Analysis with Chef just got a whole lot easier thanks to the recent February, 2018 release of Chef Automate (CA). Features that have been in the testing stage for some time are now generally available with the Chef Automate release, and these include an improved data-range search as well as much more robust compliance scanning capabilities—you can now carry out scans for accurate status (both agent based and remote/"agentless" scans and you can schedule scans too).
With this new Chef Automate release you also get a collection of InSpec profiles with which you can easily make a baseline to test for compliance. With these profiles you can literally take an organization's policy (security protocals, government guidelines, etc) and convert it into code.
This code can then be used to test for compliance. Staying compliant with a complicated and multi-faceted IT environment is extremely difficult, but CA's highly advanced scanning capabilities make this a lot easier for organizations of all sizes.
Speed Up Work Flow While Minimizing Risk
When you are able to quickly detect areas where there is non-compliance with policy you are able to prioritize these issues and then automate an aptly named "detect and correct" procedure to ensure compliance continuously.
What this means is that you’ll be able to visualize all of your compliance statuses acroos all of the nodes in your network in such a way that you are never caught off guard when there’s an audit.
For most organizations carrying out audits requires lots of resources. That’s why they are only done a few times a year (if that). The problem with leaving too much time between one audit and the next is that this usually means that a compliance status will go left unchecked.
In contrast, with the announcement of this Chef automate release it’s now possible to have constant visibility of all statuses. This makes the auditing process a lot easier and also greatly minimizes risks. What’s more this new software provides the tools necessary for correcting compliance issues as they are detected.
CA also streamlines the process of moving from compliance checks onward towards the development process. When you are able to test your code against exisiting policies, you’re able to identify any problems and fix them quickly. This in turn speeds up your application delivery.
So instead of having to halt the launch of a new application while you perform the arduous (not to mention expensive) task of auditing and scanning for compliance, with Chef’s newest tool you can get these comp checks out of the way early. This makes any "security review" unneccessary and so you’re ready to launch ahead of schedule.
Everyone will love using this IT tool. Developers will love the quicker production times. The operations team is saved the headache of having to maintain an audit-ready infrastructure, and compliance specialists can rest assured that new applications are consistant with existing policies and protocols.