Infralovers, profile picture
Uploaded byInfralovers
PDF, PPTX416 views

Compliance Automation

This document discusses using InSpec and Chef Automate to automate compliance testing. It provides an overview of how InSpec works by translating compliance policies into testable code. It then discusses how Chef Automate can be used to integrate InSpec scans into continuous workflows to enable continuous compliance testing across infrastructure as code. The document concludes with demos of using InSpec with infrastructure provisioned on AWS and compliance testing on Windows systems.

Embed presentation

Download as PDF, PPTX
Compliance Automation with InSpec and Chef Automate Infracoders/ DevOps / CloudNativeMeetup GRAZ - 11th September, 2018
Agenda 19:00-20:00 Talk • Do you know all your IT-vulnerabilities? • Edmund Haselwanter,CEO @ Infralovers 20:00-21:00 Networking • At the bar in the front www.infralovers.com
A little bit of History • Client: Can we automate our Compliance Profiles? > YES, we can! • Prototype with Serverspec for Compliance Check Automation and Chef and Puppet for Infrastructure Automation • Opensourced at https://dev-sec.io www.infralovers.com
A little bit of History II • Birth of InSpec (https://inspec.io) ✓ Inspired by Serverspec ✓ Compliance Primitives (Profiles, Weight, Description, ..) ✓ Better Transport Options (SSH/WinRM/Docker) ✓ A lot more Resources • InSpec 2.0 Supports Cloud Platforms like AWS, Azure, … www.infralovers.com
PART OF A PROCESS OF CONTINUOUS COMPLIANCE Scan for Compliance Build & Test Locally Build & Test CI/CD Remediate Verify A SIMPLE EXAMPLE OF AN INSPEC CIS RULE InSpec ▪ Translate compliance into Code ▪ Clearly express statements of policy ▪ Move risk to build/test from runtime ▪ Find issues early ▪ Write code quickly ▪ Run code anywhere ▪ Inspect machines, data and APIs Turn security and compliance into code control ‘cis-1.4.1’ do title ‘1.4.1 Enable SELinux in /etc/grub.conf’ desc ‘ Do not disable SELinux and enforcing in your GRUB configuration. These are important security features that prevent attackers from escalating their access to your systems. For reference see … ‘ impact 1.0 expect(grub_conf.param ‘selinux’).to_not eq ‘0’ expect(grub_conf.param ‘enforcing’).to_not eq ‘0’ end
Continuous Workflow Detect Correct
Compliance as Code ROLE OF THE COMPLIANCE OFFICERACCELERATED CYCLE INFRASTRUCTURE AS CODE POLICY AS CODE PRACTICE AS CODE Separate certificatio n & testing Common language for describing & applying policy Compliance at velocity Compliance at VelocityManual Compliance Reactive engagement Proactive engagement Checking implementations by hand Expressing policy as testable code Short term compliance Long term process improvement One language, One workflow
Linux Demo https://kitchen.ci + InSpec for Infracode Testing
Windows Demo Detect: InSpec Correct: Ansible
AWS Demo Provision: Terraform Detect: InSpec www.infralovers.com
Chef Automate • Commercial Offeringfrom Chef Inc • Comes with readymade Compliance Profiles • Supports Notifications(e.g. Slack/ServiceNow/Custom) • Shiny Web UI to gain Visibility into current State www.infralovers.com
The Chef Automate Platform Continuous Automation for High Velocity IT Workflow • Local development • Integration • Tooling (APIs & SDKs) COLLABORATE ▪ Package ▪ Test ▪ Approve BUILD ▪ Provision ▪ Configure ▪ Execute ▪ Update DEPLOY ▪ Secure ▪ Comply ▪ Audit ▪ Measure ▪ Log MANAGE Infrastructure Automation Compliance AutomationApplication Automation OSS AUTOMATION ENGINES Increase Speed ▪ Package infrastructure and app configuration as code ▪ Continuously automate infrastructure and app updates Improve Efficiency ▪ Define and execute standard workflows and automation ▪ Audit and measure effectiveness of automation Decrease Risk ▪ Define compliance rules as code ▪ Deliver continuous compliance as part of standard workflow
Jumpstart your compliance test coverage Compliance in production Amazon Linux 2014.09 / 2015.03 CentOS 6 / 7 HP UX 11i IBM AIX 5.3 / 6.1 / 7.1 RHEL 6 / 7 SLES 11 / 12 Ubuntu Server 12.04 / 14.04 Windows 7 / 8 / 10 / 2012 / 2012R2 Chef Automate ships with profiles for:
Visibility into the real-time compliance of your entire fleet Compliance in production
Automate Demo AWS www.infralovers.com
Automate Demo Windows Example www.infralovers.com SLACK Alert
Questions? Mail: ehaselwanter@infralovers.com Twitter: @ehaselwanter

