2 min

Puppet Comply helps solve new compliance risks amid COVID-19.

This week Puppet announced Puppet Comply, a new product built to work with Puppet Enterprise. The new product is aimed at assessing, remediating, and enforcing infrastructure configuration compliance policies.

The product can perform all these functions at scale across traditional and cloud environments, according to the company.

How it works

Puppet Comply scans a company’s hybrid infrastructure to assess compliance with CIS Benchmarks. This provides a clear view of compliance status for each node in the customer’s estate.

The solution then maps controls of the company’s infrastructure using classification data such as operating system, version, role, and environment. Users can quickly identify the cause and source of compliance failures with node-level scan results. They can then drill into benchmark details for guidance on how to remediate failures.

Puppet Comply also eliminates manual exception handling. It allows customers to define custom profiles to disable the rules they don’t want to enforce. They can then scan only for the ones that apply.

“In today’s enterprise, CIOs are responsible for a myriad of competing priorities,” said Abby Kearns, CTO at Puppet. “Of these priorities, compliance is all too often deemed an inhibitor of delivering features faster.”

“With Puppet Comply, CIOs no longer need to pick compliance over innovation or speed, but instead can automate their compliance without impacting agility objectives,” she said.

Puppet Comply also generates easy-to-read reports. These provide the necessary insight to managers and leaders as well as proof of compliance status to auditors.

Cutting time and costs

The average cost for organizations that experience non-compliance is upwards of $14.82 million, according to Puppet. This represents a 45 percent increase from 2011.

Puppet claims that organizations who implement compliance protocols through Puppet Enterprise spend 76% less time fixing security and compliance issues.

Alex Hin, principal product manager at Puppet, summed up the advantage of the new product. “Puppet Comply ensures ITOps teams have the tools and resources they need to proactively manage compliance without disrupting, or duplicating, the security team’s workflow,” he said.

Tip: Cloud-native and open-source key drivers for Puppet’s course