SlideShare a Scribd company logo

Enforce compliance policy with model-driven automation

Puppet
Puppet

This document discusses model-driven automation for enforcing compliance. It begins with an overview of compliance benchmarks and the CIS benchmarks. It then discusses implementing benchmarks, common challenges around configuration drift and lack of visibility, and how to define compliance policy as code. The key points are that automation is essential for compliance at scale; a model-driven approach defines how a system should be configured and uses desired-state enforcement to keep systems compliant; and defining compliance policy as code, managing it with source control, and automating it with CI/CD helps achieve continuous compliance.

Technology
1 of 21
Download to read offline
Enforce Compliance Policy with Model-Driven Automation Alex Hin, Principal Product Manager
Agenda 1. What are compliance benchmarks? 2. Implementing a benchmark in your environment 3. Common Challenges in Compliance Programs 4. Enforcing Compliance with Model-Driven Automation 5. Closing Thoughts
What are compliance benchmarks?
What is compliance? The ability to document adherence to a set of rules governing system operation 4
The Center for Internet Security (CIS) is a community-driven nonprofit
6 CIS Controls Prescriptive, Prioritized, and Simplified Set of Cybersecurity Best Practices • Implementation Group 1 – Every organization starts here – this is the definition of basic cyber hygiene • Implementation Group 2 – Moderate resources and expertise • Implementation Group 3 – Significant resources and expertise
7 CIS Benchmarks Consensus-developed Secure Configuration Guidelines • 100+ CIS Benchmarks • Prescriptive guidance • Covering 25+ vendor product families – Operating Systems, Server Software, Cloud Providers, Network Devices, Desktop Software • Community developed – CIS members, subject matter experts, security community experts, and technology vendors
Foundations for Compliance 8
Implementing benchmarks in your environment
CIS Benchmark Recommendations Example: Microsoft Windows Server 2019 10
11 Implementing the CIS Benchmarks • Manual implementation is time consuming • Automation is essential • Tools to succeed: – Assessment – Remediation/Enforcement
12 Automation and Compliance • Automation and compliance go hand in hand • A model-driven approach allows for the upfront definition of how a system should be configured • Use CIS as your gold standard for compliance • Keep systems automatically and continually compliant by leveraging desired-state enforcement
Common challenges in compliance programs 13
14 Configuration drift Lack of visibility Repetitive manual processes Common Challenges
15 Enforce compliance with model-driven automation Assess early and often Define compliance policy as code Strong Compliance Programs
16 © Copyright 2/17/21 Puppet Inc. | Manual Remediation Interpret Scan Report Monthly Scan Remediate at Scale Compliance Review Scan Staging QA Dev What does continuous compliance look like? Day 2 Day 1 Compliance check Scan conducted by compliance team & emailed to IT Ops. Drift Post-deployment process repeats each month Current process Day 2 Day 1 Scan conducted by IT DevOps Compliance checks happen at each pre-deployment stage. Shift Left! Automatic Enforcement TIME / RESOURCES
17 1 Codify the policy 2 Manage with source control 3 Automate using CI/CD Define compliance policy as code
What is model-driven automation? The ability to automate adherence to a set of rules governing system operation and report on current state 18
19 Automatically eliminate drift Manage compliance drift by relying on automation to take corrective actions Assess against the model Understand compliance status and identify issues Define the model Specify the model using code to create the desired configuration with model-driven automation Enforce compliance 1 3 2
20 Closing Thoughts • The compliance landscape is changing quickly and becoming more challenging. • Infrastructure is increasingly complicated, especially with hybrid environments becoming the norm. • It would be unreasonable to expect success without shifting the way you operate. • There is no way to do this without automation, especially at the scale of most infrastructure. • Use Puppet to get you there!
Thanks!

