SlideShare a Scribd company logo

Chef Automating Everything-AWS-PubSec-SAO-WashDC_2018

Larry Eichenbaum
Larry Eichenbaum

Learn about how the Chef Automate platform helps enable security, audit, and compliance staff to become engaged in DevOps activities early on by performing infrastructure compliance validation as part of the initial development cycles.

Technology
1 of 26
Download to read offline
Automation for Everything you Manage... ...in one unified platform Larry Eichenbaum Solutions Architect — Fed/Gov larryebaum@chef.io @larryebaum
77% Digital transformation is taking over IT Disrupt or be disrupted. Outperform the competition with digital transformation. Shipping apps and experiences quickly is key to business growth Idea Ship PROBLEM Information Security teams aren’t set up to act rapidly ▪ 71% of IT orgs adopt DevOps1 ▪ DevOps teams work fast ▪ Continuous delivery of change ▪ Slow response from InfoSec ▪ Vulnerabilities and risk PERCEPTION 1—Rightscale, State of the Cloud 2017 2—Gartner, How to Seamlessly Integrate Security Into DevOps (2016) REQUIREMENT Among IT professionals, 81% believe InfoSec policies inhibit agility and speed.2 Information Security professionals agree that their policies inhibit agility and speed.2 81%
The current state of Information Security The continuous demand to increase speed potentially amplifies existing issues Despite velocity gains by other teams, InfoSec lags behind 99% of vulnerabilities exploited will be known to InfoSec for one year or more.1 Since 2014, more than 88% of exploits observed use only nine known vulnerabilities Source: Verizon Data Breach Report 2017 Source: Chef Survey 2017 And after a compliance violation or security vulnerability is discovered: 1 in 2 teams need days or longer to remediate, 1 in 4 need weeks or months 30% need days 28% need weeks or months
Bridging the gap Most InfoSec tools aren’t built for automation & speed InfoSec tools are too far removed from typical developer workflows High-velocity teams use code-driven tools with fast feedback loops
Compliance as Code ROLE OF THE COMPLIANCE OFFICERACCELERATED CYCLE INFRASTRUCTURE AS CODE POLICY AS CODE PRACTICE AS CODE Separate certification & testing Common language for describing & applying policy Compliance at velocity Compliance at VelocityManual Compliance Reactive engagement Proactive engagement Checking implementations by hand Expressing policy as testable code Short term compliance Long term process improvement One language, One workflow
InSpec - Bridging the gap Each team uses separate approach SECURITY DEVOPS COMPLIANCE Unified approach SECURITY DEVOPS COMPLIANCE
The Old Way People working directly on machines Bridging the gap - Security meets Operations The Modern Way People automating machines using code DEVOPS SECURITY DEVOPS COMPLIANCE The New Way Shared tooling across organizations
Continuous Compliance Real-time and historical compliance results Detect which systems are unpatched, vulnerable, or out of compliance Generate weighted reports, allowing you to prioritize and remediate failures.
Continuous Compliance
Continuous Compliance View your Compliance status broken down node-by-node…
Continuous Compliance … as well as profile-by-profile
Continuous Compliance See which controls are failing across your nodes…
Continuous Compliance …or on each managed node individually
Continuous Compliance …or on each managed node individually
Continuous Compliance …or on each managed node individually
Continuous Compliance Dig into failure details on any control…
Continuous Compliance …and even view source code and framework references
InSpec Profile Store Chef Automate comes pre-loaded with a library of Compliance Profiles. Out-of-the-box ability to evaluate software patching, security baselines, and industry-standard benchmarks like CIS and DISA STIG. Upload homegrown InSpec profiles based on your organizational standards via the same interface.
Continuous Compliance Validate your AWS environment alongside your instances
Operational Insights With Chef Automate, you always know exactly when changes are applied to your estate and what was changed. Keep track of every system you mange in one place, filterable by environment, platform, and much more! Each time Chef configures a node, Chef Automate tells you what changed, what didn't, and whether any tasks failed.
Operational Insights
Integrated with Open Source Chef Infrastructure Automation Application Automation Compliance Automation
Chef ▪ Manages deployment and on-going automation ▪ Define reusable resources and infrastructure state as code ▪ Scale elegantly from one to tens of thousands of managed nodes across multiple complex environments ▪ Community, Certified Partner, and Chef supported content available for all common automation tasks Infrastructure automation and delivery at scale windows_feature ‘IIS-WebServerRole’ do action :install end windows_feature ‘IIS-ASPNET’ do action :install end iis_pool FooBarPool do runtime_version “4.0” action :add end package "apache" do action :install end template “/etc/httpd/https.conf” do source “httpd.conf.erb” mode 0075 owner “root” group “root” end service “apache2” do action :start done
Chef: Leader in the DevOps Market ” Leading change in a large and profitable enterprise is challenging for a number of reasons. Chef helps make change work at Target.
Learn more about Chef Automate https://www.chef.io/solutions/government/ https://learn.chef.io
Thanks... Larry Eichenbaum Solutions Architect — Fed/Gov larryebaum@chef.io @larryebaum

