Chef InSpec: Where security and compliance meet devops

As our applications become more complex and the number of systems we manage grows, it’s only natural to worry that the risks to our environments are also increasing. This worry is profoundly felt in industries that must adhere to regulatory compliance standards.

Regulatory frameworks like PCI, HIPAA, FedRAMP, and the forthcoming GDPR mandate rigid security requirements for computing environments, but they introduce a new concern: that they will slow the pace of development for organizations that aren’t equipped to rapidly and effectively validate the compliance of their environments. Even in organizations that don’t need to adhere to any specific regulatory standard, the ability to reliably validate security is no less important, as frequent headlines about vulnerabilities and security breaches are keen to remind us.

To evaluate our readiness to adapt to these challenges, there are a few questions we must ask. Can we accurately determine which servers, in a fleet of thousands, are in need of software patching? Can we validate that the new feature developed adheres to our organization’s security requirements? Can we ensure our environments comply with regulatory standards, even when not actively under audit?

InSpec is an open source testing framework that can help you answer “yes” to all of those questions by providing an easy to understand, yet deeply customizable, framework to define expectations for the systems managed and detect deviations from those expectations wherever they arise.

No Comments, Be The First!

Your email address will not be published.