<b>Principles of Infrastructure as Code as a Codex for Mitigating Operational Risks in Critical Services</b>

Mykhaylo Kurtikov

doi:10.18535/ijecs.v14i08.5210

Abstract

This article analyzes the principles of Infrastructure as Code (IaC) as a tool for reducing operational risks in critical services. Its relevance stems from the need to ensure high availability and predictability of infrastructures supporting finance, energy, and other vital sectors. The novelty lies in an interdisciplinary comparison of the latest research covering disaster recovery, DevSecOps practices, blockchain-based logging, and the use of AI agents. The study describes the main IaC styles, evaluates their contributions to lowering RTO/RPO, and examines how they establish reliable code-supply chains. Special attention is paid to the threat of widespread vulnerable configurations. The aim is to identify how IaC’s declarative model, idempotence, and automated testing decrease failure likelihood. Methods include content analysis, comparative review, and tabular synthesis. The conclusion outlines IaC’s role as a “codex” of resilience and suggests directions for further research. This work will be of value to cloud architects, cybersecurity specialists, and DevSecOps researchers.

Keywords

Infrastructure as Code
critical infrastructure
operational risks
disaster recovery
DevSecOps
declarative approach
IaC scanners
RTO/RPO
blockchain logging
AI agents

References

1. Agrawal, R. (2024, November). The role of infrastructure as code in disaster recovery and business continuity. International Journal of Management IT and Engineering, 14(11), 1. https://www.researchgate.net/publication/385385282_The_Role_of_Infrastructure_as_Code_in_Disaster_Recovery_and_Business_Continuity
2. Batu, J. (2024, February). Implementing infrastructure-as-code with cloud disaster recovery strategies. International Journal of Computer Trends and Technology, 72(2), 41–45. https://doi.org/10.14445/22312803/IJCTT-V72I2P108
3. Chintale, P., Korada, L., Ranjan, P., & Malviya, R. K. (2019, August). Adopting infrastructure as code (IaC) for efficient financial cloud management. https://www.researchgate.net/publication/385098470_ADOPTING_INFRASTRUCTURE_AS_CODE_IAC_FOR_EFFICIENT_FINANCIAL_CLOUD_MANAGEMENT
4. Indukuri, A. V. (2025, April). Infrastructure as code: A paradigm shift in cloud resource management and deployment automation. World Journal of Advanced Engineering Technology and Sciences, 15(1), 2309–2317. https://doi.org/10.30574/wjaets.2025.15.1.0478
5. Kumara, I., Garriga, M., Urbano Romeu, A., Di Nucci, D., Palomba, F., Tamburri, D. A., & van den Heuvel, W.-J. (2021). The do’s and don’ts of infrastructure as code. Information and Software Technology, 135, 106593. https://doi.org/10.1016/j.infsof.2021.106593
6. Ozdogan, E., Ceran, O., & Ustundag, M. T. (2023, November). Systematic analysis of infrastructure as code technologies. Gazi University Journal of Science Part A: Engineering and Innovation, 10(4). https://doi.org/10.54287/gujsa.1373305
7. Rahman, M. M., Pokharel, B. P., Sayeed, S. A., Bhowmik, S. K., Kshetri, N., & Eashrak, N. (2024). riskAIchain: AI-driven IT infrastructure—Blockchain-backed approach for enhanced risk management. Risks, 12(12), 206. https://doi.org/10.3390/risks12120206
8. Ramaj, X., Sánchez-Gordón, M., Gkioulos, V., & Colomo-Palacios, R. (2024, August). On DevSecOps and risk management in critical infrastructures: Practitioners' insights on needs and goals. In Proceedings of the 2024 ACM/IEEE 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) and the 2024 IEEE/ACM Second International Workshop on Software Vulnerability Management (SVM). ACM. https://doi.org/10.1145/3643662.3643954
9. Theodoropoulos, T., Rosa, L., Benzaid, C., Gray, P., Marin, E., Makris, A., Cordeiro, L., Diego, F., Sorokin, P., Di Girolamo, M., Barone, P., Taleb, T., & Tserpes, K. (2023). Security in cloud-native services: A survey. Journal of Cybersecurity and Privacy, 3(4), 758–793. https://doi.org/10.3390/jcp3040034
10. Yigit, Y., Ferrag, M. A., Ghanem, M. C., Sarker, I. H., Maglaras, L. A., Chrysoulas, C., Moradpoor, N., Tihanyi, N., & Janicke, H. (2025). Generative AI and LLMs for critical infrastructure protection: Evaluation benchmarks, agentic AI, challenges, and opportunities. Sensors, 25(6), 1666. https://doi.org/10.3390/s25061666

