SlideShare a Scribd company logo

Enforce compliance policy with model-driven automation

Puppet
Puppet

Alex Hin, Puppet

Technology
1 of 21
Download to read offline
Enforce Compliance Policy with Model-Driven Automation Alex Hin, Principal Product Manager
Agenda 1. What are compliance benchmarks? 2. Implementing a benchmark in your environment 3. Common Challenges in Compliance Programs 4. Enforcing Compliance with Model-Driven Automation 5. Closing Thoughts
What are compliance benchmarks?
What is compliance? The ability to document adherence to a set of rules governing system operation 4
The Center for Internet Security (CIS) is a community-driven nonprofit
6 CIS Controls Prescriptive, Prioritized, and Simplified Set of Cybersecurity Best Practices • Implementation Group 1 – Every organization starts here – this is the definition of basic cyber hygiene • Implementation Group 2 – Moderate resources and expertise • Implementation Group 3 – Significant resources and expertise
7 CIS Benchmarks Consensus-developed Secure Configuration Guidelines • 100+ CIS Benchmarks • Prescriptive guidance • Covering 25+ vendor product families – Operating Systems, Server Software, Cloud Providers, Network Devices, Desktop Software • Community developed – CIS members, subject matter experts, security community experts, and technology vendors
Foundations for Compliance 8
Implementing benchmarks in your environment
CIS Benchmark Recommendations Example: Microsoft Windows Server 2019 10
11 Implementing the CIS Benchmarks • Manual implementation is time consuming • Automation is essential • Tools to succeed: – Assessment – Remediation/Enforcement
12 Automation and Compliance • Automation and compliance go hand in hand • A model-driven approach allows for the upfront definition of how a system should be configured • Use CIS as your gold standard for compliance • Keep systems automatically and continually compliant by leveraging desired-state enforcement
Common challenges in compliance programs 13
14 Configuration drift Lack of visibility Repetitive manual processes Common Challenges
15 Enforce compliance with model-driven automation Assess early and often Define compliance policy as code Strong Compliance Programs
16 © Copyright 2/17/21 Puppet Inc. | Manual Remediation Interpret Scan Report Monthly Scan Remediate at Scale Compliance Review Scan Staging QA Dev What does continuous compliance look like? Day 2 Day 1 Compliance check Scan conducted by compliance team & emailed to IT Ops. Drift Post-deployment process repeats each month Current process Day 2 Day 1 Scan conducted by IT DevOps Compliance checks happen at each pre-deployment stage. Shift Left! Automatic Enforcement TIME / RESOURCES
17 1 Codify the policy 2 Manage with source control 3 Automate using CI/CD Define compliance policy as code
What is model-driven automation? The ability to automate adherence to a set of rules governing system operation and report on current state 18
19 Automatically eliminate drift Manage compliance drift by relying on automation to take corrective actions Assess against the model Understand compliance status and identify issues Define the model Specify the model using code to create the desired configuration with model-driven automation Enforce compliance 1 3 2
20 Closing Thoughts • The compliance landscape is changing quickly and becoming more challenging. • Infrastructure is increasingly complicated, especially with hybrid environments becoming the norm. • It would be unreasonable to expect success without shifting the way you operate. • There is no way to do this without automation, especially at the scale of most infrastructure. • Use Puppet to get you there!
Thanks!

Recommended

Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
Puppet
 
Embracing the Rise of SecDevOps
Embracing the Rise of SecDevOpsEmbracing the Rise of SecDevOps
Embracing the Rise of SecDevOps
Tom Cappetta
 
Deep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesDeep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed Microservices
AaronLieberman5
 
Scania: A DevOps Journey in an Automotive Enterprise  
Scania: A DevOps Journey in an Automotive Enterprise  Scania: A DevOps Journey in an Automotive Enterprise  
Scania: A DevOps Journey in an Automotive Enterprise  
Perforce
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
CloudPassage
 
Henrique Dantas - API fuzzing using Swagger
Henrique Dantas - API fuzzing using SwaggerHenrique Dantas - API fuzzing using Swagger
Henrique Dantas - API fuzzing using Swagger
DevSecCon
 
Microsoft Azure DevOps
Microsoft Azure DevOpsMicrosoft Azure DevOps
Microsoft Azure DevOps
tdc-globalcode
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15
Ed Bellis
 

Recommended

Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
Puppet
 
Embracing the Rise of SecDevOps
Embracing the Rise of SecDevOpsEmbracing the Rise of SecDevOps
Embracing the Rise of SecDevOps
Tom Cappetta
 
Deep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesDeep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed Microservices
AaronLieberman5
 
Scania: A DevOps Journey in an Automotive Enterprise  
Scania: A DevOps Journey in an Automotive Enterprise  Scania: A DevOps Journey in an Automotive Enterprise  
Scania: A DevOps Journey in an Automotive Enterprise  
Perforce
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
CloudPassage
 
Henrique Dantas - API fuzzing using Swagger
Henrique Dantas - API fuzzing using SwaggerHenrique Dantas - API fuzzing using Swagger
Henrique Dantas - API fuzzing using Swagger
DevSecCon
 
Microsoft Azure DevOps
Microsoft Azure DevOpsMicrosoft Azure DevOps
Microsoft Azure DevOps
tdc-globalcode
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15
Ed Bellis
 
Microsoft Azure DevOps - The Developers Conference
Microsoft Azure DevOps - The Developers ConferenceMicrosoft Azure DevOps - The Developers Conference
Microsoft Azure DevOps - The Developers Conference
Lucas Chies
 
Continuous Delivery
Continuous DeliveryContinuous Delivery
Continuous Delivery
Vishal Sahasrabuddhe
 
Enabing DevOps in an SDN World
Enabing DevOps in an SDN WorldEnabing DevOps in an SDN World
Enabing DevOps in an SDN World
Cisco DevNet
 
Infrastructure as Code (BBWorld/DevCon13)
Infrastructure as Code (BBWorld/DevCon13)Infrastructure as Code (BBWorld/DevCon13)
Infrastructure as Code (BBWorld/DevCon13)
Mike McGarr
 
Migrating .NET Apps to CF, A Strategy for Enterprises
Migrating .NET Apps to CF, A Strategy for EnterprisesMigrating .NET Apps to CF, A Strategy for Enterprises
Migrating .NET Apps to CF, A Strategy for Enterprises
VMware Tanzu
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
Sonatype
 
The DevOps Playbook: How to Start, Scale, and Succeed
The DevOps Playbook: How to Start, Scale, and SucceedThe DevOps Playbook: How to Start, Scale, and Succeed
The DevOps Playbook: How to Start, Scale, and Succeed
Puppet
 
Infrastructure as Code Maturity Model v1
Infrastructure as Code Maturity Model v1Infrastructure as Code Maturity Model v1
Infrastructure as Code Maturity Model v1
Gary Stafford
 
Kubernetes Administration Certification Cost-Register Now(7262008866)
Kubernetes Administration Certification Cost-Register Now(7262008866)Kubernetes Administration Certification Cost-Register Now(7262008866)
Kubernetes Administration Certification Cost-Register Now(7262008866)
Novel Vista
 
What's New in Puppet Enterprise 2015.3 (APAC)
What's New in Puppet Enterprise 2015.3 (APAC)What's New in Puppet Enterprise 2015.3 (APAC)
What's New in Puppet Enterprise 2015.3 (APAC)
Puppet
 
Microsoft DevOps
Microsoft DevOpsMicrosoft DevOps
Microsoft DevOps
Vinícius Apolinário
 
GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...
GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...
GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...
Amazon Web Services
 