More Related Content

PPTX
Kubernetes Community Growth and Use Case
byChris Gaun
 
PPTX
X-celerate 2019: Iterating fast with the MERN Stack
byHaufe-Lexware GmbH & Co KG
 
PDF
Chef Automate - Infracoders Canberra August 8, 2017
byMatt Ray
 
PDF
Chef Automate - Wellington DevOps August 2, 2017
byMatt Ray
 
PDF
Aditya aws devops
byAditya Kumar
 
PPTX
CI: Meow or Never
byDevGAMM Conference
 
PPTX
MuleSoft Atlassian mtv meetup
byAnshu Mishra
 
PPTX
AWS and GKE Migration and Multicloud
byChris Gaun
 
Kubernetes Community Growth and Use Case
byChris Gaun
 
X-celerate 2019: Iterating fast with the MERN Stack
byHaufe-Lexware GmbH & Co KG
 
Chef Automate - Infracoders Canberra August 8, 2017
byMatt Ray
 
Chef Automate - Wellington DevOps August 2, 2017
byMatt Ray
 
Aditya aws devops
byAditya Kumar
 
CI: Meow or Never
byDevGAMM Conference
 
MuleSoft Atlassian mtv meetup
byAnshu Mishra
 
AWS and GKE Migration and Multicloud
byChris Gaun
 

What's hot

PPTX
Building Content-Rich Java Apps in the Cloud with the Alfresco API
byJeff Potts
 
PPTX
.NET microservices with Azure Service Fabric
byDavide Benvegnù
 
PDF
Serverless Media Workflow
byMooYeol Lee
 
PPTX
DEVNET-1122 Integrating Cisco Collaboration into Web Apps
byCisco DevNet
 
PDF
Infrastructure as code
byAakash Singhal
 
PPTX
Upgrading to Alfresco 6
byAngel Borroy López
 
PDF
Infrastructure as Code
byMatt Cowger
 
PPTX
Alfresco Process Services REST API - Alfresco DevCon 2018
byDennis Koch
 
PDF
Service Bot
byMahesh Beri
 
PPTX
Code Camp Auckland 2015 - DEV1 Microsoft API Approaches 101
byNikolai Blackie
 