Recommended

DevOps
DevOpsDevOps
DevOps
Jeremiah Tillman
 
Testing in the new age of DevOps
Testing in the new age of DevOpsTesting in the new age of DevOps
Testing in the new age of DevOps
Moataz Mahmoud
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
Puppet
 
DevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOpsDevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOps
shira koper
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
Puppet
 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Sebastian Taphanel CISSP-ISSEP
 
API Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIsAPI Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIs
AaronLieberman5
 
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)
Qualitest
 

Recommended

DevOps
DevOpsDevOps
DevOps
Jeremiah Tillman
 
Testing in the new age of DevOps
Testing in the new age of DevOpsTesting in the new age of DevOps
Testing in the new age of DevOps
Moataz Mahmoud
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
Puppet
 
DevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOpsDevSecOps: Putting the Sec into the DevOps
DevSecOps: Putting the Sec into the DevOps
shira koper
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
Puppet
 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Sebastian Taphanel CISSP-ISSEP
 
API Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIsAPI Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIs
AaronLieberman5
 
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)
Qualitest
 
Monitoring at the Speed of DevOps
Monitoring at the Speed of DevOpsMonitoring at the Speed of DevOps
Monitoring at the Speed of DevOps
DevOps.com
 
A journey from dev ops to devsecops
A journey from dev ops to devsecopsA journey from dev ops to devsecops
A journey from dev ops to devsecops
Veritis Group, Inc
 
Enterprise DevOps
Enterprise DevOpsEnterprise DevOps
Enterprise DevOps
Microsoft Visual Studio
 
Deployment Strategies
Deployment StrategiesDeployment Strategies
Deployment Strategies
penetration Tester
 
Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?
Enov8
 
Introduction to Cobalt
Introduction to CobaltIntroduction to Cobalt
Introduction to Cobalt
Cobalt
 
Embracing the Rise of SecDevOps
Embracing the Rise of SecDevOpsEmbracing the Rise of SecDevOps
Embracing the Rise of SecDevOps
Tom Cappetta
 
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentManaging Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
AlgoSec
 
Devops
DevopsDevops
Devops
penetration Tester
 
Deep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesDeep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed Microservices
AaronLieberman5
 
DSOMM
DSOMMDSOMM
DSOMM
penetration Tester
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
Veracode
 
Operationalize all the network things
Operationalize all the network thingsOperationalize all the network things
Operationalize all the network things
Lori MacVittie
 
Dev ops in agile - 1st Conference Melbourne
Dev ops in agile - 1st Conference MelbourneDev ops in agile - 1st Conference Melbourne
Dev ops in agile - 1st Conference Melbourne
Mirco Hering
 