Code-to-Cloud Visibility: An Essential Framework for DevOps Success
Code-to-Cloud Visibility: An Essential Framework for DevOps SuccessCode-to-Cloud Visibility: An Essential Framework for DevOps Success
Code-to-Cloud Visibility: An Essential Framework for DevOps Success
JadeCampbell13
 
How Azure DevOps can boost your organization's productivity
How Azure DevOps can boost your organization's productivityHow Azure DevOps can boost your organization's productivity
How Azure DevOps can boost your organization's productivity
Ivan Porta
 
Introduction to Puppet Enterprise
Introduction to Puppet EnterpriseIntroduction to Puppet Enterprise
Introduction to Puppet Enterprise
Puppet
 
Why Serverless?
Why Serverless?Why Serverless?
Why Serverless?
Ridwan Fadjar
 
DevOps in Azure : Puppetize the Cloud
DevOps in Azure : Puppetize the CloudDevOps in Azure : Puppetize the Cloud
DevOps in Azure : Puppetize the Cloud
Utkarsh Pandey
 
What's New in Puppet Enterprise 2015.3
What's New in Puppet Enterprise 2015.3What's New in Puppet Enterprise 2015.3
What's New in Puppet Enterprise 2015.3
Puppet
 
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
RightScale
 
Microsoft and DevOps - Presented by Atidan
Microsoft and DevOps - Presented by AtidanMicrosoft and DevOps - Presented by Atidan
Microsoft and DevOps - Presented by Atidan
David J Rosenthal
 
Automating Enterprise IT Management by Leveraging Security Content Automation...
Automating Enterprise IT Management by Leveraging Security Content Automation...Automating Enterprise IT Management by Leveraging Security Content Automation...
Automating Enterprise IT Management by Leveraging Security Content Automation...
John Gilligan
 
Automating Enterprise IT Management
Automating Enterprise IT ManagementAutomating Enterprise IT Management
Automating Enterprise IT Management
John Gilligan
 

More Related Content

What's hot

A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
Sonatype
 
The DevOps Playbook: How to Start, Scale, and Succeed
The DevOps Playbook: How to Start, Scale, and SucceedThe DevOps Playbook: How to Start, Scale, and Succeed
The DevOps Playbook: How to Start, Scale, and Succeed
Puppet
 
Code-to-Cloud Visibility: An Essential Framework for DevOps Success
Code-to-Cloud Visibility: An Essential Framework for DevOps SuccessCode-to-Cloud Visibility: An Essential Framework for DevOps Success
Code-to-Cloud Visibility: An Essential Framework for DevOps Success
JadeCampbell13
 
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
RightScale
 
Microsoft and DevOps - Presented by Atidan
Microsoft and DevOps - Presented by AtidanMicrosoft and DevOps - Presented by Atidan
Microsoft and DevOps - Presented by Atidan
David J Rosenthal
 

What's hot (20)

Microsoft Azure DevOps - The Developers Conference
Microsoft Azure DevOps - The Developers ConferenceMicrosoft Azure DevOps - The Developers Conference
Microsoft Azure DevOps - The Developers Conference
 
Continuous Delivery
Continuous DeliveryContinuous Delivery
Continuous Delivery
 
Enabing DevOps in an SDN World
Enabing DevOps in an SDN WorldEnabing DevOps in an SDN World
Enabing DevOps in an SDN World
 
Infrastructure as Code (BBWorld/DevCon13)
Infrastructure as Code (BBWorld/DevCon13)Infrastructure as Code (BBWorld/DevCon13)
Infrastructure as Code (BBWorld/DevCon13)
 
Migrating .NET Apps to CF, A Strategy for Enterprises
Migrating .NET Apps to CF, A Strategy for EnterprisesMigrating .NET Apps to CF, A Strategy for Enterprises
Migrating .NET Apps to CF, A Strategy for Enterprises
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
 
