Embed Size (px)
Citation preview
LEGACY IS NOT A REASON TO STAND STILL.
OUR APPROACH WITH ADOPT ING CHEF COMPL IANCE
@username-is-already-taken2
Gary BrightTECHNICAL ARCHITECT
OUT OF THE BOX
Center for Internet Security [CIS]
BUILDING ON SOLID FOUNDATIONS
regulatory
FSA PCI
Best Practice
Lessons Learned
DEPLOY COMPLIANCE FIRST
Spee
dFaster to
deploy
Accu
racyReduci
ng rework
RiskReducin
g unplanne
d work
A quicker ROI back to the business through
By defining your compliance requirements first you gain insight into
what is important to you
SO WE WENT FOR IT.. . .
We need to write a compliance profile for all the devices we have in production. If a
customer has suffered a service outage then we should write a control to know where else
we are exposed.CTO
INSPIRATION FOR WHERE TO LOOK
Service Catalog [targets]
• Device Matrix
• Application List
Best Practices
[compliance]• Build
Standards• Setup
Guides
Lessons Learned
[compliance]• Previous
Events• Front Line
Go Broad and Shallow
Don’t boil the ocean :)
TIME SAVINGManual
15 min100 devices
Automated1 min
100 devices
100Minut
es
3.125 Man-days
100 Critical IssuesFound across
1000 devices
REDUCING UNPLANNED WORK1 Critical Compliance failure = 8 Hours of unplanned work
100 MD worth of unplanned work.
All these grow as you scale out, delivering real benefit.
Blank Example 2
Adoption with Ops is key
DRIVING ADOPTION
Get their Buy In
what one thing? Integrate
docs.chef.io API JSON
OUR SINGLE BIGGEST CHALLENGE
Reportingdon’t underestimate its
importancefind the right medium that works for your customers
• Baseline compliance
• Offering insight
Out of the box
• Best Practice• Lessons
Learned
Extendable
• Reduce rework
• Reduce risk
Fast ROI
IN CLOSING
Remember to take
people with you
Broad and
shallow
IN CLOSING
You’ll launch the
product and have
people use it
Blank Example 1
