Policy as Code, how to automate cloud compliance verification with open-source tools
Mattia Caracciolo
Policy as Code, how to automate cloud compliance verification with open-source tools.
Rel. Riccardo Sisto. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2023
|
Preview |
PDF (Tesi_di_laurea)
- Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives. Download (2MB) | Preview |
Abstract
Container infrastructures, along with the use of the cloud, represent a new paradigm of application development and release that has become widespread in recent years. Although, on the one hand, such infrastructures bring benefits in scalability, management, and application compatibility, on the other hand, they are not to be considered "secure-by-default." Security enforcement in these environments is a complex task if approached with the "old" methodologies. Technologies are therefore evolving, and a new approach was born: "Policy as Code." This approach allows to abstract security policies into code that can then be executed to automate compliance verification of cloud applications and infrastructure.
Furthermore, it permits the management of policies as normal source code, enabling the implementation of all proven software development best practices such as version control, automated testing, and automated deployment
Tipo di pubblicazione
URI
 |
Modifica (riservato agli operatori) |
