Puppet Adds Modules to Automate Compliance Management - Security Boulevard

Puppet Adds Modules to Automate Compliance Management

During the online Puppetize Digital 2021 conference this week, Puppet extended the reach of its namesake IT automation platform to include Compliance Enforcement Modules.

Abby Kearns, Puppet CTO, said the goal is to make it simpler for IT and security teams to collaboratively implement policy-as-code using the benchmarks defined by the Center for Internet Security (CIS).

DevOps Experience

The Compliance Enforcement Modules will be bundled into Puppet Comply, a module within Puppet Enterprise that enables IT teams to assess, remediate and enforce configuration compliance policies across infrastructure in the cloud and within on-premises IT environments.

In effect, Puppet is now providing additional context to make it simpler for IT teams to create policies that the Puppet platform can automatically enforce, said Kearns. In many cases, IT teams lack the time and expertise required to create those policies themselves, she added.

IT teams have been steadily increasing their reliance on IT automation frameworks as IT environments continue to become increasingly complex. Puppet has been making a case for extending those automation efforts into the realm of security using the same core Puppet platform many IT teams already have in place. While cybersecurity teams typically define those policies, it’s usually left up to the IT operations team to implement them. There is generally less friction when those IT teams can employ a Puppet platform many of them have already adopted to automatically enforce those policies, noted Kearns.

It’s not clear to what degree organizations are embracing various platforms that promise to automate the compliance management process. There is no shortage of options. However, most organizations leave the implementation of compliance processes up to IT operations teams. Most compliance experts lack the IT skills required to actually implement a policy within an IT environment.

Less clear is the degree to which automating compliance processes might drive more organizations to adopt IT automation platforms. It’s clear that, given the number of compliance issues organizations currently encounter, current manual processes are flawed.

Making matters even more challenging, privacy regulations that are being rolled out around the world mean that every organization is now subject to some form of compliance requirement. The days when compliance issues only affected highly regulated industries are now over. As such, there are more organizations than ever that need to find a way to automate compliance processes before and after applications are deployed. Give the current level of IT scale most enterprise IT teams are trying to manage it’s not practical to manage compliance processes using a list of requirements loaded onto a spreadsheet that have been thoroughly checked manually by a compliance officer.

Of course, paying compliance officers to manually compare controls in an IT environment to a list of them on a spreadsheet is not the best use of organizational resources. There are a whole host of compliance policies issues that could be addressed more efficiently if organization could count on an automation platform to ensure policies are being applied. The challenge and the opportunity now is to find a way to simply a compliance process at a level of scale that manual processes will never be able to cost-effectively maintain.

Featured eBook
The State of Cloud Native Security 2020

The State of Cloud Native Security 2020

The first annual State of Cloud Native Security report examines the practices, tools and technologies innovative companies are using to manage cloud environments and drive cloud native development. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report surfaces insights from a proprietary set of well-analyzed data. This ... Read More
Palo Alto Networks

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 334 posts and counting.See all posts by mike-vizard

Techstrong Group