Infrastructure as Code (IaC) offers significant benefits in terms of scalability, efficiency, and reliability but is also subject to security threats. To secure IaC infrastructure, it's crucial to focus on network security, access control, data protection, runtime configuration, and regular audits. Common security concerns in IaC include misconfiguration, hard-coded secrets, lack of security tests, encryption issues, and audit trails. Adopting best practices such as using SSO, enabling MFA, encrypting data at rest and transit, and conducting regular security vulnerability scanning can help improve IaC security. Spacelift's security architecture is SOC2 Type II certified, which involves assessing five pillars of trust: Security, Availability, Integrity, Confidentiality, and Privacy. Regular security audits and penetration testing are also conducted to identify weaknesses and ensure compliance with the trust pillars. Spacelift's security features include SSO, private workers, access to private VCS, spaces for access control, cloud integrations, environment variables and contexts, policies, custom inputs, module registry, state management, and self-hosted options.