Continuous Compliance at Niu Solutions
Addressing the challenges of high velocity business
Niu Solutions offers IT managed services specializing in regulated industries such as retail, financial services and banking. Founded in 2000, Niu is a UK-based company operating with data centers in the UK and US as well as on the public cloud. In this article, Jon Williams, CTO at Niu, talks about InSpec, Chef and the beauty of automation.
Raising efficiency, reducing risk
On their journey to continuous automation, Niu is realizing outcomes with every step. As Jon describes, “One of our big wins is SQL. It used to take our SQL specialist a day to go through the full end-to-end set up. With Chef, we’ve reduced that to 12 minutes. Another example is managing disk space, one of our biggest headaches. For too long, we simply accepted this problem as the norm and told ourselves we didn’t spend much time on it but, when we did an analysis, we found out differently. We were spending a huge amount of time on it.”
Patching is another area Niu addressed with automation. Jon found that automated builds and InSpec made an enormous difference in the amount of work they had to do to make their servers safe. He says, “Literally, anything that went through an automated build had no issues, which is amazing and, actually, a revelation. Also, the InSpec coverage we have on the legacy infrastructure reduced greatly any legwork we had to do. We already had the basic control and only had to write a specific control just to double check that the patching was up to date. Very powerful.
You’ve got to be able to react to these situations. It’s back to that point about the audit. You can’t be in a position where something like this happens and you live in hope. Hope is not a strategy.”
Jon Williams, CTO, Niu Solutions
What was amazing also was watching what the teams went through when an urgent patch was released. They saw that 60% of the manual work they previously had to complete, often resulting in lost nights of sleep or their weekends, was reduced to minutes. This made it easy for the teams to see why creating these controls helped them, as it really hit home how important visibility and automated remediations are.
Looking to the future
Automation, particularly with InSpec, has helped Niu further their DevOps initiatives by encouraging more involvement from stakeholders. Jon says, “The lesson we learned is it’s all about bringing people with you. You need a plan of what you’re trying to achieve. What business problem are you trying to solve? Keep it really simple. You can run away with the tools and get very excited. The team was smashing out controls like nobody’s business and we had to stop. It was more about going and speaking to the operations teams and the InfoSec teams and understanding their problems, what was burning up their time. You need to deliver something that will get their buy in, get them to understand that this is a good thing so that they tell you about their faults because it helps them. If you don’t see those people as the customers you just create barriers, which is the opposite of what you’re trying to achieve.”
Reflecting on what Niu has accomplished so far, Jon sums up by saying, “InSpec gave us the headspace and the room to go on the automation journey. When you’re managing legacy infrastructures, you’re in a catch-22 around reducing unplanned work. You don’t have time to figure out what the next step should be. Reducing unplanned work has given us that time. We can ask ourselves, ‘We’ve taken control of our legacy. How do we build our future?’”
1. To learn more about how Niu uses InSpec and has tied it into their DevOps transformation, listen to Gary’s ChefConf 2017 presentation, “Kick starting our DevOps Transition with Chef Compliance.” https://youtu.be/YhZajGM-fQY