PPTX
DevCon 2018 - 5 ways to use AWS with Alfresco
byGavin Cornwell
 
PDF
Accelerating DevOps Pipelines with AWS
bySuresh Paulraj
 
PDF
java in cloud - adopt cloud dev's DHARMA
byHochi Chuang
 
PPTX
Infrastructure Automation with Chef
byREAN Cloud
 
PDF
Serverless Computing 친해지기,Hands on실습 (한국오라클 김종규 컨설턴트)
byOracle Korea
 
PPTX
Serverless @ oracle meetup
byJonggyou Kim
 
PDF
Bring api manager into your stack
byColdFusionConference
 
PDF
Aws certified dev ops administrator
bysasikalaD3
 
PDF
Service Bot
byMahesh Beri
 
PDF
Building a Scalable Email Processor With AWS
byStephan February
 
Building Content-Rich Java Apps in the Cloud with the Alfresco API
byJeff Potts
 
.NET microservices with Azure Service Fabric
byDavide Benvegnù
 
Serverless Media Workflow
byMooYeol Lee
 
DEVNET-1122 Integrating Cisco Collaboration into Web Apps
byCisco DevNet
 
Infrastructure as code
byAakash Singhal
 
Upgrading to Alfresco 6
byAngel Borroy López
 
Infrastructure as Code
byMatt Cowger
 
Alfresco Process Services REST API - Alfresco DevCon 2018
byDennis Koch
 
Service Bot
byMahesh Beri
 
Code Camp Auckland 2015 - DEV1 Microsoft API Approaches 101
byNikolai Blackie
 
DevCon 2018 - 5 ways to use AWS with Alfresco
byGavin Cornwell
 
Accelerating DevOps Pipelines with AWS
bySuresh Paulraj
 
java in cloud - adopt cloud dev's DHARMA
byHochi Chuang
 
Infrastructure Automation with Chef
byREAN Cloud
 
Serverless Computing 친해지기,Hands on실습 (한국오라클 김종규 컨설턴트)
byOracle Korea
 
Serverless @ oracle meetup
byJonggyou Kim
 
Bring api manager into your stack
byColdFusionConference
 
Aws certified dev ops administrator
bysasikalaD3
 
Service Bot
byMahesh Beri
 
Building a Scalable Email Processor With AWS
byStephan February
 

Similar to Compliance Automation

PPTX
Compliance Automation with Inspec Part 1
byChef
 
PDF
Automating Compliance with InSpec - AWS North Sydney
byMatt Ray
 
PDF
Melbourne Chef Meetup: Automating Azure Compliance with InSpec
byMatt Ray
 
PDF
Infrastructure and Compliance Delight with Chef Automate
byMatt Ray
 
PDF
Managing Complexity at Velocity
byMatt Ray
 
PDF
Bay Area Chef Meetup February
byJessica DeVita
 
PDF
A Journey to Improve Infrastructure Compliance With InSpec
byCliffano Subagio
 
PDF
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
byAgileNZ Conference
 
PPTX
Compliance Automation with InSpec
byNathen Harvey
 
PDF
Chef Automating Everything-AWS-PubSec-SAO-WashDC_2018
byLarry Eichenbaum
 
PDF
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
byMatt Ray
 
PDF
Intermediate/Compliance training Guide
byChef
 
PPTX
2019 Chef InSpec Jumpstart Part 1 of 2
byLarry Eichenbaum
 
PDF
Chef compliance - Intermediate Training
bySarah Hynes Cheney
 
PDF
Compliance Automation with InSpec
byChristoph Hartmann
 
PPTX
Compliance Automation with Inspec Part 2
byChef
 
PDF
Mitigate potential compliance risks
byJürgen Brüder
 
PDF
Compliance Automation Workshop
byChef
 
PDF
Philly security shell meetup
byNicole Johnson
 
PPTX
Compliance Automation with Inspec Part 3
byChef
 
Compliance Automation with Inspec Part 1
byChef
 
Automating Compliance with InSpec - AWS North Sydney
byMatt Ray
 
Melbourne Chef Meetup: Automating Azure Compliance with InSpec
byMatt Ray
 
Infrastructure and Compliance Delight with Chef Automate
byMatt Ray
 
Managing Complexity at Velocity
byMatt Ray
 
Bay Area Chef Meetup February
byJessica DeVita
 
A Journey to Improve Infrastructure Compliance With InSpec
byCliffano Subagio
 
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
byAgileNZ Conference
 
Compliance Automation with InSpec
byNathen Harvey
 
Chef Automating Everything-AWS-PubSec-SAO-WashDC_2018
byLarry Eichenbaum
 
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
byMatt Ray
 
Intermediate/Compliance training Guide
byChef
 
2019 Chef InSpec Jumpstart Part 1 of 2
byLarry Eichenbaum
 
Chef compliance - Intermediate Training
bySarah Hynes Cheney
 
Compliance Automation with InSpec
byChristoph Hartmann
 
Compliance Automation with Inspec Part 2
byChef
 
Mitigate potential compliance risks
byJürgen Brüder
 
Compliance Automation Workshop
byChef
 
Philly security shell meetup
byNicole Johnson
 
Compliance Automation with Inspec Part 3
byChef
 

More from Infralovers

PDF
Git Essentials Cheatsheet Deutsch
byInfralovers
 
PPTX
Containers, Habitat and Orchestration - Infracoders Meetup Graz
byInfralovers
 