The DevOps Playbook: How to Start, Scale, and Succeed
The DevOps Playbook: How to Start, Scale, and SucceedThe DevOps Playbook: How to Start, Scale, and Succeed
The DevOps Playbook: How to Start, Scale, and Succeed
 
Infrastructure as Code Maturity Model v1
Infrastructure as Code Maturity Model v1Infrastructure as Code Maturity Model v1
Infrastructure as Code Maturity Model v1
 
Kubernetes Administration Certification Cost-Register Now(7262008866)
Kubernetes Administration Certification Cost-Register Now(7262008866)Kubernetes Administration Certification Cost-Register Now(7262008866)
Kubernetes Administration Certification Cost-Register Now(7262008866)
 
What's New in Puppet Enterprise 2015.3 (APAC)
What's New in Puppet Enterprise 2015.3 (APAC)What's New in Puppet Enterprise 2015.3 (APAC)
What's New in Puppet Enterprise 2015.3 (APAC)
 
Microsoft DevOps
Microsoft DevOpsMicrosoft DevOps
Microsoft DevOps
 
GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...
GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...
GMG204 TinyCo’s Best Practices for Developing, Scaling, and Monetizing Games ...
 
Code-to-Cloud Visibility: An Essential Framework for DevOps Success
Code-to-Cloud Visibility: An Essential Framework for DevOps SuccessCode-to-Cloud Visibility: An Essential Framework for DevOps Success
Code-to-Cloud Visibility: An Essential Framework for DevOps Success
 
How Azure DevOps can boost your organization's productivity
How Azure DevOps can boost your organization's productivityHow Azure DevOps can boost your organization's productivity
How Azure DevOps can boost your organization's productivity
 
Introduction to Puppet Enterprise
Introduction to Puppet EnterpriseIntroduction to Puppet Enterprise
Introduction to Puppet Enterprise
 
Why Serverless?
Why Serverless?Why Serverless?
Why Serverless?
 
DevOps in Azure : Puppetize the Cloud
DevOps in Azure : Puppetize the CloudDevOps in Azure : Puppetize the Cloud
DevOps in Azure : Puppetize the Cloud
 
What's New in Puppet Enterprise 2015.3
What's New in Puppet Enterprise 2015.3What's New in Puppet Enterprise 2015.3
What's New in Puppet Enterprise 2015.3
 
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
RightScale Webinar: Continuous Integration and Delivery in the Cloud - How Ri...
 
Microsoft and DevOps - Presented by Atidan
Microsoft and DevOps - Presented by AtidanMicrosoft and DevOps - Presented by Atidan
Microsoft and DevOps - Presented by Atidan
 

Similar to Enforce compliance policy with model-driven automation

EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIP
Scott Baron
 
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
Barun Kumar
 

Similar to Enforce compliance policy with model-driven automation (20)

Automating Enterprise IT Management by Leveraging Security Content Automation...
Automating Enterprise IT Management by Leveraging Security Content Automation...Automating Enterprise IT Management by Leveraging Security Content Automation...
Automating Enterprise IT Management by Leveraging Security Content Automation...
 
Automating Enterprise IT Management
Automating Enterprise IT ManagementAutomating Enterprise IT Management
Automating Enterprise IT Management
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
 
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)
 
Continuous Delivery Maturity Model
Continuous Delivery Maturity ModelContinuous Delivery Maturity Model
Continuous Delivery Maturity Model
 
Are your DevOps and Security teams friends or foes?
Are your DevOps and Security teams friends or foes?Are your DevOps and Security teams friends or foes?
Are your DevOps and Security teams friends or foes?
 
