Chef + Saviynt: Putting Governance into your DevOps workflow

A key reason that an enterprise adopts infrastructure automation is to allow for the fast and efficient deployment and ongoing management of their infrastructure. They also realize an added benefit in that automation can be a key component in satisfying your governance, risk management and compliance (GRC) challenges – by standardizing and automating the way that code flows through your development process and into production you simplify the process of assuring auditors that your infrastructure is compliant over time.

But the modern DevOps toolchain is complex and has many different components and users of those components. We still have the challenge of ensuring that users have the right level of access across the entire software delivery pipeline. For instance, how do we make sure that a team member has the right level of access to the source control repositories that they are working on, the right level of access to CI/CD pipelines that build, test and deliver their work; the right kind of access to their dev and test environments on the cloud provider, all the while not having access to systems and projects they’re not responsible for?

Saviynt’s Integration with Chef

This is where Saviynt, a leading provider of next generation Identity Governance and Administration (IGA) and Cloud Security solutions, come in. Saviynt helps enterprises take control of access governance across the plethora of tooling available to the modern workforce. Their integration with the Chef Role based access control (RBAC) API exposes the granularity of controls over each object on the Chef Server in a way that is easy to configure and audit.

So when a customer says: my team needs to have push access to these particular GitHub repos, write-access to these specific cookbooks on the Chef API, and Contributor permissions to their specific Azure subscription, they can manage the same using Saviynt. It also provides actionable analytical controls with drillable dashboard view (shown below) which can highlight possible compliance risks. For instance, user accounts on the Chef Server which have been inactive or user accounts with high privilege access on Chef objects.

Chef + Saviynt

Take a closer look at Microsoft Ignite

We’re excited both about the work we’ve done together to date as well as the future integrations we’re planning.  In the meantime, learn more about Chef and Saviynt’s strategic partnership or come visit us at Microsoft Ignite, September 25-29 at the Saviynt booth #957 or Chef booth #1738 for live demos and more.

James Casey

James Casey is the VP of Partner Integration at Chef.