PPTX
AuroraWP - Infracoders Meetup Graz
byInfralovers
 
PDF
Habitat hack slides - Infracoders Meetup Graz
byInfralovers
 
PDF
What is cloud native and why should you care - Infracoders / DevOps / CloudNa...
byInfralovers
 
PDF
Bots are taking my job - so I started rollin' my own - Infracoders Meetup Graz
byInfralovers
 
PDF
How not to Cloud
byInfralovers
 
PDF
Docker Cheatsheet_01
byInfralovers
 
PDF
Docker Cheatsheet_02
byInfralovers
 
Git Essentials Cheatsheet Deutsch
byInfralovers
 
Containers, Habitat and Orchestration - Infracoders Meetup Graz
byInfralovers
 
AuroraWP - Infracoders Meetup Graz
byInfralovers
 
Habitat hack slides - Infracoders Meetup Graz
byInfralovers
 
What is cloud native and why should you care - Infracoders / DevOps / CloudNa...
byInfralovers
 
Bots are taking my job - so I started rollin' my own - Infracoders Meetup Graz
byInfralovers
 
How not to Cloud
byInfralovers
 
Docker Cheatsheet_01
byInfralovers
 
Docker Cheatsheet_02
byInfralovers
 

Recently uploaded

PDF
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
PDF
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
PPTX
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PDF
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
PDF
Unlocking Gen AI Capabilities Within UiPath Document Understanding
byDianaGray10
 
PPTX
Full course that Prymehat uploads for you version 2
byOhenebaManu1
 
PPTX
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
PPTX
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
PDF
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 
PDF
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
PPTX
02_Extended Warehouse Management Functions and Features.pptx
byUdayakumar218983
 
PPTX
On-Device AI with Gemma 3n and PaliGemma 2 Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PDF
Philippine Agricultural Engineering Standard_Hand Tractor .pdf
by6xfrnmdp4b
 
PDF
2025-CB-NCAE-slide-deck.pptx-1-83.pdf Virtual Orientation on the Administrati...
byNelizabethEsplaguera1
 
PDF
Learn about the AI revolution in 2026.pdf
byrokoy68327
 
PPTX
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
PDF
KM World 2025 Enterprises, KM, & Agentic AI
byEnterprise Knowledge
 
PDF
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
PPTX
computer science class 11 ( phishing and fraud mails) .pptx
bybalajichess314
 
PPTX
KTU-PEMET413 -MODULE 2-POLYMER MATRIX COMPOSITES - LECTURE 1.pptx
byVINAY B
 
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
Unlocking Gen AI Capabilities Within UiPath Document Understanding
byDianaGray10
 
Full course that Prymehat uploads for you version 2
byOhenebaManu1
 
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
02_Extended Warehouse Management Functions and Features.pptx
byUdayakumar218983
 
On-Device AI with Gemma 3n and PaliGemma 2 Session Slides - GDG VESIT
bygdgcodecellcmpn
 
Philippine Agricultural Engineering Standard_Hand Tractor .pdf
by6xfrnmdp4b
 
2025-CB-NCAE-slide-deck.pptx-1-83.pdf Virtual Orientation on the Administrati...
byNelizabethEsplaguera1
 
Learn about the AI revolution in 2026.pdf
byrokoy68327
 
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
KM World 2025 Enterprises, KM, & Agentic AI
byEnterprise Knowledge
 
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
computer science class 11 ( phishing and fraud mails) .pptx
bybalajichess314
 
