Threat On The Wire
Deployment pipeline with configuration-as-code templates and secure environment management practices
CISSP Domain 8 Software Development Security

Secure Deployment, Configuration, And Environment Management

J
J

Why this matters

CISSP lens

Pick answers that align business risk, governance intent, and practical control execution.

Many incidents stem from misconfigurations and inconsistent environments rather than code flaws. How you deploy and configure software is as important as how you write it. Domain 8 connects development practices directly to operational security.

Core concept

Secure deployment and configuration management aim to ensure that:

  • Environments are predictable and match documented baselines.
  • Changes are controlled, reviewed, and auditable.
  • Secrets are handled safely.
  • Lower environments do not expose production level data.

Environments and separation

Typical environments include development, test, staging, and production. Good practice:

  • Restrict access more tightly as you move toward production.
  • Avoid using full production data in lower environments. If you must, mask or anonymize.
  • Keep configuration differences between environments minimal and intentional.

Configuration management

Modern teams use:

  • Infrastructure as code tools to define servers, networks, and services.
  • Configuration management tools to apply settings consistently.
  • Version control to track changes.

Benefits include repeatable builds, easier rollback, and better auditability.

Secrets management

Secrets such as passwords, API keys, and certificates must be:

  • Stored in dedicated secrets management systems.
  • Accessed by applications at runtime using secure channels.
  • Rotated regularly, especially after incidents.

Hardcoding secrets in code or storing them in plain text configuration files is a common and serious weakness.

Deployment patterns

Deployment methods like blue green, canary, and rolling deployments affect how you manage risk.

  • Blue green deployments allow quick rollback by switching traffic between environments.
  • Canary releases send a small percentage of traffic to new versions first.

From a security standpoint, these patterns help reduce the blast radius of bad changes and support faster remediation.

CISSP lens

Domain cross-reference

Domain 8 links this topic to change management in Domain 7 and governance in Domain 1.

On the exam, preferred answers:

  • Use version controlled infrastructure and configuration.
  • Enforce change approvals and segregation of duties for production deployments.
  • Protect secrets using dedicated mechanisms, not ad hoc storage.
  • Limit the use of production data in non production environments.

Real-world scenario

A staging environment is set up quickly to support testing. It uses a copy of the production database, but security controls are weaker, and a default admin password is never changed.

Attackers discover the staging system exposed to the internet and extract sensitive data.

The remediation program includes:

  • Implementing network level access controls and VPN requirements for staging.
  • Enforcing secrets management across all environments.
  • Moving to infrastructure as code for environment creation.
  • Establishing policies for when and how production data can be used outside production.

Hardening baselines and benchmarks

A configuration baseline is the documented, approved state a system should be in: which services run, which ports listen, what logging is enabled, how authentication works. Without a baseline, you cannot define drift, and without drift detection, you cannot prove your environment is what you think it is.

You rarely need to invent baselines from scratch. Industry references such as CIS Benchmarks and vendor hardening guides provide tested starting points for operating systems, databases, container platforms, and cloud services. The realistic workflow is: start from the benchmark, document deviations your applications genuinely require, and version the result alongside your infrastructure code.

Baseline elementExamplesWhy it matters
Attack surfaceDisabled services, closed ports, removed default accountsLess exposed functionality means fewer entry points
AuthenticationPassword policy, key-based access, MFA on admin pathsDefault and weak credentials are a leading breach cause
LoggingAudit policy, log forwarding, time synchronizationDetection and forensics depend on it
Patching stateApproved versions, update sourcesKnown-vulnerable software is the cheapest attack path

Golden images bake the baseline into the artifact itself: a pre-hardened machine or container image that every deployment starts from. Combined with immutable infrastructure, where you replace instances instead of patching them in place, the running fleet stays close to the baseline by construction rather than by ongoing discipline.

Detecting and correcting drift

Configuration drift is the gap between the approved baseline and reality. It accumulates through manual hotfixes, troubleshooting sessions that never get reverted, and untracked "temporary" changes that become permanent.

A practical drift program has three layers:

  • Prevention. Remove standing administrative access to production. If engineers cannot SSH in casually, casual drift cannot happen. Changes flow through the pipeline, where they are reviewed and recorded.
  • Detection. Scheduled compliance scans compare running state to the baseline. Cloud configuration monitoring does the same for cloud resources, flagging the public bucket or the security group that opened up overnight.
  • Correction. For declarative, code-defined infrastructure, re-applying the definition converges systems back to the baseline. For everything else, drift findings enter the same triage and remediation flow as vulnerability findings, with severity based on what drifted.

On the exam, drift questions usually reward the answer that establishes automated comparison against a defined baseline over the answer that adds more manual review meetings. Auditable, repeatable, automatic beats heroic and manual.

Common mistakes

Treating non production environments as unimportant and leaving them poorly secured.

Managing production configurations manually on servers without version control.

Storing secrets in code repositories or shared spreadsheets.

Allowing direct developer access to production systems without oversight.

Ignoring configuration drift between supposedly identical nodes.

Actionable checklist

  • Document all environments and what data, access, and controls each has.
  • Adopt infrastructure and configuration as code for critical systems.
  • Implement a secrets management solution and remove hardcoded secrets from repositories.
  • Define roles and approvals for production deployments, enforcing segregation of duties.
  • Regularly compare running configurations to known baselines and remediate drift.
  • Include deployment and configuration questions in internal audits and design reviews.

Key takeaways

  • Secure software requires secure deployment and configuration practices.
  • Automation and version control reduce misconfigurations and support audits.
  • Secrets management is a foundational control that cannot be skipped.
  • CISSP Domain 8 expects you to manage environments as part of software security, not as an afterthought.

Exam-style reflection

Exam practice

A developer commits database credentials in plain text to a shared repository. What is the most appropriate immediate response.

Short answer: Treat the credentials as compromised, rotate the password, remove the secret from the repository where possible, and move to storing such credentials in a secure secrets management system. Update training and processes to prevent recurrence.

Keep learning: Security Testing In The SDLC Without Breaking The Release Train.

This article is part of the CISSP Domain 8: Software Development Security study guide. Use the pillar to navigate every article in this domain.

You might also like
Secure Coding Foundations For Managers
CISSP
members

Secure Coding Foundations For Managers

J
J
Security Operations Foundations: Running Day to Day Security Without Burning Out Your Team
CISSP
members

Security Operations Foundations: Running Day to Day Security Without Burning Out Your Team

J
J
Security Assessment And Testing Fundamentals: How To Know If Your Controls Actually Work
CISSP
members

Security Assessment And Testing Fundamentals: How To Know If Your Controls Actually Work

J
J
© 2025 Threat On The Wire. All rights reserved.