ControlMonkey, the only fully end-to-end Terraform automation platform delivering Total Cloud Control, is unveiling the IaC Risk Index, a comprehensive, purpose-built dashboard that measures cloud risk at infrastructure delivery. By correlating Terraform coverage with security vulnerabilities, enterprises benefit from increased visibility that integrates the nuances of infrastructure deployment and cloud-based risks.
Rivaling traditional security dashboards that deliver information on misconfigurations after they occur, ControlMonkey’s IaC Risk Index affords both cloud and security teams visibility into how the infrastructure was delivered. The IaC Risk Index sheds light on which vulnerable resources are currently unmanaged, drifted, or governed, enabling precise, state-aware remediation, according to ControlMonkey.
This innovation tackles the risks of unmanaged infrastructure—or resources not governed by Terraform or delivered through a secure pipeline. According to ControlMonkey research, compared to managed infrastructure, unmanaged infrastructure carries up to 2x more security risk. Despite this, many enterprises are unaware of how much of their infrastructure is truly governed by code, with ControlMonkey research showing that most coverage is 30-40% lower than original estimates.
With ControlMonkey’s IaC Risk Index, organizations benefit from the closure of this security and visibility gap with a unified view of infrastructure coverage.
“Security begins with delivery,” said Aharon Twizer, CEO and co-founder of ControlMonkey. “When infrastructure is created outside of IaC pipelines, it bypasses every control we rely on—validation, policy, versioning, everything. That’s where risk lives. And until now, no one was measuring it. We’re thrilled to release this critical new lens on security so cloud teams everywhere can get ahead of risk.”
Some key capabilities of ControlMonkey’s IaC Risk Index include:
- Risk Scoring: A color-coded benchmark helps teams quickly assess risk posture by environment, ranging from green (full control) to red (<50% coverage, high risk)
- IaC Vulnerability Visualization and Prioritization: Highlights which parts of the infrastructure are unmanaged by Terraform and how those resources align with security risks, ranking the most critical areas
- Change Attribution and Risk Mapping: Identifies how each vulnerable resource was delivered (manual, drifted, or governed) and what state it’s in, establishing context that informs the most effective remediation flow
- One-Click Remediation: Imports unmanaged resources into Terraform with one click, generates security-aligned code, and fixes issues at the source before they reach production
“More IaC coverage means fewer security issues, period,” said Nir Rothenberg, CISO of Rapyd. “What stood out with ControlMonkey was how easy it became to do things the right, modern way. When infrastructure and security teams can actually cooperate by design, that’s when security really works.”
Core to the IaC Risk Index is establishing a “shared metric” of risk between cloud and security teams. Aligning these personas around exposure and remediation based on a common language and goal, cloud and security teams are able to better manage infrastructure—and therefore better mitigate risk.
“The IaC Risk Index is a bridge between security and cloud teams,” said Ori Yemini, CTO and co-founder. “IaC coverage gives both sides a shared metric, a shared objective, and a shared way to reduce risk at the source. This kind of alignment is long overdue, and much needed.”
To learn more about ControlMonkey’s IaC Risk Index, please visit https://controlmonkey.io/.