Throughout the book so far, we’ve focused on how to securely configure your cloud environment. This can be useful as a guide if we’re building out new resources and want to apply best practices as we go. But rarely do we find ourselves starting new applications from scratch, with everyone baking in security from the start. More often we’re in one of these other situations:
- Maintaining or extending existing applications that weren’t built with security best practices
- Working on a new application with many other people who may not be following the same best practices
- Evaluating security posture or resolving security issues for many applications
Scale and speed of development, two of the primary reasons that people use cloud platforms like AWS, make applying security best practices in these situations difficult. With scale, we may have hundreds or thousands of AWS resources we need to check for compliance with best practices. With the speed of development, we need to check these resources frequently because they can be changing all the time. By the time we checked all of the resources, we’d need to start over and check them again. Unless we want this to be our full-time job, we need a better way to solve this problem.