Configuration as code: securing the cloud

The great migration to the cloud has created lucrative opportunities for telecommunications companies to generate revenue. However, new challenges have been introduced in the journey to adopt and migrate applications and workloads to public clouds such as AWS, Google, and Azure. Configuration as code is the best available approach to secure and modernize cloud infrastructure.

In addition to creating revenue opportunities, the cloud has provided a modern approach for telecommunications companies to empower their workforces to work remotely. By leveraging cloud-based productivity and collaboration tools, employees can work from anywhere while remaining hyper-connected to business processes. However, while telecommunications companies have been quick to adopt the cloud, data breaches are on the rise.

Thousands of settings must be maintained to establish policy for how employees authenticate and interact with company data. Configuration as code provides automation to maintain security policies in cloud infrastructure. DevOps is the vehicle for which configuration as code gets deployed and has become vital to the cloud movement. Using configuration as code and DevOps, best practices can be established and maintained for configurations in multiple environments. Configurations can be monitored for drift, documented, backed up, and realigned to the desired state, ensuring that best practices are always in effect.

Many telecommunications companies do not implement the approach because it represents a significant undertaking and requires organizational transformation. Building a solution requires a team with niche technical skills in PowerShell, DevOps, and Graph API as well as ongoing maintenance to keep up with the constantly changing APIs. Adopting the DevOps approach requires significant cultural and process change. Telecommunications companies must be willing to transform.

How does configuration as code get implemented?

There are two ways to deploy the approach. The first is by using open-source tooling. And the second is by purchasing newly available software.

Microsoft 365 DSC is an open-source desired state configuration toolset based on PowerShell, where code represents the desired state. There are three main parts: a repository to store configurations, an export pipeline to pull the latest configurations, and a deploy pipeline to deploy changes. The solution provides automated configuration deployments, daily drift detection, approvals around changes, and it is free.

Limitations include no way to securely export all configuration types, limited coverage of settings, lengthy run times, time-consuming maintenance, no dependency/relationship handling, limited cross-environment portability, and no user interface. The toolset requires PowerShell and DevOps expertise and deploys a uni-directional synchronization. Once you extract configurations to code, you can no longer make changes in portals as there is no ability to merge changes from both sources.

As for third parties, Simeon Cloud provides an out-of-the-box implementation of Configuration as Code management that addresses the gaps in free tooling.

There are many reasons to adopt cloud infrastructure including better insights, collaboration, speed to production, and new revenue opportunities. However, security is not one of the reasons. Public cloud adoption is growing at a rapid pace while modernization of its infrastructure lags behind. Configuration as code is one of the best available operational practices to modernize and secure the cloud.