Learn about how the Chef Automate platform helps enable security, audit, and compliance staff to become engaged in DevOps activities early on by performing infrastructure compliance validation as part of the initial development cycles.
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Automate Everything with One Unified Platform
1. Automation for
Everything you Manage...
...in one unified platform
Larry Eichenbaum
Solutions Architect — Fed/Gov
larryebaum@chef.io
@larryebaum
2. 77%
Digital transformation is taking over IT
Disrupt or be disrupted. Outperform the competition with digital transformation.
Shipping apps and experiences quickly is key to business growth
Idea Ship
PROBLEM
Information Security teams
aren’t set up to act rapidly
▪ 71% of IT orgs adopt DevOps1
▪ DevOps teams work fast
▪ Continuous delivery of change
▪ Slow response from InfoSec
▪ Vulnerabilities and risk
PERCEPTION
1—Rightscale, State of the Cloud 2017
2—Gartner, How to Seamlessly Integrate Security Into
DevOps (2016)
REQUIREMENT
Among IT professionals, 81%
believe InfoSec policies inhibit
agility and speed.2
Information Security
professionals agree that their
policies inhibit agility and
speed.2
81%
3. The current state of Information Security
The continuous demand to increase speed potentially amplifies existing issues
Despite velocity gains by other teams, InfoSec lags behind
99% of vulnerabilities
exploited will be known to
InfoSec for one year or more.1
Since 2014, more than 88% of
exploits observed use only
nine known vulnerabilities
Source: Verizon Data Breach Report 2017 Source: Chef Survey 2017
And after a compliance violation or security
vulnerability is discovered:
1 in 2 teams need days or longer to
remediate, 1 in 4 need weeks or months
30%
need days
28%
need weeks
or months
4. Bridging the gap
Most InfoSec tools aren’t built
for automation & speed
InfoSec tools are too far removed
from typical developer workflows
High-velocity teams use
code-driven tools with fast feedback loops
5. Compliance as Code
ROLE OF THE COMPLIANCE OFFICERACCELERATED CYCLE
INFRASTRUCTURE
AS CODE
POLICY
AS CODE
PRACTICE
AS CODE
Separate
certification
& testing
Common
language for
describing &
applying policy
Compliance at velocity
Compliance at VelocityManual Compliance
Reactive
engagement
Proactive
engagement
Checking
implementations
by hand
Expressing policy
as testable code
Short term
compliance
Long term process
improvement
One language, One workflow
6. InSpec - Bridging the gap
Each team uses separate approach
SECURITY
DEVOPS
COMPLIANCE
Unified approach
SECURITY DEVOPS
COMPLIANCE
7. The Old Way
People working directly on machines
Bridging the gap - Security meets Operations
The Modern Way
People automating machines using code
DEVOPS
SECURITY
DEVOPS
COMPLIANCE
The New Way
Shared tooling across organizations
8. Continuous Compliance
Real-time and historical compliance results
Detect which systems are unpatched,
vulnerable, or out of compliance
Generate weighted reports, allowing you to
prioritize and remediate failures.
18. InSpec Profile Store
Chef Automate comes pre-loaded with a
library of Compliance Profiles.
Out-of-the-box ability to evaluate software patching,
security baselines, and industry-standard
benchmarks like CIS and DISA STIG.
Upload homegrown InSpec profiles based on your
organizational standards via the same interface.
20. Operational Insights
With Chef Automate, you always know exactly
when changes are applied to your estate and what was changed.
Keep track of every system you mange in one place,
filterable by environment, platform, and much more!
Each time Chef configures a node, Chef Automate tells you
what changed, what didn't, and whether any tasks failed.
22. Integrated with Open Source Chef
Infrastructure
Automation
Application
Automation
Compliance
Automation
23. Chef
▪ Manages deployment
and on-going automation
▪ Define reusable resources
and infrastructure state as code
▪ Scale elegantly from one to tens of
thousands of managed nodes across
multiple complex environments
▪ Community, Certified Partner, and
Chef supported content available
for all common automation tasks
Infrastructure automation
and delivery at scale
windows_feature ‘IIS-WebServerRole’ do
action :install
end
windows_feature ‘IIS-ASPNET’ do
action :install
end
iis_pool FooBarPool do
runtime_version “4.0”
action :add
end
package "apache" do
action :install
end
template “/etc/httpd/https.conf” do
source “httpd.conf.erb”
mode 0075
owner “root”
group “root”
end
service “apache2” do
action :start
done
24. Chef: Leader in the DevOps Market
”
Leading change in a large and profitable enterprise is challenging for a number
of reasons. Chef helps make change work at Target.
25. Learn more about Chef Automate
https://www.chef.io/solutions/government/
https://learn.chef.io