Compliance is not just for apps and data. Infrastructure, whether on premises or in the cloud, must also adhere...
to corporate policies. Unfortunately, after resources are spun up for development or production, they often are not checked or audited frequently enough -- or at all -- to ensure they continue operating in compliance with the rules. The concept of enterprise infrastructure governance addresses this need.
A key difficulty with any IT infrastructure, whether it is a physical presence on premises or an invisible one operated by a cloud services provider, is configuration drift, or infrastructure misconfiguration. Configuration drift is a phenomenon in which unplanned, unexpected changes occur in software or hardware, resulting in a compute environment that is inconsistent with specifications implemented manually or through automated scripts. Examples of configuration drift include memory leakage in an application, manual changes made to a development or test environment that are not relayed to production or multiple identical load-balanced infrastructures that gradually fall out of lockstep with each other. If not detected and remedied, these phenomena can aggregate, possibly causing systems to shut down, as in the case of an application that gradually consumes memory until a stack overflow or out-of-bounds error occurs, causing the program to fail.
Drift can occur over time when software is installed, modified or removed; when resources spun up for development and testing are not terminated when no longer needed; when manual infrastructure configuration changes implemented by IT staffers are not adequately documented for compliance tracking; or even due to a tiny coding or logic error in an application. With the rise of APIs, containers and microservices and the resulting fragmentation of yesteryear's monolithic applications into hundreds of smaller pieces, failure to fully monitor their activity can also lead to infrastructure configurations that drift out of compliance with an organization's prescribed infrastructure governance rules.
Enterprise infrastructure governance is helping GlobalGiving ensure its cloud setup, running on Amazon Web Services (AWS), is always in compliance with its own governance policies. A crowdfunded, nonprofit organization that brings donors and businesses together with other nonprofits worldwide, GlobalGiving is based in Washington, D.C. According to its website, the organization has raised in excess of $300 million since 2002 from more than 724,000 people to support nearly 18,500 projects in 170 countries.
"The risk from infrastructure misconfiguration is big, and we're entrusted with a lot of important data and transactions, so security is our highest priority," said GlobalGiving's Justin Rupp, the infrastructure and networking manager who carries the unusual title of senior systems ninja. In addition to maintaining Payment Card Industry compliance to process donations and gift card sales, Rupp said it's essential to make sure no unauthorized changes to the infrastructure are possible. "We need to be able to demonstrate that our infrastructure stays secure." To do that, GlobalGiving turned to Fugue, a Frederick, Md., maker of infrastructure governance policy and configuration automation software.
Not enough organizations share Rupp's concern, according to an October 2017 survey of more than 300 IT professionals conducted by Propeller Insights and sponsored by Fugue.
According to the report, 68% of those surveyed said they rely on checklists and manual reviews to express their organizations' infrastructure policies, rather than automated means driven by configuration scripts. And while respondents indicated that 77% of corporate executives have made infrastructure governance a priority, they also noted that a lingering 7% won't get serious about it until more high-profile hacks make the front pages of the news.
Perhaps the biggest impediment to implementing enterprise infrastructure security, according to 43% of the IT professionals surveyed, is keeping track of all the cloud resources they are running and how they're configured.
Today, cloud infrastructures can be created programmatically, from scripts used to spin up and configure resources to a known state and, through the use of enterprise configuration management software, to keep them there. That's a vast change from yesteryear, when IT would uncrate a physical server, rack-mount it, configure it and then install applications. Maintenance windows and scheduled downtime were standard operating procedures. "That has all shifted with the dawn of infrastructure as code in the cloud," said Michael Sage, technical lead for customer engagement at Fugue.
To spin up a software-defined, cloud-based infrastructure, all a developer, DevOps engineer or site reliability engineer needs to do is write a script that specifies compute, networking and storage resources, Sage said. "Because this is all API-driven, all you need are the right permissions to interface with the APIs. All you need to do is be able to say, 'I need a compute instance of this capacity, running on this network and I'll spin that up programmatically.'"
For Rupp, it adds up to ease of use of infrastructure as code. "I want to predefine what I want and stamp it out everywhere I need it," Rupp said. Spinning up identically configured infrastructures through software has become especially important now that GlobalGiving has moved its entire operation to AWS. "We're now all in on AWS [and] using a lot of regions for application speed," he said. Though managing infrastructure with scripts invoked manually worked at first, it would not have scaled with AWS, he said.
Problems start when that script-driven approach collides with organizational compliance requirements -- those policies that stipulate how an infrastructure must be configured.
To illustrate, Sage used a simple example of encryption. "I need to make sure that, every time I set up some kind of data store, it's encrypted," Sage said. With an API, turning on encryption may be as simple as setting a flag to true or false. What Fugue's infrastructure compliance software does is continually inspect data stores to make sure they stay encrypted long after deployment. By checking configuration scripts against governance policies, Fugue makes sure that infrastructure programs, including scripts that specify the infrastructure, conform to organizational policies, Sage said.
Justin RuppSenior Systems Ninja, GlobalGiving
Automating the reconciliation of infrastructure, scripts and policies to ensure compliance is exactly what Rupp was after.
"We now have a self-documenting infrastructure that shows how everything is set up and how it operates," Rupp said. "In GitHub [the web-based code repository], we now have audit trails for changes and controls. Nothing unauthorized can be created." This approach also enables GlobalGiving to demonstrate, when necessary, that its infrastructure stays secure and in compliance.
A key difference from the pre-cloud era is that developers are now taking responsibility for configuration management as infrastructure becomes software-defined, according to Roy Illsley, principal analyst for cloud computing and virtualization at research firm Ovum.
"We've realized that clouds should be treated like anything else; it needs governance policies in place to control it," Illsley said. Since cloud infrastructures are largely virtual compared with the physical server-based architectures of traditional on-premises data centers, a different method of confirming their configurations is needed. Cloud governance and infrastructure as code fulfill that need, he said. "In the cloud world, you're less sure of exactly what infrastructure you're using."
The advantage for developers feeling the pressure to deliver code quickly is the ability to order up their own infrastructures, Sage said. But, with that power, comes new responsibilities. "Even if I want to push my code through quickly, I have to have some point where I say, 'Is it or is it not conforming to the policies that the business is held to whether they are regulatory or internal?'"
Rupp believes that, without infrastructure governance and compliance monitoring, any organization places itself in danger. "Every moment that an unauthorized change is allowed to persist could mean loss of revenue, service interruptions for your customers and a whole myriad of other problems," he said. "You need to get a governance system in place, right now."