Puppet introduces new security and compliance integration

Puppet

DevOps automation company Puppet Inc. today announced many new integrations during its Puppetize Digital 2021 virtual meeting to support more automation through large-scale self-service and provide customers with more security across hybrid infrastructures.

Puppetize Digital’s announcement includes the compliance enforcement module bundled into Puppet Comply, the new integration of the ServiceNow Graph Connector Program for Puppet Enterprise, and the new malware scanner function of the newly released module on Forge.

With more and more new vulnerabilities reported daily, Puppet has begun to focus on infrastructure security compliance across environments to allow the team to make the best decisions. In native, cloud, and hybrid environments, DevOps teams need greater visibility and automation to create a culture of enhanced collaboration between teams.

Puppet compliance and compliance enforcement module

Puppet today announced the compliance enforcement module for Puppet Comply, which will provide customers with a turnkey compliance remediation and enforcement policy in cooperation with Puppet Enterprise.

The compliance enforcement module system allows the enforcement of policies that are consistent with the Internet Security Benchmark Center for Windows and Linux, namely code configuration management. It provides industry-recognized baseline network security standard best practices for code configuration to ensure security compliance.

Abby Kearns, Puppet’s CTO, told SiliconANGLE that compliance is now what too many companies do with spreadsheets. This is usually a tedious manual process involving individuals checking offline.

“If there is anything we can automate, then compliance should be the first thing we automate,” Kearns said. “This is something that computers should absolutely do for us.”

Non-compliance with regulatory standards may result in failure of audits or risk assessments. This alone may result in huge fines or business losses. The ability to automate compliance means that it can take weeks or months to complete manual processes in minutes or hours.

With Puppet Comply, Puppet has been investing in innovation to allow customers to quickly identify the root cause of compliance issues. This allows teams to quickly make configuration changes to implement strategies that scale across environments.

“Automating strategy and governance to manage infrastructure needs helps infrastructure and operations teams get rid of passive processes and put them at the center of understanding where non-compliance is and how to fix it more easily and seamlessly,” Kahn Said. “We have been working with our customers to develop solutions and technologies in this field to help meet current and future needs.”

Starting today, the compliance implementation module will allow Puppet customers to incorporate their infrastructure into compliance to reduce the financial and security risks of the entire organization.

ServiceNow graphical connector for Puppet

ServiceNow customers can quickly, easily, and reliably extract relevant and accurate data from Puppet-managed assets into ServiceNow’s configuration management database to make informed decisions about their hybrid cloud infrastructure.

Using ServiceNow Graph Connector for Puppet will automatically collect data and reports for all ServiceNow products, and integrate technology, personnel, and processes into a service-oriented view. This is an interconnected approach that helps automate development and cloud operations and risk management.

Molly Erdle, Puppet Product Manager, said: “The importance of using accurate and correct real-time information to operate across hybrid infrastructures is critical to speeding up releases and IT project resilience.” “Wrong mapping of configuration items or inaccurate data will only It leads to more complexity and sometimes economic losses.”

Administrators can now use the ServiceNow platform to take advantage of Puppet-enabled operations, including directly using the automation engine to restart the service to patch the machine.

Forge module malware scanning

Puppet has also added a malware scanner function to its module market Forge, which will automatically check for newly released modules before the end of the year.

Developers spend a lot of time on code auditing, reporting, and correcting potential vulnerabilities to avoid potentially hacking the system. Many companies do not allow the use of public code that has not been scanned (and sometimes not reviewed by a third party) to prevent vulnerabilities.

The addition of Puppet’s new malware module scanning function will add a more streamlined process to increase the security profile of user-submitted modules in Forge.

“Puppet’s new module malware scanning on Forge gives users peace of mind when choosing and using our modules,” said Ben Ford, Puppet’s Forge and Content Ecosystem Product Manager. “This additional layer of protection increases trust in our content, benefits customers and open source Puppet users, and encourages people to think and build more safely as they contribute to Puppet’s growing community.”

The rollout process of the scan will first focus on supported modules, then partners and approved modules. By the end of this year, this feature will be applicable to all new versions of all community modules.

Picture: Puppet

Join our Cube club and community of Cube event experts to express your support for our mission. Join the community, which includes Amazon Web Services and Amazon.com CEO Andy Jassy, ​​Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more celebrities and experts.

.
#Puppet #introduces #security #compliance #integration

More from Source

Leave a Comment