Recommended

Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
Puppet
 
Embracing the Rise of SecDevOps
Embracing the Rise of SecDevOpsEmbracing the Rise of SecDevOps
Embracing the Rise of SecDevOps
Tom Cappetta
 
Deep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesDeep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed Microservices
AaronLieberman5
 
Scania: A DevOps Journey in an Automotive Enterprise  
Scania: A DevOps Journey in an Automotive Enterprise  Scania: A DevOps Journey in an Automotive Enterprise  
Scania: A DevOps Journey in an Automotive Enterprise  
Perforce
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
CloudPassage
 
Henrique Dantas - API fuzzing using Swagger
Henrique Dantas - API fuzzing using SwaggerHenrique Dantas - API fuzzing using Swagger
Henrique Dantas - API fuzzing using Swagger
DevSecCon
 
Microsoft Azure DevOps
Microsoft Azure DevOpsMicrosoft Azure DevOps
Microsoft Azure DevOps
tdc-globalcode
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15
Ed Bellis
 

Recommended

Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
Puppet
 
Embracing the Rise of SecDevOps
Embracing the Rise of SecDevOpsEmbracing the Rise of SecDevOps
Embracing the Rise of SecDevOps
Tom Cappetta
 
Deep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesDeep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed Microservices
AaronLieberman5
 
Scania: A DevOps Journey in an Automotive Enterprise  
Scania: A DevOps Journey in an Automotive Enterprise  Scania: A DevOps Journey in an Automotive Enterprise  
Scania: A DevOps Journey in an Automotive Enterprise  
Perforce
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
CloudPassage
 
Henrique Dantas - API fuzzing using Swagger
Henrique Dantas - API fuzzing using SwaggerHenrique Dantas - API fuzzing using Swagger
Henrique Dantas - API fuzzing using Swagger
DevSecCon
 
Microsoft Azure DevOps
Microsoft Azure DevOpsMicrosoft Azure DevOps
Microsoft Azure DevOps
tdc-globalcode
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15
Ed Bellis
 
Microsoft Azure DevOps - The Developers Conference
Microsoft Azure DevOps - The Developers ConferenceMicrosoft Azure DevOps - The Developers Conference
Microsoft Azure DevOps - The Developers Conference
Lucas Chies
 
Continuous Delivery
Continuous DeliveryContinuous Delivery
Continuous Delivery
Vishal Sahasrabuddhe
 
Enabing DevOps in an SDN World
Enabing DevOps in an SDN WorldEnabing DevOps in an SDN World
Enabing DevOps in an SDN World
Cisco DevNet
 
Infrastructure as Code (BBWorld/DevCon13)
Infrastructure as Code (BBWorld/DevCon13)Infrastructure as Code (BBWorld/DevCon13)
Infrastructure as Code (BBWorld/DevCon13)
Mike McGarr
 
Migrating .NET Apps to CF, A Strategy for Enterprises
Migrating .NET Apps to CF, A Strategy for EnterprisesMigrating .NET Apps to CF, A Strategy for Enterprises
Migrating .NET Apps to CF, A Strategy for Enterprises
VMware Tanzu
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
Sonatype
 
The DevOps Playbook: How to Start, Scale, and Succeed
The DevOps Playbook: How to Start, Scale, and SucceedThe DevOps Playbook: How to Start, Scale, and Succeed
The DevOps Playbook: How to Start, Scale, and Succeed
Puppet
 
Infrastructure as Code Maturity Model v1
Infrastructure as Code Maturity Model v1Infrastructure as Code Maturity Model v1
Infrastructure as Code Maturity Model v1
Gary Stafford
 
Kubernetes Administration Certification Cost-Register Now(7262008866)
Kubernetes Administration Certification Cost-Register Now(7262008866)Kubernetes Administration Certification Cost-Register Now(7262008866)
Kubernetes Administration Certification Cost-Register Now(7262008866)
Novel Vista
 
What's New in Puppet Enterprise 2015.3 (APAC)
What's New in Puppet Enterprise 2015.3 (APAC)What's New in Puppet Enterprise 2015.3 (APAC)
What's New in Puppet Enterprise 2015.3 (APAC)
Puppet
 
Microsoft DevOps
Microsoft DevOpsMicrosoft DevOps
Microsoft DevOps
Vinícius Apolinário
 
GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...
GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...
GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...
Amazon Web Services
 
