Infrastructure automation happened years ago. Nobody stands up a server by clicking through menus anymore: you describe the machine in a file, run a command, and it comes up identical from the first time to the thousandth. Oddly, the security of that same infrastructure is still stuck in point-and-click. It gets configured by hand, screen by screen, and you pray nobody forgot to tick a box.
That mismatch is exactly what Sysdig flags in a recent piece, and their conclusion is the thesis of this article: cloud security (the protection of infrastructure rented from providers like AWS, Azure, or Google) has to move at the same speed as the cloud it protects. While infrastructure is created in code in seconds and security is configured by clicks over hours, the gap between the two is precisely where the failures live.
Infrastructure as code, security still by clicks
The problem is not theoretical. Security onboarding (the process of connecting and configuring protection for a new environment) still relies, in most organizations, on manual workflows: someone walks through tabs, validates permissions by hand, tests integrations, and fixes errors as they surface. Every one of those steps is an opening for human error, and configuration error is the root of the overwhelming majority of cloud data breaches.
Worse: what gets configured by hand rarely gets documented. Six months later, nobody is sure why that rule is there, or whether it still makes sense. That is how configuration drift is born, the state in which systems quietly stop being what they should be, with no one noticing.
Writing security instead of clicking it
The alternative is to treat security the way we treat the rest of the infrastructure: as code. It is called Infrastructure as Code, where policies, permissions, and controls are written in versioned files, with tools like Terraform, instead of being stamped into a dashboard. The approach is API-first: configuration happens through APIs (the interfaces that let systems talk to each other), with no human in the middle clicking.
When security is born this way, you gain three things clicking never gives you. Consistency, because the same file produces the same result across every environment. Auditability, because every change is written down, dated, and attributed. And brakes at the door: guardrails, mechanisms that show the execution plan and block the unsafe change before it touches production. The AI layer Sysdig describes, able to kick off the process from natural-language prompts, is the accelerator; the foundation is the automation underneath.
"Cloud security onboarding should move at cloud speed", Sysdig writes. It is not a slogan. It is the recognition that security which forces people to slow down always ends up being worked around by whoever has a deadline to hit.
Where to start
The difference shows on the worst possible day: when something goes wrong. In an infrastructure defined as code, an incident is investigated by reading the history; who changed what, when, and why is all written down. In a hand-clicked infrastructure, you are left reconstructing from fragments, with no chain of custody, paying dearly for forensics that a simple log would have made trivial. That is the hidden cost of point-and-click.
For anyone running cloud environments, the path is concrete:
- Define security as code. Policies and permissions in versioned files, not manual settings nobody can rebuild.
- Review the plan before applying it. Guardrails that show what is about to change and stop what is unsafe, before it reaches production.
- Make every change auditable. Every change written, dated, and attributed, so the history answers tomorrow's questions on its own.
- Use AI as an accelerator, not a crutch. Natural language to start the process, with verifiable automation underneath.
Cloud security can no longer be the department that says "wait". Treated as code, it stops being the brake on innovation and starts traveling with it, at the same speed. That is the only pace at which it makes sense to protect something built in seconds.
Original source: Sysdig.
#StaySafe
🙏🖖