  • Can this tool help me enforce & verify security compliance?

Speed / scalability

These days speed & efficiency are critical to survival. One saying that holds true, especially within configuration management, is “Organizations don’t change for 1x improvement. They change for 10x.”

  • How quickly can I execute changes across my entire infrastructure? Second, Hours, Days, Weeks?
  • Can most of the desired and required changes be automated?
  • Will this solution help me avoid configuration drift without manual intervention?
  • Will this solution scale as my business continue to grow?

Multi-purpose

The market drowns in IT tools aimed at increasing efficiency. While many of these tools may serve their intended purpose, the challenge easily becomes that IT teams end up managing too many different tools that each only serve an individual purpose. This not only becomes a headache to manage on a daily basis, but if you’re not careful, can also create many performance issues. Finding a tool that can become more of a Swiss Army Knife for your team can be the simplest and best solution. Less to manage. Less to learn. Happier IT & Security teams. Obviously there are many more questions and criteria to consider when looking to implement new IT tools, but in a time of uncertainty it is important that you don’t sacrifice one problem only to gain multiple others. This is an opportunity to re-evaluate your current set of tools and ensure that moving forward you’re getting the most from them.