[refR-1] 1. Agrawal, R. (2024, November). The role of infrastructure as code in disaster recovery and business continuity. International Journal of Management IT and Engineering, 14(11), 1. https://www.researchgate.net/publication/385385282_The_Role_of_Infrastructure_as_Code_in_Disaster_Recovery_and_Business_Continuity

[refR-2] 2. Batu, J. (2024, February). Implementing infrastructure-as-code with cloud disaster recovery strategies. International Journal of Computer Trends and Technology, 72(2), 41–45. https://doi.org/10.14445/22312803/IJCTT-V72I2P108

[refR-3] 3. Chintale, P., Korada, L., Ranjan, P., & Malviya, R. K. (2019, August). Adopting infrastructure as code (IaC) for efficient financial cloud management. https://www.researchgate.net/publication/385098470_ADOPTING_INFRASTRUCTURE_AS_CODE_IAC_FOR_EFFICIENT_FINANCIAL_CLOUD_MANAGEMENT

[refR-4] 4. Indukuri, A. V. (2025, April). Infrastructure as code: A paradigm shift in cloud resource management and deployment automation. World Journal of Advanced Engineering Technology and Sciences, 15(1), 2309–2317. https://doi.org/10.30574/wjaets.2025.15.1.0478

[refR-5] 5. Kumara, I., Garriga, M., Urbano Romeu, A., Di Nucci, D., Palomba, F., Tamburri, D. A., & van den Heuvel, W.-J. (2021). The do’s and don’ts of infrastructure as code. Information and Software Technology, 135, 106593. https://doi.org/10.1016/j.infsof.2021.106593

[refR-6] 6. Ozdogan, E., Ceran, O., & Ustundag, M. T. (2023, November). Systematic analysis of infrastructure as code technologies. Gazi University Journal of Science Part A: Engineering and Innovation, 10(4). https://doi.org/10.54287/gujsa.1373305

[refR-7] 7. Rahman, M. M., Pokharel, B. P., Sayeed, S. A., Bhowmik, S. K., Kshetri, N., & Eashrak, N. (2024). riskAIchain: AI-driven IT infrastructure—Blockchain-backed approach for enhanced risk management. Risks, 12(12), 206. https://doi.org/10.3390/risks12120206

[refR-8] 8. Ramaj, X., Sánchez-Gordón, M., Gkioulos, V., & Colomo-Palacios, R. (2024, August). On DevSecOps and risk management in critical infrastructures: Practitioners' insights on needs and goals. In Proceedings of the 2024 ACM/IEEE 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) and the 2024 IEEE/ACM Second International Workshop on Software Vulnerability Management (SVM). ACM. https://doi.org/10.1145/3643662.3643954

[refR-9] 9. Theodoropoulos, T., Rosa, L., Benzaid, C., Gray, P., Marin, E., Makris, A., Cordeiro, L., Diego, F., Sorokin, P., Di Girolamo, M., Barone, P., Taleb, T., & Tserpes, K. (2023). Security in cloud-native services: A survey. Journal of Cybersecurity and Privacy, 3(4), 758–793. https://doi.org/10.3390/jcp3040034

[refR-10] 10. Yigit, Y., Ferrag, M. A., Ghanem, M. C., Sarker, I. H., Maglaras, L. A., Chrysoulas, C., Moradpoor, N., Tihanyi, N., & Janicke, H. (2025). Generative AI and LLMs for critical infrastructure protection: Evaluation benchmarks, agentic AI, challenges, and opportunities. Sensors, 25(6), 1666. https://doi.org/10.3390/s25061666

<b>Principles of Infrastructure as Code as a Codex for Mitigating Operational Risks in Critical Services</b>

Abstract

Keywords

References

Author Resources

Journal Policies

Author Desk