Code-to-Cloud Visibility: An Essential Framework for DevOps Success
Code-to-Cloud Visibility: An Essential Framework for DevOps SuccessCode-to-Cloud Visibility: An Essential Framework for DevOps Success
Code-to-Cloud Visibility: An Essential Framework for DevOps Success
JadeCampbell13
 
How Azure DevOps can boost your organization's productivity
How Azure DevOps can boost your organization's productivityHow Azure DevOps can boost your organization's productivity
How Azure DevOps can boost your organization's productivity
Ivan Porta
 
Introduction to Puppet Enterprise
Introduction to Puppet EnterpriseIntroduction to Puppet Enterprise
Introduction to Puppet Enterprise
Puppet
 
Why Serverless?
Why Serverless?Why Serverless?
Why Serverless?
Ridwan Fadjar
 
DevOps in Azure : Puppetize the Cloud
DevOps in Azure : Puppetize the CloudDevOps in Azure : Puppetize the Cloud
DevOps in Azure : Puppetize the Cloud
Utkarsh Pandey
 
What's New in Puppet Enterprise 2015.3
What's New in Puppet Enterprise 2015.3What's New in Puppet Enterprise 2015.3
What's New in Puppet Enterprise 2015.3
Puppet
 
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
RightScale
 
Microsoft and DevOps - Presented by Atidan
Microsoft and DevOps - Presented by AtidanMicrosoft and DevOps - Presented by Atidan
Microsoft and DevOps - Presented by Atidan
David J Rosenthal
 
Automating Enterprise IT Management by Leveraging Security Content Automation...
Automating Enterprise IT Management by Leveraging Security Content Automation...Automating Enterprise IT Management by Leveraging Security Content Automation...
Automating Enterprise IT Management by Leveraging Security Content Automation...
John Gilligan
 
Automating Enterprise IT Management
Automating Enterprise IT ManagementAutomating Enterprise IT Management
Automating Enterprise IT Management
John Gilligan
 

More Related Content

What's hot

Microsoft Azure DevOps - The Developers Conference
Microsoft Azure DevOps - The Developers ConferenceMicrosoft Azure DevOps - The Developers Conference
Microsoft Azure DevOps - The Developers Conference
Lucas Chies
 
Continuous Delivery
Continuous DeliveryContinuous Delivery
Continuous Delivery
Vishal Sahasrabuddhe
 
Enabing DevOps in an SDN World
Enabing DevOps in an SDN WorldEnabing DevOps in an SDN World
Enabing DevOps in an SDN World
Cisco DevNet
 
Infrastructure as Code (BBWorld/DevCon13)
Infrastructure as Code (BBWorld/DevCon13)Infrastructure as Code (BBWorld/DevCon13)
Infrastructure as Code (BBWorld/DevCon13)
Mike McGarr
 
Migrating .NET Apps to CF, A Strategy for Enterprises
Migrating .NET Apps to CF, A Strategy for EnterprisesMigrating .NET Apps to CF, A Strategy for Enterprises
Migrating .NET Apps to CF, A Strategy for Enterprises
VMware Tanzu
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
Sonatype
 
The DevOps Playbook: How to Start, Scale, and Succeed
The DevOps Playbook: How to Start, Scale, and SucceedThe DevOps Playbook: How to Start, Scale, and Succeed
The DevOps Playbook: How to Start, Scale, and Succeed
Puppet
 
Infrastructure as Code Maturity Model v1
Infrastructure as Code Maturity Model v1Infrastructure as Code Maturity Model v1
Infrastructure as Code Maturity Model v1
Gary Stafford
 
Kubernetes Administration Certification Cost-Register Now(7262008866)
Kubernetes Administration Certification Cost-Register Now(7262008866)Kubernetes Administration Certification Cost-Register Now(7262008866)
Kubernetes Administration Certification Cost-Register Now(7262008866)
Novel Vista
 
What's New in Puppet Enterprise 2015.3 (APAC)
What's New in Puppet Enterprise 2015.3 (APAC)What's New in Puppet Enterprise 2015.3 (APAC)
What's New in Puppet Enterprise 2015.3 (APAC)
Puppet
 
Microsoft DevOps
Microsoft DevOpsMicrosoft DevOps
Microsoft DevOps
Vinícius Apolinário
 
GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...
GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...
GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...
Amazon Web Services
 
Code-to-Cloud Visibility: An Essential Framework for DevOps Success
Code-to-Cloud Visibility: An Essential Framework for DevOps SuccessCode-to-Cloud Visibility: An Essential Framework for DevOps Success
Code-to-Cloud Visibility: An Essential Framework for DevOps Success
JadeCampbell13
 
How Azure DevOps can boost your organization's productivity
How Azure DevOps can boost your organization's productivityHow Azure DevOps can boost your organization's productivity
How Azure DevOps can boost your organization's productivity
Ivan Porta
 
Introduction to Puppet Enterprise
Introduction to Puppet EnterpriseIntroduction to Puppet Enterprise
Introduction to Puppet Enterprise
Puppet
 
Why Serverless?
Why Serverless?Why Serverless?
Why Serverless?
Ridwan Fadjar
 
DevOps in Azure : Puppetize the Cloud
DevOps in Azure : Puppetize the CloudDevOps in Azure : Puppetize the Cloud
DevOps in Azure : Puppetize the Cloud
Utkarsh Pandey
 
What's New in Puppet Enterprise 2015.3
What's New in Puppet Enterprise 2015.3What's New in Puppet Enterprise 2015.3
What's New in Puppet Enterprise 2015.3
Puppet
 
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
RightScale
 
Microsoft and DevOps - Presented by Atidan
Microsoft and DevOps - Presented by AtidanMicrosoft and DevOps - Presented by Atidan
Microsoft and DevOps - Presented by Atidan
David J Rosenthal
 

What's hot (20)

Microsoft Azure DevOps - The Developers Conference
Microsoft Azure DevOps - The Developers ConferenceMicrosoft Azure DevOps - The Developers Conference
Microsoft Azure DevOps - The Developers Conference
 
Continuous Delivery
Continuous DeliveryContinuous Delivery
Continuous Delivery
 
Enabing DevOps in an SDN World
Enabing DevOps in an SDN WorldEnabing DevOps in an SDN World
Enabing DevOps in an SDN World
 
Infrastructure as Code (BBWorld/DevCon13)
Infrastructure as Code (BBWorld/DevCon13)Infrastructure as Code (BBWorld/DevCon13)
Infrastructure as Code (BBWorld/DevCon13)
 
Migrating .NET Apps to CF, A Strategy for Enterprises
Migrating .NET Apps to CF, A Strategy for EnterprisesMigrating .NET Apps to CF, A Strategy for Enterprises
Migrating .NET Apps to CF, A Strategy for Enterprises
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
 
The DevOps Playbook: How to Start, Scale, and Succeed
The DevOps Playbook: How to Start, Scale, and SucceedThe DevOps Playbook: How to Start, Scale, and Succeed
The DevOps Playbook: How to Start, Scale, and Succeed
 
Infrastructure as Code Maturity Model v1
Infrastructure as Code Maturity Model v1Infrastructure as Code Maturity Model v1
Infrastructure as Code Maturity Model v1
 
Kubernetes Administration Certification Cost-Register Now(7262008866)
Kubernetes Administration Certification Cost-Register Now(7262008866)Kubernetes Administration Certification Cost-Register Now(7262008866)
Kubernetes Administration Certification Cost-Register Now(7262008866)
 
What's New in Puppet Enterprise 2015.3 (APAC)
What's New in Puppet Enterprise 2015.3 (APAC)What's New in Puppet Enterprise 2015.3 (APAC)
What's New in Puppet Enterprise 2015.3 (APAC)
 
Microsoft DevOps
Microsoft DevOpsMicrosoft DevOps
Microsoft DevOps
 
GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...
GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...
GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...
 
Code-to-Cloud Visibility: An Essential Framework for DevOps Success
Code-to-Cloud Visibility: An Essential Framework for DevOps SuccessCode-to-Cloud Visibility: An Essential Framework for DevOps Success
Code-to-Cloud Visibility: An Essential Framework for DevOps Success
 
How Azure DevOps can boost your organization's productivity
How Azure DevOps can boost your organization's productivityHow Azure DevOps can boost your organization's productivity
How Azure DevOps can boost your organization's productivity
 
Introduction to Puppet Enterprise
Introduction to Puppet EnterpriseIntroduction to Puppet Enterprise
Introduction to Puppet Enterprise
 
Why Serverless?
Why Serverless?Why Serverless?
Why Serverless?
 
