Automating compliance for finance
HPE Datacenter Care—Infrastructure Automation (DC-IA) provides advice, support, and tools to help customers create a fast, agile, and reliable IT environment. For several years, (Hewlett Packard Enterprise (HPE) has been using Chef to turn infrastructure into code. Recently, they’ve expanded their offerings with InSpec, which turns compliance into code. InSpec is a human-readable language for automating the continuous testing and compliance auditing of your entire infrastructure.
Vivek Bhatia, DevOps Consultant at HPE, shares how InSpec was introduced to one of the largest banks in India. In particular, Vivek worked with the infrastructure team that manages the company’s Banking Services division, which is responsible for most of the bank’s transactions. Compliance is particularly critical for them. The division has approximately 500 HP-UX servers that make up their development, test, and production environments. They also have some servers for disaster recovery (DR).
Compliance without automation
Of course, there are many regulatory and security guidelines the bank must follow and each month the team checks to make sure their servers are compliant. There are around 100 checks and, before InSpec, they were performed manually. The process was very difficult. The team had to log in to each machine, check the configuration settings, provide the results on paper, and then log them. Completing a single check took about 5 minutes, so vetting just one server took about 8 hours.
Vivek Bhatia, DevOps Consultant
Without automation, managing compliance is very challenging. If you want a better way to understand how your infrastructure looks, use InSpec.
The advantages of automation
The Banking Services team has rolled out InSpec in their development and test environments. As they gain experience, they will roll it out to production.
Dominik Richter, Chef’s Product Manager for InSpec, says, “We often get positive comments from our users about how easy InSpec is to deploy in their environments. Human-readable rules are a big part of this, as well as InSpec’s lightweight requirements for execution.”
Vivek says, “When I talk to the financial customers, I know that there are two key things they are really worried about. One is the security of their systems and second is auditing. For security, most of the time they have checklists and they want to ensure they are compliant with those checklists but unfortunately they are not. I try to tell them that if you want to get this done quickly, if you want a better way to understand how your infrastructure looks, use InSpec, which can be agentless. Just go ahead and start deploying and start seeing the benefits.
“I was a system administrator for 10 years so I know what it’s like to do all the fixes and run all the reports. It’s very, very painful, especially when you have 3,000 or 4,000 servers. Without automation, managing compliance is very challenging.”