KTU-PEMET413 -MODULE 2-POLYMER MATRIX COMPOSITES - LECTURE 1.pptx
byVINAY B
 

Compliance Automation

  • 1.
    Compliance Automation with InSpecand Chef Automate Infracoders/ DevOps / CloudNativeMeetup GRAZ - 11th September, 2018
  • 2.
    Agenda 19:00-20:00 Talk • Doyou know all your IT-vulnerabilities? • Edmund Haselwanter,CEO @ Infralovers 20:00-21:00 Networking • At the bar in the front www.infralovers.com
  • 3.
    A little bitof History • Client: Can we automate our Compliance Profiles? > YES, we can! • Prototype with Serverspec for Compliance Check Automation and Chef and Puppet for Infrastructure Automation • Opensourced at https://dev-sec.io www.infralovers.com
  • 7.
    A little bitof History II • Birth of InSpec (https://inspec.io) ✓ Inspired by Serverspec ✓ Compliance Primitives (Profiles, Weight, Description, ..) ✓ Better Transport Options (SSH/WinRM/Docker) ✓ A lot more Resources • InSpec 2.0 Supports Cloud Platforms like AWS, Azure, … www.infralovers.com
  • 9.
    PART OF APROCESS OF CONTINUOUS COMPLIANCE Scan for Compliance Build & Test Locally Build & Test CI/CD Remediate Verify A SIMPLE EXAMPLE OF AN INSPEC CIS RULE InSpec ▪ Translate compliance into Code ▪ Clearly express statements of policy ▪ Move risk to build/test from runtime ▪ Find issues early ▪ Write code quickly ▪ Run code anywhere ▪ Inspect machines, data and APIs Turn security and compliance into code control ‘cis-1.4.1’ do title ‘1.4.1 Enable SELinux in /etc/grub.conf’ desc ‘ Do not disable SELinux and enforcing in your GRUB configuration. These are important security features that prevent attackers from escalating their access to your systems. For reference see … ‘ impact 1.0 expect(grub_conf.param ‘selinux’).to_not eq ‘0’ expect(grub_conf.param ‘enforcing’).to_not eq ‘0’ end
  • 10.
  • 11.
    Compliance as Code ROLEOF THE COMPLIANCE OFFICERACCELERATED CYCLE INFRASTRUCTURE AS CODE POLICY AS CODE PRACTICE AS CODE Separate certificatio n & testing Common language for describing & applying policy Compliance at velocity Compliance at VelocityManual Compliance Reactive engagement Proactive engagement Checking implementations by hand Expressing policy as testable code Short term compliance Long term process improvement One language, One workflow
  • 12.
    Linux Demo https://kitchen.ci+ InSpec for Infracode Testing
  • 13.
  • 14.
    AWS Demo Provision: Terraform Detect:InSpec www.infralovers.com
  • 15.
    Chef Automate • CommercialOfferingfrom Chef Inc • Comes with readymade Compliance Profiles • Supports Notifications(e.g. Slack/ServiceNow/Custom) • Shiny Web UI to gain Visibility into current State www.infralovers.com
  • 16.
    The Chef AutomatePlatform Continuous Automation for High Velocity IT Workflow • Local development • Integration • Tooling (APIs & SDKs) COLLABORATE ▪ Package ▪ Test ▪ Approve BUILD ▪ Provision ▪ Configure ▪ Execute ▪ Update DEPLOY ▪ Secure ▪ Comply ▪ Audit ▪ Measure ▪ Log MANAGE Infrastructure Automation Compliance AutomationApplication Automation OSS AUTOMATION ENGINES Increase Speed ▪ Package infrastructure and app configuration as code ▪ Continuously automate infrastructure and app updates Improve Efficiency ▪ Define and execute standard workflows and automation ▪ Audit and measure effectiveness of automation Decrease Risk ▪ Define compliance rules as code ▪ Deliver continuous compliance as part of standard workflow
  • 17.
    Jumpstart your compliancetest coverage Compliance in production Amazon Linux 2014.09 / 2015.03 CentOS 6 / 7 HP UX 11i IBM AIX 5.3 / 6.1 / 7.1 RHEL 6 / 7 SLES 11 / 12 Ubuntu Server 12.04 / 14.04 Windows 7 / 8 / 10 / 2012 / 2012R2 Chef Automate ships with profiles for:
  • 18.
    Visibility into thereal-time compliance of your entire fleet Compliance in production
  • 19.
  • 20.
    Automate Demo WindowsExample www.infralovers.com SLACK Alert
  • 21.