DevOps in Azure : Puppetize the Cloud
DevOps in Azure : Puppetize the CloudDevOps in Azure : Puppetize the Cloud
DevOps in Azure : Puppetize the Cloud
 
What's New in Puppet Enterprise 2015.3
What's New in Puppet Enterprise 2015.3What's New in Puppet Enterprise 2015.3
What's New in Puppet Enterprise 2015.3
 
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
 
Microsoft and DevOps - Presented by Atidan
Microsoft and DevOps - Presented by AtidanMicrosoft and DevOps - Presented by Atidan
Microsoft and DevOps - Presented by Atidan
 

Similar to Enforce compliance policy with model-driven automation

Automating Enterprise IT Management by Leveraging Security Content Automation...
Automating Enterprise IT Management by Leveraging Security Content Automation...Automating Enterprise IT Management by Leveraging Security Content Automation...
Automating Enterprise IT Management by Leveraging Security Content Automation...
John Gilligan
 
Automating Enterprise IT Management
Automating Enterprise IT ManagementAutomating Enterprise IT Management
Automating Enterprise IT Management
John Gilligan
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)
Qualitest
 
Continuous Delivery Maturity Model
Continuous Delivery Maturity ModelContinuous Delivery Maturity Model
Continuous Delivery Maturity Model
IBM UrbanCode Products
 
Are your DevOps and Security teams friends or foes?
Are your DevOps and Security teams friends or foes?Are your DevOps and Security teams friends or foes?
Are your DevOps and Security teams friends or foes?
Reuven Harrison
 
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Simon Storm
 
Application Security Testing for a DevOps Mindset
Application Security Testing for a DevOps Mindset Application Security Testing for a DevOps Mindset
Application Security Testing for a DevOps Mindset
Denim Group
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPScott Baron
 
Leveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeployLeveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and Deploy
Serena Software
 
Puppet + Diaxon: Getting to the next stage of DevOps evolution
Puppet + Diaxon: Getting to the next stage of DevOps evolutionPuppet + Diaxon: Getting to the next stage of DevOps evolution
Puppet + Diaxon: Getting to the next stage of DevOps evolution
Puppet
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17
Shane Coughlan
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
IT Governance Ltd
 
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]Barun Kumar
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
Paris Open Source Summit
 
Take your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena SoftwareTake your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena Software
Serena Software
 
Recent and-future-trends spm
Recent and-future-trends spmRecent and-future-trends spm
Recent and-future-trends spm
Prakash Poudel
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
DianaGray10
 
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practiceJohn Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
itSMF UK
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023
Shane Coughlan
 

Similar to Enforce compliance policy with model-driven automation (20)

Automating Enterprise IT Management by Leveraging Security Content Automation...
Automating Enterprise IT Management by Leveraging Security Content Automation...Automating Enterprise IT Management by Leveraging Security Content Automation...
Automating Enterprise IT Management by Leveraging Security Content Automation...
 
Automating Enterprise IT Management
Automating Enterprise IT ManagementAutomating Enterprise IT Management
Automating Enterprise IT Management
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
 
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)
 
Continuous Delivery Maturity Model
Continuous Delivery Maturity ModelContinuous Delivery Maturity Model
Continuous Delivery Maturity Model
 
Are your DevOps and Security teams friends or foes?
Are your DevOps and Security teams friends or foes?Are your DevOps and Security teams friends or foes?
Are your DevOps and Security teams friends or foes?
 
