Chef InSpec 2.0 Adds Cloud Compliance Automation Support
Chef is extending its presence into the cloud compliance market with the release of InSpec 2.0, a compliance automation tool that supports AWS and Azure.
Chef is best known for its eponymous open source Infrastructure-as-Code platform, which lets admins write scripts to provision on-premises and cloud infrastructure automatically.
The company also been active in the compliance market for some time through InSpec, which originally was designed to automate compliance for local servers.
Using scripts, InSpec checks to ensure that certain compliance conditions are met and notifies admins about failures; for example, it could be used to verify that SELinux, a security framework for Linux systems, is installed. It could also check to ensure an antivirus scanner is running.
InSpec helps “developers and operations folks, who understand applications and infrastructure” but generally lack the expertise to interpret compliance and security risks, Julian Dunn, director of product marketing at Chef, told Channel Futures in explaining why the company originally developed InSpec.
Like Chef’s main configuration automation platform, InSpec is open source.
Extending Compliance Automation to the Cloud
The headline feature in InSpec 2.0, which debuted Tuesday, is support for compliance checks in the cloud.
“InSpec 1.0 was a product-oriented around environment compliance on the machine itself,” Dunn said. “This extends InSpec into cloud APIs. We think a lot of customers will find real benefit in that.”
Currently, the tool supports the AWS and Azure clouds, but Dunn said Chef might expand support to include other clouds in the future.
“We want to do Google at some point,” he said. He also mentioned VMware Cloud as an important platform to support because it is widely used by Chef’s customers.
Because InSpec 2.0 leverages cloud provider APIs to run checks, users can write scripts to verify compliance within any type of cloud environment on AWS or Azure, Dunn said. For example, InSpec 2.0 could support compliance verification for AWS Lambda and Azure Functions, the serverless computing services.
InSpec 2.0 also introduces performance enhancements of 90 percent for Windows systems and 30 percent for Linux and other Unix environments, Dunn said.
Making Clouds Compliant?
Cloud compliance has been a hot topic of late, reflecting the growing complexity of cloud architectures. That should help drive demand for cloud-compatible compliance automation tools like InSpec.
“Organizations are increasingly adopting multiple cloud services and repositories, choosing each for their respective strengths,” Paige Bartley, senior analyst at Ovum, told us. “A more diverse cloud IT ecosystem means a product, such as InSpec, which can monitor and validate rules across all of these systems, becomes more valuable than it would be on premises where the number of systems is more limited.”
Bartley noted, however, that InSpec doesn’t appear to meet any specific parts of the regulatory framework – the GDPR – that is at the center of current compliance planning, InSpec “doesn’t seem to inherently fulfill any particular part of the regulation,” she said, referring to the GDPR.
“But what it might help do is meet the requirement for ‘data protection by design and by default’ by automating the vetting process for servers,” she added.
The fact that InSpec currently supports only two major public clouds might limit its adoption. Organizations whose architectures span more than AWS and Azure won’t be able to use the tool for one-stop compliance automation in its current form.
In short, demand for tools that can simplify compliance in the cloud is clear. InSpec 2.0 is one of the few tools available in this niche, although the extent to which organizations will turn to InSpec as a solution for compliance with frameworks like the GDPR may be limited.