Check out all the on-demand sessions from the Intelligent Security Summit here.
Simply put, “Everything as Code” (EaC) is a way of managing IT infrastructure and building systems and tools that support modern software applications. It takes the manual processes and activities that people do and turns them into software code so that machines can do those things instead. Anything that teams need to figure out, agree on and control gets documented and “codified” as a configuration file that humans can read, and then machines can execute.
Imagine if your kitchen could somehow understand your favorite recipe and then automatically choose the right tools for prepping it, the right process for cooking it, and even the right wine and dessert pairings, and then serve that exact meal to you over and over and over, every time you asked for it. Sounds impossible? …It is. But if your kitchen were a public cloud provider, and your meal was a software application, it’s pretty much exactly what we’re talking about here.
Everything as Code lets developers tell their cloud providers (or their local systems) exactly what they need in order to “serve up” the perfect application, and then the systems and tools and processes all execute that plan to make it so.
Using development best practices to accelerate time to market
EaC has been as much a cultural shift as a technological one because it completely revolutionized the way developers think about building, deploying and updating software. For example, before “as code,” if, say, a small business needed to run an application, they’d need to take a lot of steps. An IT administrator would order a physical server with the right amount of physical onboard disk, CPU and memory. It would arrive a few weeks later, and the admin would have to install the operating system, configure the kernel for maximum efficiency and then hook the server up to a physical network. All these steps were time-consuming, prone to human error and not easily scalable — and just a few of the things that had to be done before software developers could actually start running their apps.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
With an “as code” approach, a developer can describe the same infrastructure in a policy configuration file, which tells their chosen cloud provider exactly the right type of server environment to “spin up.” The cloud provider can have it set up in seconds, and development can start immediately. Later, if the developer needs to make a change or move from a test environment to a production environment, they can just modify the file in code, resubmit it and the cloud provider will have it updated in seconds. This increases speed and scale exponentially since machines can execute code far faster than humans can perform tasks, and if done right, it can also eliminate human error and repetitive work.
Popular “as code” examples
Infrastructure as code
Modern software runs in a hyper-virtualized environment, which adds complexity but also allows an unparalleled level of control. Application code is run in virtual containers, themselves running on virtual machines, all connected with virtual networking — all of which can be controlled with software code. Today, instead of ordering a server, developers can simply define what their app needs and then submit that request as software code. The cloud platforms execute that code and automatically build the environment that was requested. What is really important about this is that it allows companies to “scale on demand” — they pay for the actual usage at any given time, and they can scale up or down as needed.
Policy as code
This is when policies are a bunch of rules codified and enforced across different systems. Think of “policy as code” as a set of guardrails that determine what is allowed to happen and what can never happen. Policy is decoupled — or separated — from the app or infrastructure. That way, if a policy needs to be changed, a developer doesn’t have to update — or worry about changing or breaking — the rest of the app or infrastructure. That means you can change the coding for the policy without changing the coding for the app. Open Policy Agent (OPA) is a great example of policy as code — OPA is a general-purpose policy engine that provides a single standard for policy that can be enforced anywhere.
Top three benefits of an everything-as-code approach
When you let humans be creative and think through hard problems, and you let them collaborate, share and imagine, we all know magic can happen. Everything as Code lets humans decide what’s right, and then tasks machines with making that so. That means you get the best out of everything, including:
- Repeatability: All processes, policies and descriptions are written down in code, so they are easily replicated. Let’s say a developer working for a global bank wants to set a policy that says, “Only users located in the central U.S. can access business accounts between 9 a.m. and 5 p.m. CT.” If another developer located in Europe wants to implement the same policy, but with an updated time zone, they can easily replicate the policy to do so. This saves the second developer time, frees them from reinventing the wheel, and also means less room for error.
- Scalability: Defining configuration as code means that systems can scale up and down on demand with little risk of error. And since environments are literally defined in code and can be spun up anywhere, testing gets easier too. Development, testing and production environments can be as close to identical as possible, and lessons learned in one can be applied to the others with policy changes alone. With an “as code” approach, developers can test their changes before they are put into production, reducing the risk of errors and security risks. Automation also frees up developers’ time and allows them to focus on more differentiated work.
- Security: When security policy and configuration are moved out of dedicated black boxes, PDFs and team meetings and are instead codified in policy files, teams can treat those policy files just like any other software file. That means they check it in and peer-review it. They iterate on it and implement that security everywhere. It can be rolled forward or back as needed. And, when teams need to prove to auditors that their policy is in compliance, they can easily point to the code.
When done right, “everything as code” lets teams define what’s right and then lets the systems take it from there. It democratizes the ability to build applications and solve problems, meaning more people can contribute to a better final product.
And, of course, Everything as Code isn’t just about the control of systems. It also takes advantage of the culture of work that software developers have built to minimize errors and maximize satisfaction and productivity. By automating away repetition and fostering collaboration, Everything as Code lets humans focus on new challenges and meaningful work and lets the machines handle the rest.
Tim Hinrichs is CTO and cofounder of Styra.
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.
If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing an article of your own!