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
 
Application Security Testing for a DevOps Mindset
Application Security Testing for a DevOps Mindset Application Security Testing for a DevOps Mindset
Application Security Testing for a DevOps Mindset
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIP
 
Leveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeployLeveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and Deploy
 
Puppet + Diaxon: Getting to the next stage of DevOps evolution
Puppet + Diaxon: Getting to the next stage of DevOps evolutionPuppet + Diaxon: Getting to the next stage of DevOps evolution
Puppet + Diaxon: Getting to the next stage of DevOps evolution
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
 
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
 
Take your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena SoftwareTake your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena Software
 
Recent and-future-trends spm
Recent and-future-trends spmRecent and-future-trends spm
Recent and-future-trends spm
 
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practiceJohn Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023
 
Software Operation Knowledge
Software Operation KnowledgeSoftware Operation Knowledge
Software Operation Knowledge
 

More from Puppet

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
Puppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
Puppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
Puppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
Puppet
 

More from Puppet (20)

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Puppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav HadzhievPuppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav Hadzhiev
 

Recently uploaded

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Recently uploaded (20)

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 

Enforce compliance policy with model-driven automation

  • 2. Agenda 1. What are compliance benchmarks? 2. Implementing a benchmark in your environment 3. Common Challenges in Compliance Programs 4. Enforcing Compliance with Model-Driven Automation 5. Closing Thoughts
  • 4. What is compliance? The ability to document adherence to a set of rules governing system operation 4
  • 5. The Center for Internet Security (CIS) is a community-driven nonprofit
  • 6. 6 CIS Controls Prescriptive, Prioritized, and Simplified Set of Cybersecurity Best Practices • Implementation Group 1 – Every organization starts here – this is the definition of basic cyber hygiene • Implementation Group 2 – Moderate resources and expertise • Implementation Group 3 – Significant resources and expertise
  • 7. 7 CIS Benchmarks Consensus-developed Secure Configuration Guidelines • 100+ CIS Benchmarks • Prescriptive guidance • Covering 25+ vendor product families – Operating Systems, Server Software, Cloud Providers, Network Devices, Desktop Software • Community developed – CIS members, subject matter experts, security community experts, and technology vendors
  • 10. CIS Benchmark Recommendations Example: Microsoft Windows Server 2019 10
  • 11. 11 Implementing the CIS Benchmarks • Manual implementation is time consuming • Automation is essential • Tools to succeed: – Assessment – Remediation/Enforcement
  • 12. 12 Automation and Compliance • Automation and compliance go hand in hand • A model-driven approach allows for the upfront definition of how a system should be configured • Use CIS as your gold standard for compliance • Keep systems automatically and continually compliant by leveraging desired-state enforcement
  • 14. 14 Configuration drift Lack of visibility Repetitive manual processes Common Challenges
  • 15. 15 Enforce compliance with model-driven automation Assess early and often Define compliance policy as code Strong Compliance Programs
  • 16. 16 © Copyright 2/17/21 Puppet Inc. | Manual Remediation Interpret Scan Report Monthly Scan Remediate at Scale Compliance Review Scan Staging QA Dev What does continuous compliance look like? Day 2 Day 1 Compliance check Scan conducted by compliance team & emailed to IT Ops. Drift Post-deployment process repeats each month Current process Day 2 Day 1 Scan conducted by IT DevOps Compliance checks happen at each pre-deployment stage. Shift Left! Automatic Enforcement TIME / RESOURCES
  • 17. 17 1 Codify the policy 2 Manage with source control 3 Automate using CI/CD Define compliance policy as code
  • 18. What is model-driven automation? The ability to automate adherence to a set of rules governing system operation and report on current state 18
  • 19. 19 Automatically eliminate drift Manage compliance drift by relying on automation to take corrective actions Assess against the model Understand compliance status and identify issues Define the model Specify the model using code to create the desired configuration with model-driven automation Enforce compliance 1 3 2
  • 20. 20 Closing Thoughts • The compliance landscape is changing quickly and becoming more challenging. • Infrastructure is increasingly complicated, especially with hybrid environments becoming the norm. • It would be unreasonable to expect success without shifting the way you operate. • There is no way to do this without automation, especially at the scale of most infrastructure. • Use Puppet to get you there!