Chefdevseccon2015
Chefdevseccon2015Chefdevseccon2015
Chefdevseccon2015
sc0ttruss
 
Why Serverless is scary without DevSecOps and Observability
Why Serverless is scary without DevSecOps and ObservabilityWhy Serverless is scary without DevSecOps and Observability
Why Serverless is scary without DevSecOps and Observability
Eficode
 
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
PIACERE
 
Enterprise Security APIs
Enterprise Security APIsEnterprise Security APIs
Enterprise Security APIs
Adam Migus
 
SRE 101 (Site Reliability Engineering)
SRE 101 (Site Reliability Engineering)SRE 101 (Site Reliability Engineering)
SRE 101 (Site Reliability Engineering)
Hussain Mansoor
 
Webinar: A Roadmap for DevOps Success
Webinar: A Roadmap for DevOps SuccessWebinar: A Roadmap for DevOps Success
Webinar: A Roadmap for DevOps Success
Jules Pierre-Louis
 
Managing Complexity at Velocity
Managing Complexity at VelocityManaging Complexity at Velocity
Managing Complexity at Velocity
Matt Ray
 
Compliance Automation with Inspec Part 1
Compliance Automation with Inspec Part 1Compliance Automation with Inspec Part 1
Compliance Automation with Inspec Part 1
Chef
 

More Related Content

What's hot

Monitoring at the Speed of DevOps
Monitoring at the Speed of DevOpsMonitoring at the Speed of DevOps
Monitoring at the Speed of DevOps
DevOps.com
 
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentManaging Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
AlgoSec
 
Deep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesDeep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed Microservices
AaronLieberman5
 
Webinar: A Roadmap for DevOps Success
Webinar: A Roadmap for DevOps SuccessWebinar: A Roadmap for DevOps Success
Webinar: A Roadmap for DevOps Success
Jules Pierre-Louis
 

What's hot (20)

Monitoring at the Speed of DevOps
Monitoring at the Speed of DevOpsMonitoring at the Speed of DevOps
Monitoring at the Speed of DevOps
 
A journey from dev ops to devsecops
A journey from dev ops to devsecopsA journey from dev ops to devsecops
A journey from dev ops to devsecops
 
Enterprise DevOps
Enterprise DevOpsEnterprise DevOps
Enterprise DevOps
 
Deployment Strategies
Deployment StrategiesDeployment Strategies
Deployment Strategies
 
Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?
 
Introduction to Cobalt
Introduction to CobaltIntroduction to Cobalt
Introduction to Cobalt
 
Embracing the Rise of SecDevOps
Embracing the Rise of SecDevOpsEmbracing the Rise of SecDevOps
Embracing the Rise of SecDevOps
 
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud EnvironmentManaging Effective Security Policies Across Hybrid and Multi-Cloud Environment
Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment
 
Devops
DevopsDevops
Devops
 
Deep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesDeep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed Microservices
 
DSOMM
DSOMMDSOMM
DSOMM
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
 
Operationalize all the network things
Operationalize all the network thingsOperationalize all the network things
Operationalize all the network things
 
Dev ops in agile - 1st Conference Melbourne
Dev ops in agile - 1st Conference MelbourneDev ops in agile - 1st Conference Melbourne
Dev ops in agile - 1st Conference Melbourne
 
Chefdevseccon2015
Chefdevseccon2015Chefdevseccon2015
Chefdevseccon2015
 
Why Serverless is scary without DevSecOps and Observability
Why Serverless is scary without DevSecOps and ObservabilityWhy Serverless is scary without DevSecOps and Observability
Why Serverless is scary without DevSecOps and Observability
 
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
 
Enterprise Security APIs
Enterprise Security APIsEnterprise Security APIs
Enterprise Security APIs
 
SRE 101 (Site Reliability Engineering)
SRE 101 (Site Reliability Engineering)SRE 101 (Site Reliability Engineering)
SRE 101 (Site Reliability Engineering)
 
Webinar: A Roadmap for DevOps Success
Webinar: A Roadmap for DevOps SuccessWebinar: A Roadmap for DevOps Success
Webinar: A Roadmap for DevOps Success
 

