Organizations are under tremendous pressure to release innovative technological solutions to the market. However, there are a large number of moving parts that must come together to support an application.
These include backend infrastructure including business processing, database and storage technologies to frontend applications, all running on a myriad of devices like point of sale, order entries, to everything in between such as web servers and application servers and even cloud-native assets relating to Docker and Kubernetes.
While releasing technology solutions to the market, organizations must also meet all regulatory and security requirements. In today’s complex regulatory environment, compliance automation is becoming increasingly important to help businesses stay compliant, avoid penalties and maintain a strong reputation.
Conducting compliance audits
is a necessary and crucial process for companies to ensure that they are adhering to legal and regulatory requirements, as well as industry standards. Compliance automation software helps organizations simplify and scale their audits by enabling continuous and comprehensive scans of their resources.
enables IT teams to perform system hardening with the help of continuous security audits and remediation, that detects and fixes any security drifts in diverse IT fleets. It allows security and compliance to shift left
, making security an integral criterion of the development and deployment process. Chef Compliance enables users to utilize ready-to-use, certified, curated audit and remediation content to configure and maintain compliant systems quickly.
Chef InSpec, the primary engine that runs Chef Compliance, has a host of essential features that allow users to accelerate their release speed and enable better and more efficient compliance audits.
InSpec is our DevSecOps framework for testing and auditing your applications and infrastructure. It checks the configuration state of resources across your heterogenous IT estate.
InSpec enables you to:
- Express compliance and security policies as code.
- Assess your applications’ compliance with security policies before pushing changes to build and release pipelines.
- Automate compliance verification in your CI/CD pipelines.
- Unify compliance assessments across multiple cloud providers as well as on-premises environments.
This blog discusses an interesting feature called ‘Chef InSpec Parallel’.
Enable multiple compliance scans simultaneously with ‘InSpec Parallel’
With the advent of cloud services and multi-environment settings, enterprises have seen a significant rise in the number of resources and devices in their ecosystem. However, the speed at which compliance audits and scans are conducted has not scaled up to match the enormity of the resource landscape.
InSpec Parallel is one of the most pertinent feature enhancements in Chef InSpec—one that allows significant acceleration for compliance scanning.
Until now, Chef InSpec executes a single scan on a single target only. With ‘InSpec Parallel,’ multiple compliance audit checks can be performed on multiple remote targets concurrently. For example, enterprises with different on-premises and multi-cloud environments
can run scans simultaneously on Amazon Web Services (AWS), Azure and Google Cloud Platform (GCP). This leads to a multi-fold increase in the speed at which the scans can be performed and saves both time and costs for the user.
By running audits side-by-side, Parallelism
enables you to audit your infrastructure more quickly. Hence, method reduces the time to identify misconfigurations and risks. With Parallel, you can remediate your security issues faster, which eventually improves your speed of innovation and reduces operational costs.
Using the InSpec Parallel command, you can execute multiple audit checks targeting multiple systems. You can also execute a profile on multiple target nodes or multiple profiles on the same target node.
All you need to do is create an option file with the list of nodes and the profiles to be run against them. An example options file is given below.
The real-time status of audit checks is also provided during execution.
Parallel mode enables you to:
- Monitor all your on-premises and cloud assets parallelly across different environments.
- Scan millions of resources (like S3 buckets, firewalls and access keys) in real-time.
- Understand the state of the security posture of assets in your environment.
Let’s look at some of the benefits of using InSpec Parallel:
InSpec Parallel can conduct multiple scans on multiple targets (local or remote), enabling faster outputs and quicker remediation. Parallel scans can be done on applications, virtual machines, cloud environments, databases, container applications, web servers and app servers.
With an inbuilt progress indicator, users have real-time visibility on the duration and completion of multiple scans. The percentage completion of scans indicates the extent to which the profile run is complete.
With no limit on the number of resources that it can scan, users can use InSpec Parallel to scale and cover hundreds of nodes simultaneously.
The parallel command can also be included in any script, and the input files can be used for any compliance audits that you may want to run, making it easy for developers to adopt.
Chef Compliance offers you the ability to ensure that your IT infrastructure is compliant with standard compliance benchmarks or alternatively your internal security benchmarks. The new feature ‘InSpec Parallel’ ensures that compliance issues are remediated quickly and efficient and enables scalability across multiple environments providing you with increased flexibility and ease-of-use.
Find out more about Chef Compliance by visiting our various resources: