DevOps Configuration Management Tier Discussion
from to on 09 Jan 2024 17:15

Does your choice of configuration management tool (Ansible, SALT, Puppet, Chef, etc) control tier 0 assets? (Authentication/directory servers, network equipment, etc)

Do you consider your CM tool tier 0?

If so, do you only allow access to it via privileged access workstations?

Would you use GIT for the code repository?

What about if the GIT repo was local and also controlled as a tier 0?

What does your CM setup look like?

#cybersecurity on 09 Jan 2024 19:56 collapse

Not my personal setup, but I’ve worked at orgs in the past where the tier0 infra was set up using terraform and all funneled through github PRs. To add users/gain access to resources…etc, users would submit a PR and someone on the IT team would review/reject accordingly. It allowed for scalability and version/config control, but still required human input for the actual security question decision making.