Our Thoughts on Modern Configuration and Secrets Management

The High Cost of Misconfigurations and How to Prevent Them

Written by Greg Arnette | Apr 22, 2024 9:20:32 PM

Let's candidly discuss a recent news topic related to a daily problem our engineering teams face.

The problem is chronic misconfigurations that cause outages or security breaches.

Just recently, McDonald's suffered a worldwide IT outage, which cost the company $62 million in revenue. Guess what? The root cause was a misconfiguration by a third-party vendor.

Two months ago, AT&T experienced a network-wide outage caused by a config error. Their revenue and reputation took a hit, with $350 million of customer restitution fees and bold headlines calling them to task for dropping 5,000 911 calls.

And these two are not isolated examples. A comprehensive incident post-mortem study revealed that misconfigurations cause 75% of outages or breaches.

Even the NSA & CISA are urging companies via "a call to action" special advisory to get their "config data houses" in order. We can't risk a government vendor causing a misconfiguration that could lead to a national security nightmare.

Why haven't we fixed this problem?

There are three main reasons:

  1. First, there's too much status quo legacy thinking about config data. Remember, this mission-critical data is "load-bearing" -- nothing works when config gets borked. As an industry, we must responsibly manage our secrets, parameters, variables, and templates.
  2. Second, a reliance on a passive "config architecture." Lacking a proactive mindset, many teams rely on config data management anti-patterns that undermine their uptime and security hardening goals.
  3. And finally, fixing this issue "once and for all" is a real slog. This is true. Paying down config tech debt is much toil. But there is a "promised land" on the other side, and CloudTruth will take you there.

 

How does CloudTruth help?

We're the first purpose-built solution to prevent misconfigurations.

We start by integrating with your existing config data, secrets, and ops tooling. We then reorganize the data using a proven config architecture pattern called 7-Factor Config and give you parameterized templates for injection into any release process.

Combining this awesomeness with change tracking, auditing, RBAC, and policy guardrails results in an organized and protected configuration data platform with low effort.

CloudTruth does all this with one command, regardless of which cloud, IaC tool, container tool, or CI/CD tool you use.

It is magical, and I bet the words "magic and config" have never been used together in the same sentence. 😀

Give CloudTruth a try and see for yourself.