Automating compliance for financial services

We’ve been talking about the importance of incorporating compliance into your development workflow for a while now. With Chef Automate, we’ve delivered an enterprise-grade solution for turning compliance policy into code. We’ve written a whitepaper, recorded a webinar, and created a tutorial and documentation that all detail how you can integrate compliance into your deployment pipeline. We’ve also put a spotlight on folks in the Chef community who are doing it right.

Now, we’d like to share another cool story of how this all works in the real world. Our partners at HPE Datacenter Care—Infrastructure Automation (DC-IA) provide advice, support, and tools to help customers create a fast, agile, and reliable IT environment. For several years, HPE has been using Chef to turn infrastructure into code. Recently, they’ve expanded their offerings with InSpec, which turns compliance into code. InSpec is a human-readable language for automating the continuous testing and compliance auditing of your entire infrastructure.

We interviewed Vivek Bhatia, DevOps Consultant at HPE, about how he introduced InSpec to one of the largest banks in India. In particular, Vivek worked with the infrastructure team that manages the company’s Banking Services division, which is responsible for most of the bank’s transactions. Compliance is particularly critical for them – each month the team checks to make sure their servers are compliant with a myriad of regulatory and security guidelines the bank must follow.

Our Roberta Leibovitz has written an in-depth piece about HPE’s work automating compliance. Whether you want to try InSpec with a small team, or need a scalable approach to automating compliance across an enterprise, this article will have something for you.

Here’s what Vivek had to say about the impact of InSpec:

When they saw the tool they were very excited. They were able to see the entire scan result in minutes. They could see how many were compliant, how many were not compliant and based on that they could make a quick decision. What they took 500 minutes to perform on one server, they could now perform in 2 minutes, which was exceptional for them.

You can read the full article here and then watch our recent webinar “Automating Compliance with InSpec 1.0” to start your journey to compliance at velocity.

Lucas Welch

Former Chef Employee