Chef’s innovations enable continuous secure app delivery for InfraOps, AppOps and SecOps teams

Chef announced a number of new products designed to enable coded enterprises to work across silos to build competitive advantage through automation.

The newly introduced Chef Compliance and Chef Desktop, in addition to notable enhancements to Chef’s application delivery capabilities, help organizations enforce and maintain compliance; deploy, manage, and secure desktop, laptop and kiosk workstation fleets and accelerate application definition and delivery.

“Enterprises today are striving to do more with less through automation, unifying formerly mission-specific teams to create more efficient IT environments where concrete business outcomes are prioritized over adherence to role-driven processes,” said Jim Mercer, research director, DevOps, IDC.

“Chef’s product portfolio is positioned to help enterprises achieve an everything-as-code ethos and empower teams to cut across silos, with better visibility into and control over secure infrastructure and application definition and delivery.”

A recent survey conducted by IDG demonstrated that DevSecOps adopters are three times as likely as non-adopters to consider security an accelerator of software delivery and a key contributor to improvements in quality.

The new innovations introduced by Chef today are specifically designed to bridge silos in global enterprises, enabling application, DevOps and security teams to work closely together to define everything — including compliance policies, infrastructure and application delivery requirements — as code.

Providing a common DevSecOps language that can be shared, scaled, and automated improves the software development lifecycle.

Chef Compliance

Building on Chef’s long history of innovation in compliance automation, Chef Compliance builds on Chef InSpec to help enterprises maintain compliance and prevent security incidents across heterogeneous hybrid and multi-cloud estates while improving speed and efficiency.

Standards-based audit and remediation content, easily-tuned baselines and comprehensive visibility and control make it easy to maintain and enforce compliance across the enterprise.

“We use compliance as code as a vehicle to unite all of our stakeholders. With it, you can articulate your security posture and, more importantly, produce a versionable artifact that represents that posture,” said Kyle Harper, lead engineering manager, Cerner.

“Scaling beyond humans with compliance-as-code saves you and your system owners time, but auditors should also understand the time savings they are going to gain.”

New offerings include:

• Chef Compliance audit: Designed specifically for information security and SecOps teams who wish to maintain complete visibility over the compliance status of their estate. It provides extensive audit content based on Center for Internet Security (CIS) and Security Technology Implementation Guide (STIG) standards that can be easily tuned to meet specific needs.
• Chef Compliance remediation: Designed specifically for Infrastructure and Operations teams to help close the loop between audit and remediation and enable continuous compliance in the enterprise. New remediation functionality and trusted, standards-based content makes it easy to remediate issues uncovered during audits without writing code.

Chef Compliance features integrated capabilities across all five stages of the compliance lifecycle:

• Acquire: Access CIS certified and Chef-hardened and curated content aligned to industry benchmarks for audit and remediation. With newly available remediation content, organizations can ensure remediation actions align directly to audit results.
• Define: Chef now makes it easy to define compliance baselines and tune them to the organization’s unique needs. Flexible compliance waiver capabilities allow teams to turn on or off individual controls in order to avoid false positives and misconfigurations.
• Detect: Continuously monitor and evaluate compliance posture by detecting deviations from intended state at any point in the software delivery lifecycle.
• Remediate: Remediate non-compliance with newly available remediation capabilities that efficiently address individual controls in alignment with audit tests, encoding those fixes to enable continuous compliance.
• Report: Maintain comprehensive and up-to-date visibility across heterogeneous estates, easily view differences between baseline and remediated states and track waiver status to enable fast and accurate audits any time.

Chef Desktop

Chef Desktop enables IT managers to write their own configuration and compliance requirements as human-readable code (YAML), in order to deploy, manage and secure entire fleets of laptops, desktops or workstations from a central location.

Organizations can gain control over IT resources, ease the management burden, and ensure compliance to minimize risk. Chef Desktop also includes pre-written configuration code, with highly-curated content to audit and harden popular laptop and desktop operating systems.

This approach helps IT resource managers gain value immediately while maintaining ultimate flexibility to meet enterprise-specific needs.

“Managing infrastructure as code revolutionized the data center, and we’re proud to have worked with Chef to apply this proven approach to our endpoint fleet at scale,” said Luis Madrigal, Engineering Manager, Client Platform Engineering + IOT, Uber. “We’ve gained efficiency, flexibility, and security with ongoing visibility across all our laptops and desktops.”

New innovations include:

• Zero-touch process for enrollment and provisioning of laptops/desktop endpoints (for Mac & Windows)
• Automated software/application deployment and management
• Automated policy setting on endpoints with flexibility to fine-tune
• Low-lift rollout of software and application updates
• Transparent device known states via artifacts (e.g. cookbooks/profiles, etc.) to facilitate auditing and remediation
• Security policy enforcement via configuration profiles, data encryption and system updates

Application delivery

New innovations in Chef Enterprise Automation Stack provide advanced automation capabilities for defining, packaging and delivering applications to help clients deliver applications consistently, securely, and reliably.

Defining applications based on six core requirements enables IT teams to drive better outcomes across all applications (COTS and custom, Windows and Linux) and environments (cloud, containers, on-premises, and edge). These include application version, config instructions, build instructions, dependencies, relationships and run-time instructions.

“Chef’s unique approach to application delivery has enabled us to reduce application deployment and build release times for legacy systems from four to eight weeks to an hour, a 98 percent improvement,” said Chad Larkin, DevOps Solution Architect, Early Warning Services.

“By being able to define application requirements and compliance policies as code uniformly across all technologies we’ve been able to scale CI/CD across our entire IT estate and deliver new innovations to the business at unprecedented rates.”

New innovations include:

• Enhanced analytics enable users to filter and update views for disconnected services and receive real-time health check messages and statuses
• Advanced application delivery capabilities in Chef Habitat 1.6 included rapid rollback, package clean-up and layered container support
• Improved package management makes it easier to manage package settings and deploy multi-platform packages

“Today’s announcement clearly demonstrates the significant innovations that we, in close collaboration with our community, have made since ChefConf last year,” said Corey Scobie, CTO, Chef.

“By simplifying software deployment, solving pressing security and compliance challenges in hybrid environments and managing distributed devices in this remote-first world, we are making our customers more effective and enabling coded enterprises to attain the full scope of their IT ambitions.”

“Chef’s product innovation is moving faster than ever before and meeting our customers’ most pressing needs for DevSecOps,” said Barry Crist, CEO, Chef.

“Since our last ChefConf, we have been intensely focused on harnessing our long experience in operating at massive scale and speed while enabling unprecedented ease-of-use. I am proud to say that Chef today is truly defining the future of IT automation for Coded Enterprises.”