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
 
Application Security Testing for a DevOps Mindset
Application Security Testing for a DevOps Mindset Application Security Testing for a DevOps Mindset
Application Security Testing for a DevOps Mindset
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIP
 
Leveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeployLeveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and Deploy
 
Puppet + Diaxon: Getting to the next stage of DevOps evolution
Puppet + Diaxon: Getting to the next stage of DevOps evolutionPuppet + Diaxon: Getting to the next stage of DevOps evolution
Puppet + Diaxon: Getting to the next stage of DevOps evolution
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
 
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
 
Take your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena SoftwareTake your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena Software
 
Recent and-future-trends spm
Recent and-future-trends spmRecent and-future-trends spm
Recent and-future-trends spm
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practiceJohn Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023
 

More from Puppet

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
Puppet
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
Puppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
Puppet
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
Puppet
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
Puppet
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
Puppet
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
Puppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
Puppet
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
Puppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
Puppet
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
Puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
Puppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
Puppet
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping ground
Puppet
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
Puppet
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
Puppet
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
Puppet
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
Puppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
Puppet
 
Puppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav HadzhievPuppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav Hadzhiev
Puppet
 

More from Puppet (20)

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Puppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav HadzhievPuppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav Hadzhiev
 

Recently uploaded

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 

Recently uploaded (20)

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 

Enforce compliance policy with model-driven automation

  • 2. Agenda 1. What are compliance benchmarks? 2. Implementing a benchmark in your environment 3. Common Challenges in Compliance Programs 4. Enforcing Compliance with Model-Driven Automation 5. Closing Thoughts
  • 4. What is compliance? The ability to document adherence to a set of rules governing system operation 4
  • 5. The Center for Internet Security (CIS) is a community-driven nonprofit
  • 6. 6 CIS Controls Prescriptive, Prioritized, and Simplified Set of Cybersecurity Best Practices • Implementation Group 1 – Every organization starts here – this is the definition of basic cyber hygiene • Implementation Group 2 – Moderate resources and expertise • Implementation Group 3 – Significant resources and expertise
  • 7. 7 CIS Benchmarks Consensus-developed Secure Configuration Guidelines • 100+ CIS Benchmarks • Prescriptive guidance • Covering 25+ vendor product families – Operating Systems, Server Software, Cloud Providers, Network Devices, Desktop Software • Community developed – CIS members, subject matter experts, security community experts, and technology vendors
  • 10. CIS Benchmark Recommendations Example: Microsoft Windows Server 2019 10
  • 11. 11 Implementing the CIS Benchmarks • Manual implementation is time consuming • Automation is essential • Tools to succeed: – Assessment – Remediation/Enforcement
  • 12. 12 Automation and Compliance • Automation and compliance go hand in hand • A model-driven approach allows for the upfront definition of how a system should be configured • Use CIS as your gold standard for compliance • Keep systems automatically and continually compliant by leveraging desired-state enforcement
  • 14. 14 Configuration drift Lack of visibility Repetitive manual processes Common Challenges
  • 15. 15 Enforce compliance with model-driven automation Assess early and often Define compliance policy as code Strong Compliance Programs
  • 16. 16 © Copyright 2/17/21 Puppet Inc. | Manual Remediation Interpret Scan Report Monthly Scan Remediate at Scale Compliance Review Scan Staging QA Dev What does continuous compliance look like? Day 2 Day 1 Compliance check Scan conducted by compliance team & emailed to IT Ops. Drift Post-deployment process repeats each month Current process Day 2 Day 1 Scan conducted by IT DevOps Compliance checks happen at each pre-deployment stage. Shift Left! Automatic Enforcement TIME / RESOURCES
  • 17. 17 1 Codify the policy 2 Manage with source control 3 Automate using CI/CD Define compliance policy as code
  • 18. What is model-driven automation? The ability to automate adherence to a set of rules governing system operation and report on current state 18
  • 19. 19 Automatically eliminate drift Manage compliance drift by relying on automation to take corrective actions Assess against the model Understand compliance status and identify issues Define the model Specify the model using code to create the desired configuration with model-driven automation Enforce compliance 1 3 2
  • 20. 20 Closing Thoughts • The compliance landscape is changing quickly and becoming more challenging. • Infrastructure is increasingly complicated, especially with hybrid environments becoming the norm. • It would be unreasonable to expect success without shifting the way you operate. • There is no way to do this without automation, especially at the scale of most infrastructure. • Use Puppet to get you there!