Enforcing CIS compliance with Puppet
Passing an audit is hard — whether you’re in retail, healthcare, finance, or honestly, any industry that values security. Most organizations these days are faced with regulatory standards that must be enforced, which bring both technical and business challenges that are difficult to overcome.
In my experience talking to our users, I often hear that compliance is one of the biggest pains to deal with, but also one of the most important things to get right. It gets tricky because there are so many rules to enforce and often there are just as many exceptions to keep track of. Every team has a special server or a benchmark that doesn’t apply, and making sense of it all is difficult. Infrastructure teams I talk to are often struggling to keep up with the last-minute scans sent over by security teams, and coordination becomes a big challenge. They’re stuck dealing with the vast number of machines that are outside of compliance and are sometimes forced to manually reconcile exceptions and build out one-off fixes that we all know don't scale.
If organizations don't adhere to these standards, they can be charged with hefty fines or, in the worst cases, even jail time. Increased business demands and pressure to reduce costs, especially in the current environment, force IT organizations to address these standards via shortcuts or exceptions that end up being time-consuming, high-risk, and costly. According to a report from Ponemon Institute, “The average cost for organizations that experience non-compliance problems is $14.82 million, a 45 percent increase from 2011.”
Our customers have long turned to Puppet to help enforce benchmarks and keep systems under compliance, whether it’s using OnyxPoint’s SIMP module, Fervid’s CIS module, or even homegrown security standards. I’ve even heard stories of users sharing their manifests with auditors as proof that their systems are in a compliant state. At last month’s Puppet Camp America East, compliance was all anyone could talk about.
When I moved from the product team at Puppet to take on a strategy role in Customer Success, the thing I was most excited about was working with the team to create solutions to our customers’ problems that leverage tried and tested methods of our larger community.
Introducing our CIS compliance service
Our new CIS compliance service offering, available today for Puppet Enterprise and open source Puppet users, is a great example of how we’re bringing this to life. We took a team of experts, looked through our success stories from customers who have used Puppet for compliance efforts (including some of the world’s largest financial institutions), and combined what we learned with some of our own tooling to map CIS benchmarks with Puppet data. The result is an end-to-end solution for enforcing CIS benchmarks.
The CIS compliance service will help organizations ensure they are both secure and equipped to pass audits quickly and easily. Through this service, we’ll help you identify where you are out of compliance and, more importantly, work with you to ensure your systems are conforming to their standards and empower you to be prepared for the future. Our experts at Puppet can help ensure you are enforcing CIS standards across your systems and address gaps as they are identified.