Abby Kearns, Puppet CTO, said the goal is to make it simpler for IT and security teams to collaboratively implement policy-as-code using the benchmarks defined by the Center for Internet Security (CIS).
The Compliance Enforcement Modules will be bundled into Puppet Comply, a module within Puppet Enterprise that enables IT teams to assess, remediate and enforce configuration compliance policies across infrastructure in the cloud and within on-premises IT environments.
In effect, Puppet is now providing additional context to make it simpler for IT teams to create policies that the Puppet platform can automatically enforce, said Kearns. In many cases, IT teams lack the time and expertise required to create those policies themselves, she added.
IT teams have been steadily increasing their reliance on IT automation frameworks as IT environments continue to become increasingly complex. Puppet has been making a case for extending those automation efforts into the realm of security using the same core Puppet platform many IT teams already have in place. While cybersecurity teams typically define those policies, it’s usually left up to the IT operations team to implement them. There is generally less friction when those IT teams can employ a Puppet platform many of them have already adopted to automatically enforce those policies, noted Kearns.
It’s not clear to what degree organizations are embracing various platforms that promise to automate the compliance management process. There is no shortage of options. However, most organizations leave the implementation of compliance processes up to IT operations teams. Most compliance experts lack the IT skills required to actually implement a policy within an IT environment.
Less clear is the degree to which automating compliance processes might drive more organizations to adopt IT automation platforms. It’s clear that, given the number of compliance issues organizations currently encounter, current manual processes are flawed.
Making matters even more challenging, privacy regulations that are being rolled out around the world mean that every organization is now subject to some form of compliance requirement. The days when compliance issues only affected highly regulated industries are now over. As such, there are more organizations than ever that need to find a way to automate compliance processes before and after applications are deployed. Give the current level of IT scale most enterprise IT teams are trying to manage it’s not practical to manage compliance processes using a list of requirements loaded onto a spreadsheet that have been thoroughly checked manually by a compliance officer.
Of course, paying compliance officers to manually compare controls in an IT environment to a list of them on a spreadsheet is not the best use of organizational resources. There are a whole host of compliance policies issues that could be addressed more efficiently if organization could count on an automation platform to ensure policies are being applied. The challenge and the opportunity now is to find a way to simply a compliance process at a level of scale that manual processes will never be able to cost-effectively maintain.