Similar to Chef Automating Everything-AWS-PubSec-SAO-WashDC_2018

Similar to Chef Automating Everything-AWS-PubSec-SAO-WashDC_2018 (20)

Managing Complexity at Velocity
Managing Complexity at VelocityManaging Complexity at Velocity
Managing Complexity at Velocity
 
Compliance Automation with Inspec Part 1
Compliance Automation with Inspec Part 1Compliance Automation with Inspec Part 1
Compliance Automation with Inspec Part 1
 
SoCal DevOps Meetup 1/26/2017 - Habitat by Chef
SoCal DevOps Meetup 1/26/2017 - Habitat by ChefSoCal DevOps Meetup 1/26/2017 - Habitat by Chef
SoCal DevOps Meetup 1/26/2017 - Habitat by Chef
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks
 
Top DevOps Best Practices for a Successful Transition in 2023
Top DevOps Best Practices for a Successful Transition in 2023Top DevOps Best Practices for a Successful Transition in 2023
Top DevOps Best Practices for a Successful Transition in 2023
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
 
All About Intelligent Orchestration :The Future of DevSecOps.pdf
All About Intelligent Orchestration :The Future of DevSecOps.pdfAll About Intelligent Orchestration :The Future of DevSecOps.pdf
All About Intelligent Orchestration :The Future of DevSecOps.pdf
 
How to implement DevOps for Enterprise
How to implement DevOps for EnterpriseHow to implement DevOps for Enterprise
How to implement DevOps for Enterprise
 
OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS
 
DevOps: What is the Right Speed?
DevOps: What is the Right Speed?DevOps: What is the Right Speed?
DevOps: What is the Right Speed?
 
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
 
DevOps culture, concepte , philosophie and practices
DevOps culture, concepte , philosophie and practicesDevOps culture, concepte , philosophie and practices
DevOps culture, concepte , philosophie and practices
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps Sec
 
How to build successful blocks of DevOps
How to build successful blocks of DevOpsHow to build successful blocks of DevOps
How to build successful blocks of DevOps
 
How to build successful blocks of DevOps
How to build successful blocks of DevOpsHow to build successful blocks of DevOps
How to build successful blocks of DevOps
 
Compliance Automation: detect & correct
Compliance Automation: detect & correctCompliance Automation: detect & correct
Compliance Automation: detect & correct
 
The journey to Continuous Automation - Chef Automate
The journey to Continuous Automation - Chef AutomateThe journey to Continuous Automation - Chef Automate
The journey to Continuous Automation - Chef Automate
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
 
IBM i Application Lifecycle Management with Remain Software
IBM i Application Lifecycle Management with Remain SoftwareIBM i Application Lifecycle Management with Remain Software
IBM i Application Lifecycle Management with Remain Software
 

Recently uploaded

PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
Expeed Software
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 

Recently uploaded (20)

PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 

Chef Automating Everything-AWS-PubSec-SAO-WashDC_2018

  • 1. Automation for Everything you Manage... ...in one unified platform Larry Eichenbaum Solutions Architect — Fed/Gov larryebaum@chef.io @larryebaum
  • 2. 77% Digital transformation is taking over IT Disrupt or be disrupted. Outperform the competition with digital transformation. Shipping apps and experiences quickly is key to business growth Idea Ship PROBLEM Information Security teams aren’t set up to act rapidly ▪ 71% of IT orgs adopt DevOps1 ▪ DevOps teams work fast ▪ Continuous delivery of change ▪ Slow response from InfoSec ▪ Vulnerabilities and risk PERCEPTION 1—Rightscale, State of the Cloud 2017 2—Gartner, How to Seamlessly Integrate Security Into DevOps (2016) REQUIREMENT Among IT professionals, 81% believe InfoSec policies inhibit agility and speed.2 Information Security professionals agree that their policies inhibit agility and speed.2 81%
  • 3. The current state of Information Security The continuous demand to increase speed potentially amplifies existing issues Despite velocity gains by other teams, InfoSec lags behind 99% of vulnerabilities exploited will be known to InfoSec for one year or more.1 Since 2014, more than 88% of exploits observed use only nine known vulnerabilities Source: Verizon Data Breach Report 2017 Source: Chef Survey 2017 And after a compliance violation or security vulnerability is discovered: 1 in 2 teams need days or longer to remediate, 1 in 4 need weeks or months 30% need days 28% need weeks or months
  • 4. Bridging the gap Most InfoSec tools aren’t built for automation & speed InfoSec tools are too far removed from typical developer workflows High-velocity teams use code-driven tools with fast feedback loops
  • 5. Compliance as Code ROLE OF THE COMPLIANCE OFFICERACCELERATED CYCLE INFRASTRUCTURE AS CODE POLICY AS CODE PRACTICE AS CODE Separate certification & testing Common language for describing & applying policy Compliance at velocity Compliance at VelocityManual Compliance Reactive engagement Proactive engagement Checking implementations by hand Expressing policy as testable code Short term compliance Long term process improvement One language, One workflow
  • 6. InSpec - Bridging the gap Each team uses separate approach SECURITY DEVOPS COMPLIANCE Unified approach SECURITY DEVOPS COMPLIANCE
  • 7. The Old Way People working directly on machines Bridging the gap - Security meets Operations The Modern Way People automating machines using code DEVOPS SECURITY DEVOPS COMPLIANCE The New Way Shared tooling across organizations
  • 8. Continuous Compliance Real-time and historical compliance results Detect which systems are unpatched, vulnerable, or out of compliance Generate weighted reports, allowing you to prioritize and remediate failures.
  • 10. Continuous Compliance View your Compliance status broken down node-by-node…
  • 11. Continuous Compliance … as well as profile-by-profile
  • 12. Continuous Compliance See which controls are failing across your nodes…
  • 13. Continuous Compliance …or on each managed node individually
  • 14. Continuous Compliance …or on each managed node individually
  • 15. Continuous Compliance …or on each managed node individually
  • 16. Continuous Compliance Dig into failure details on any control…
  • 17. Continuous Compliance …and even view source code and framework references
  • 18. InSpec Profile Store Chef Automate comes pre-loaded with a library of Compliance Profiles. Out-of-the-box ability to evaluate software patching, security baselines, and industry-standard benchmarks like CIS and DISA STIG. Upload homegrown InSpec profiles based on your organizational standards via the same interface.
  • 19. Continuous Compliance Validate your AWS environment alongside your instances
  • 20. Operational Insights With Chef Automate, you always know exactly when changes are applied to your estate and what was changed. Keep track of every system you mange in one place, filterable by environment, platform, and much more! Each time Chef configures a node, Chef Automate tells you what changed, what didn't, and whether any tasks failed.
  • 22. Integrated with Open Source Chef Infrastructure Automation Application Automation Compliance Automation
  • 23. Chef ▪ Manages deployment and on-going automation ▪ Define reusable resources and infrastructure state as code ▪ Scale elegantly from one to tens of thousands of managed nodes across multiple complex environments ▪ Community, Certified Partner, and Chef supported content available for all common automation tasks Infrastructure automation and delivery at scale windows_feature ‘IIS-WebServerRole’ do action :install end windows_feature ‘IIS-ASPNET’ do action :install end iis_pool FooBarPool do runtime_version “4.0” action :add end package "apache" do action :install end template “/etc/httpd/https.conf” do source “httpd.conf.erb” mode 0075 owner “root” group “root” end service “apache2” do action :start done
  • 24. Chef: Leader in the DevOps Market ” Leading change in a large and profitable enterprise is challenging for a number of reasons. Chef helps make change work at Target.
  • 25. Learn more about Chef Automate https://www.chef.io/solutions/government/ https://learn.chef.io
  • 26. Thanks... Larry Eichenbaum Solutions Architect — Fed/Gov larryebaum@chef.io @larryebaum