Dec 30 2020

Infrastructure as Code Helps Governments Respond Faster to Threats

Using Infrastructure as Code helped boost reliability and security for the New York City Cyber Command.

When local governments seek to keep services such as energy and first response running smoothly and securely, they may turn to Infrastructure as Code to set up infrastructure on demand in the cloud using software.

By using IaC and the cloud, state and local governments save on capital IT costs through a per-usage model and avoid supply chain issues by using the infrastructure of their cloud ­providers. If developers need storage or extra bandwidth, they can access it directly in the cloud rather than having it shipped, says Mark Bowker, senior analyst for mobility and security at Enterprise Strategy Group.

“It can really change the ­procurement process — and more important, how these departments and organizations maintain, manage and procure physical IT infrastructure,” Bowker says.

This technology ­provides an advantage to agencies, according to Google, because they can repeatedly scale the ­infrastructure by using a cloud platform and increase the amount of control they have over the infrastructure supporting their applications.

New York City Takes a Cloud-First Strategy

New York City helped keep essential services secure and reliable by adopting IaC along with a cloud-first strategy using Google Cloud Platform.

New York is using declarative IaC, says Colin Ahern, New York City’s ­deputy CISO, in a recent webinar. “Infrastructure as Code as an operational model and the zero-trust framework as a security architecture are, I think, the two most important elements for any successful cloud deployment,” Ahern says. For New York, an important part of this IaC and cloud strategy was to deliver business value as a city government by letting “computers and robots do computer stuff and people do ­people stuff,” he explains.

“Automation gives our analysts the time to focus on more interesting and technically challenging pieces of the analysis,” adds Quiessence Phillips, ­deputy CISO for threat management at the New York City Cyber Command, in the webinar.

In addition, an open-source framework brings the f­lexibility to collect telemetry data quickly for the city, according to Ahern. 

READ MORE: What does it mean to be Cloud Smart in state and local government? 

Infrastructure as Code Offers a Speedy Response to Threats

With IaC, government agencies can speed up their response to threats.

“In many cases, Infrastructure as Code just means the developer can have access to code faster,” Bowker says. He explains that IaC runs inside the data center of a cloud provider like Google Cloud.

“That code is mapped to cloud infrastructure running in a Google data center that can easily be quarantined, easily be monitored, easily be alerted if a threat should be detected or the application developer or architect or a company or agency needs to make any changes,” Bowker says.

Thinkhubstudio/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.