UPDATED 08:00 EST / FEBRUARY 20 2018

CLOUD

Chef Software bids to automate compliance with new InSpec 2.0 release

Software development automation platform provider Chef Software Inc. has once again turned its attention to matters of compliance with a major update to its InSpec framework.

Chef calls InSpec 2.0 a “compliance automation solution” that’s designed for DevOps teams — those that combine developer and information technology operations teams — to assess and fix any compliance issues they may face while developing new software applications, from initial development all the way through to deployment. The company said InSpec is meant to help organizations “maintain an up-to-date view of compliance status in production, detect security issues long before they reach production and reduce risk while delivering applications faster.”

Compliance is becoming increasingly important for enterprises due to government concerns over the safety and security of consumer’s data. That much is apparent due to the growing complexity of government regulations, Chef said.

For example, the General Data Protection Regulation in the European Union is set to come into force in May, and companies that don’t comply face the prospect of massive fines about 20 million euros, or four percent of their annual revenues, whichever is higher. Other regulations that are becoming increasingly strict include the Payment Card Industry Data Security Standard in retail and the Health Insurance Portability and Accountability Act in healthcare.

The problem is that it’s fast becoming a nightmare for companies to ensure that they do comply with such regulations. The procedures for doing so are ad-hoc, arbitrary and manual, meaning they can take hours to perform and are not always accurate, Chef argues.

InSpec 2.0 is Chef’s response to this problem. The company describes InSpec as an open-source language that’s used to describe security and compliance rules which can be shared across development teams. This ensures compliance can be adhered to at all stages of the software development process, without any impact on application performance.

“InSpec is responsible for identifying the issue and surfacing it (with a criticality level and other metadata) to a real-time dashboard in Chef Automate, where customers can prioritize actions to be taken on the alert,” said Julian Dunn, a director of product marketing at Chef.

With the update, InSpec 2.0 gains new capabilities that are pretty technical in nature but should appeal to developers. These include the ability to write user-defined custom compliance policies for cloud configurations on cloud platforms such as Amazon Web Services and Microsoft Azure. There are also more than 30 new resources which enable users to write compliance rules for new applications and configuration files such as Docker, NGINX configuration packages and PostgreSQL database configurations.

Chef makes some pretty big claims about the efficiency InSpec provides, saying it can help reduce the amount of staff hours needed to ensure compliance by as much as 95 percent. The service also eliminates duplication of effort and data throughout the development process, and provides continual monitoring for audit compliance once new applications are up and running.

Perhaps the most important benefit is for enterprises using cloud infrastructure. As Chef explains, one big problem with running applications in the cloud is proving that these apps have always been in compliance, even after they’ve been shut down.

“When working in the cloud, a machine spins up for a certain period of time, then spins down and goes away,” the company explains in its pitch. “Oftentimes, the machine they were just assessing is gone. They need to track posture over time, so they can show that they were always in compliance, as opposed to just at some point in time.”

Image: Chef Software

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU