Turn your compliance, security and other policy requirements into automated tests

clock • 2 min read

Nick Rycar, Technical Product Marketing Manager at Chef explains how InSpec can help with compliance and security concerns in development and operations

In order to outperform competitors, organizations need to deliver software faster, while ensuring doing so doesn't increase their risks. To accomplish this, it's imperative that security and compliance teams embrace DevOps and drive collaboration through automation.

That's according to Pieter Hagen, Solutions Architect at Chef Software, speaking at Computing's recent DevOps summit in London.

In his talk, How Security and Compliance Teams can be Good Citizens in a DevOps Practice, Pieter articulates how speed and risk are often at odds. As development and operations teams are able to iterate more quickly, security and compliance can become a bottleneck when environments are evaluated late in the release cycle, and often manually. Issues discovered at this stage can be costly to address, and can risk release deadlines. Furthermore, manual processes are difficult to scale, making it difficult to apply validations more frequently or in more environments.

InSpec is a tool that addresses these concerns by allowing compliance requirements to be codified for continuous, automatic evaluation. InSpec code is designed to be easily understood by IT professionals across disciplines, with the flexibility to adapt to ever-changing regulatory requirements and emerging security vulnerabilities.

Because InSpec defines compliance requirements as code, environments can be evaluated consistently at every stage of development. Issues can therefore be discovered earlier, where they can be prioritized and addressed long before a change is promoted to production. The end result of this is a more predictable deployment schedule with fewer delays, and most importantly, greater confidence that security flaws won't find their way into production.

With Chef Automate, organizations have access to a library of pre-written Compliance Profiles that can be run continuously on live environments and validated on-demand in weighted compliance reports. By practicing Continuous Compliance in this fashion, organizations can enter into audits with a complete picture of their systems' security, and maintain visibility even between audits.

Finally, and perhaps most crucially, InSpec provides a single tool that can be used by security, compliance, development and operations alike. By providing a consistent source of truth for what compliance looks like in your organization, InSpec helps drive collaboration between these teams, and allows the entire IT organization to take an active role in ensuring compliance priorities are understood and met.

Nick Rycar is Technical Product Marketing Manager at Chef

You may also like
Greening the software lifecycle: DevOps as a sustainability catalyst


Sustainability is smart business

clock 12 March 2024 • 2 min read
Appdome - DevOps Excellence Awards finalist, Best DevOps Security Tool


Mobile brands need cyber defences in their mobile apps

clock 11 March 2024 • 2 min read
DevOps at RSA Insurance - an organisational perspective


RSA DevOps is rooted in a culture of continuous improvement

clock 28 February 2024 • 3 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on DevOps

DevOps Excellence Awards 2024 - in pictures

DevOps Excellence Awards 2024 - in pictures

clock 18 March 2024 • 1 min read
Winners announced at the DevOps Excellence Awards 2024

Winners announced at the DevOps Excellence Awards 2024

The most outstanding people, projects and companies in DevOps

clock 15 March 2024 • 2 min read
DevOps on mainframe at HSBC, DevOps Excellence Awards finalist

DevOps on mainframe at HSBC, DevOps Excellence Awards finalist

The benefits far outweigh the complexities

Mike Thompson
clock 13 March 2024 • 3 min read