Puppet puts on a show for compliance, that’s the way to do it

Nobody ever stops to ask why infrastructure configuration compliance and automation company Puppet, is called Puppet.

But of course, it’s obvious, a ‘real world’ puppet’s core infrastructure is something pre-engineered to be operable and functional in an almost abstracted version of reality where we never stop to really think about the underlying structures, mechanics and levers all working below the surface.

The Portland, Oregon headquartered firm has now put on a show to announce Puppet Comply, a new product built to work with its Puppet Enterprise platform aimed at assessing, remediating and enforcing infrastructure configuration compliance policies.

As you would expect from a tool that works at this kind of ‘scale’, this is very much positioned as an enterprise cloud function.

The company lays down some figures for the ‘huge cost’ of non-compliance and – whether these can be ratified and corroborated or not – an increase in regulatory standards over the past several years has meant that maintaining compliance to pass audits and to maintain costs has become more complex. 

Puppet’s product finds compliance issues, but also works to continually fix these issues across an organization’s infrastructure.

“Compliance is often deemed as an inhibitor of delivering features faster. With Puppet Comply, CIOs can leave automation to address security and compliance concerns and focus on innovation, knowing that their operations are compliant without hindering agility” said Abby Kearns, CTO at Puppet

Kearns suggests that as the 2020 Covid-19 pandemic has shifted [some] IT priorities, her company is now seeing compliance rising to the top of the C-level agenda. 

Compliant configurations

By scanning infrastructure against industry benchmarks, Puppet Enterprise’s ‘desired state’ expertise is leveraged through Puppet Comply, helping organisations apply and continually enforce compliant configurations across their infrastructure. 

The company says that Puppet Comply makes it easier to ensure estate-wide compliance with CIS benchmarks, all with less overhead and manual work. 

“The work required to ensure infrastructure compliance in order to pass audits is painstaking and time-consuming, particularly in organizations with large and complex infrastructure,” said Alex Hin principal product manager at Puppet. 

Hin also points to the fact that his firm’s technology is focused on ITOps teams to enable them to run their own compliance scans to determine which controls are passing or failing per node.

Puppet Comply generates reports, providing the necessary insight to managers and leaders as well as proof of compliance status to auditors.