CI/CD / DevOps / Security

Chef Turns Its Focus to Security with Compliance, Desktop Additions

2 Jun 2020 9:00am, by

Sometime this year, Chef stopped referring to itself as “the leader in DevOps” and instead started calling itself “the leader in DevSecOps,” and this week, at the company’s user conference ChefConf, the company has launched a number of new features that lend toward this push of adding security and compliance to its focus, all bundled under the name Chef Compliance.

Built on top of Chef InSpec, Chef Compliance intends to help enterprises maintain compliance and prevent security incidents across infrastructures, and the primary new features being introduced this week include Chef Compliance Audit and Chef Compliance Remediation.

“We started the InSpec project four years ago and we created this great powerful framework for security and compliance validation in code, but really the work that we’ve been doing the last year is largely around the content itself,” explained Chef Chief Technology Officer Corey Scobie in an interview.

Specifically, Chef Compliance Audit provides visibility over the compliance status that can be tuned for specific needs, while Chef Compliance Remediation aims to provide continuance compliance by making it easier to remediate issues uncovered during audits without having to write code. It does this, in part, by pulling in audit content based on Center for Internet Security (CIS) and Security Technology Implementation Guide (STIG) standards.

In this same release, Chef is also introducing Chef Desktop, which Scobie said was started long before the increase in remote work caused by stay-at-home orders during the pandemic. Chef Desktop brings Chef’s as-code approach to the task of deploying, managing, and securing entire fleets of laptops, desktops or workstations from a central location, with the enforcement of configuration and compliance requirements. While companies have been using Chef Infra for this task for quite some time, said Scobie, it was time for an “out-of-the-box solution.”

“More and more customers were looking at their desktop, laptop and non-data center systems as being an important part of their overall security and compliance regime,” Scobie said. “We sort of followed in the footsteps of the customers who had sort of started to develop the pattern, and about six or eight months ago we picked up on the idea that it really did need a turnkey solution for managing systems at scale.”

Chef Desktop offers the ability to manage this deployment with a dashboard, and also includes a remediation tool that provides some of the same functionality offered in the Chef Compliance Remediation tool, but for device deployment out to the edge. Chef Desktop provides a zero-touch enrollment and provisioning process, automated software deployment, management, and policy setting, and security policy enforcement via configuration profiles, among other features.

Finally, Chef introduced some updates to its application delivery features in its Chef Enterprise Automation Stack. These updates include enhanced analytics for disconnected services, and improved package management, as well as the ability in Chef Habitat 1.6 to perform a rapid rollback, package clean-up and layered container support.

“Layered containers is an architecture that allows you to really construct incremental updates to applications that are deployed in edge environments,” explained Scobey, “and so rather than have to ship out a whole container with all of the things in it, you can actually create a hierarchy where it’s easier to just update the components that change more often in the container environment.”

Feature image by Roman Bozhko on Unsplash.

A newsletter digest of the week’s most important stories & analyses.