Cloud Native / DevOps / Security

Chef Shifts to Policy as Code, Debuts SaaS Offering

22 Sep 2021 4:00am, by

At this year’s ChefConf 2021, Progress, the company that acquired Chef late last year, announced several new additions to the platform once known for its infrastructure-as-code (IAC) capabilities. The new features fall into three primary categories — multicloud compliance, increased productivity, and deployment flexibility — and showcase a continued transformation for Chef.

Last year, we noted that Chef had somewhere along the way stopped referring to itself as “the leader in DevOps” and instead started calling itself “the leader in DevSecOps,” which was evidenced at ChefConf 2020 with the release of Chef Compliance. This year, the company has further doubled down on this move, this time with a focus on policy-as-code.

Prashanth Nanjundappa, a senior director of software engineering and product management at Progress, explained that the move to policy as code (PaC) helps to encompass more aspects of a business than simply infrastructure as code, which is still part of Chef’s platform.

“In a multicloud and hybrid cloud environment there is more than just configuration of infrastructure that needs to be governed, but a broad array of aspects (compliance, security, vulnerability, cost, access privilege, etc…) that are included in organization policy,” Nanjundappa wrote in an email. “With PaC you can accomplish broader governance automation needs at an enterprise level. Infrastructure as code is about managing infrastructure specifications. Policy as code takes that up a level to manage via business policies in a consistent, unambiguous, and scalable way.”

Nanjundappa explained that, while this is a shift for Chef, it is one that still centers on its core competency: code.

“Chef started with IAC and then we realized that code is a common language, which has helped our organizations accelerate their DevOps adoption. But, there are different parts of the organization — security, apps, ops — and all of them need to be brought in. That’s where we are continuing to invest in the code first approach,” said Nanjundappa. “What we have shifted a little bit in a positive direction now is moving from infrastructure and compliance as code to a policy-based automation approach, because we have seen a very clear directional change in our customers, as well as the industry, where a multicloud has become a reality.”

Nanjundappa said that Chef has seen clear evidence that its customers are moving to a multicloud, hybrid setup, increasingly using cloud native resources such as EC2, S3, Lambda, or Azure Functions, for example. To this end, Progress has launched Chef Compliance Automation for Cloud Resources, which extends support across major cloud providers Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). In addition, the company launched new certified Chef Premium Content, which Nanjundappa said will help companies keep up to date with constantly changing specifications and regulations, such as that put out regularly by the Center for Internet Security (CIS).

“What we have done this year is we have expanded that coverage vastly and also got into some sort of rhythm updating the content that is launched,” said Nanjundappa. “CIS keeps updating the specification from time to time and, when they do, we are watching that and we are updating and getting our CIS remediation content certified.”

As for ease of use, Chef Enterprise Automation Stack (EAS) will also be available in both AWS and Azure marketplaces. The company has begun a Chef Managed Services program, and Chef EAS is also now available in a beta SaaS offering. All of these together, said Nanjundappa, will make Chef EAS “easy to access and adopt, which will help reduce overall time to value.”

Looking forward, Nanjundappa said that the focus will include features like cloud security posture management (CSPM) and Kubernetes security.

“We are seeing more and more compute workloads being migrated towards containers and Kubernetes. We currently offer Chef Inspec + content for CIS profiles for K8s and Docker that help secure Containers and Kubernetes,” wrote Nanjundappa. “But we will be adding additional abilities to maintain security posture in containers and Kubernetes platforms in the coming years.”

More specifically, upcoming Kubernetes features will offer visibility into containers and the Kubernetes environment, scanning for common misconfigurations, vulnerability management, and runtime security.

“Chef users need a unified experience across our tools and integrations with other tools that they use alongside Chef, so we have a big set of initiatives to increase the productivity of Chef product users by building a Centralized management experience across our tool kits,” wrote Nanjundappa. “As organizations move more workloads into the cloud, the need for security and compliance automation has accelerated. We have also seen our customers having a clear strategy for adoption of cloud platforms and cloud native technologies.”

The New Stack is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Docker.

A newsletter digest of the week’s most important stories & analyses.