#126
June 19, 2023
EP126 What is Policy as Code and How Can It Help You Secure Your Cloud Environment?
Topics covered:
- What is a policy, is that the same as a control, or is there a difference? And what’s the gap between a policy and a guardrail?
- We have IaC, so what is this Policy as Code? Is this about security policy or all policies for cloud?
- Who do I hire to write and update my policy as code? Do I need to be a coder to create policy now?
- Who should own the implementation of Policy as Code? Is Policy as Code something that security needs to be driving? Is it the DevOps or Platform Engineering teams?
- How do organizations grow into safely rolling out new policy as code code?
- You [Mondoo] say that "cnspec assesses your entire infrastructure's security and compliance" and this problem has been unsolved for as long as the cloud existed. Will your toolset change this?
- There are other frameworks that exist for security testing like HashiCorp’s sentinel, Open Policy Agent, etc and you are proposing a new one with MQL. Why do we need another security framework?
- What are some of the success metrics when adopting Policy as Code?
View more episodes