“Since our last ChefConf, we have been intensely focused on harnessing our long experience in operating at massive scale and speed while enabling unprecedented ease of use,” said Barry Crist, the CEO of Chef.
The new Chef Compliance solution combines existing Chef technology with policy-driven remediation and content based on Center for Internet Security (CIS) benchmarks.
It works through a five-step process across the compliance life cycle: acquire access to CIS-certified and Chef-hardened and curated content, define compliance baselines, detect and monitor the compliance posture by detecting deviations, remediate with newly available remediation capabilities, and report to maintain comprehensive and up-to-date visibility across heterogeneous estates.
“Chef Compliance, available today, builds on Chef InSpec to help enterprises maintain compliance and prevent security incidents across heterogeneous hybrid and multi-cloud estates while improving speed and efficiency,” the company wrote in a post that contains all of the details on the new products.
The second solution, Chef Desktop, enables IT managers to write their own configuration and compliance requirements as human-readable code (YAML), in order to deploy, manage and secure entire fleets of laptops, desktops or workstations from a central location.
It includes pre-written configuration code, with curated content that helps users audit and harden popular laptop and desktop operating systems.
Chef Desktop’s new innovations include zero-touch process for enrollment and provisioning of laptops/desktop endpoints for Mac and Windows and the ability to automate policy setting on endpoints.
“Desktop management is a very mature market, so why is Chef doing a new offering? And the answer is in part if a customer likes the approach of compliance as code or infrastructure as code that they’ve been using with their VMs and their cloud or server assets, they may want to apply that to their desktop fleet,” John Wyss, vice president of product at Chef, told SD Times. “Furthermore, with this approach you can actually assess your compliance status consistently across your fleet as opposed to having yet another tool with yet another set of language and data.”
Chef also announced enhanced application delivery capabilities such as improved analytics and advanced automation for defining, packaging and delivering applications.
Chef Habitat 1.6 also received additional delivery capabilities that include rapid rollback, package clean-up, and layered container support.
Chef Workstation also got an “Upgrade Lab” that includes auto-detection and auto-correction to simply upgrade cookbooks.
Last but not least, Chef announced ServiceNow CMDB integration.
“Chef is well known for the components that allow very capable practitioners to build really cool stuff. But, we’ve gotten a lot of feedback for those to be more curated and more prescriptive workload alliance products. ‘Take the Chef bag of tools and instead of selling me lumber, sell me furniture.’ At the same time, we’re still allowing access at a very low level to all of our artifacts so that customers can configure their own solutions if they so wish,” Wyss said. “Secondly, we wanted to make it easier to collaborate with less process friction and data loss across the roles and to address some of the enterprise adoption features.”
A recent survey conducted by IDG demonstrated that DevSecOps adopters are three times as likely as non-adopters to consider security an accelerator of software delivery and a key contributor to improvements in quality.
Chef designed its new innovations to build on top of DevSecOps benefits by bridging silos in global enterprises, enabling application, DevOps and security teams to work closely together to define everything — including compliance policies, infrastructure and application delivery requirements — as code, according to Chef.
The company applies an “as code” approach to solve enterprise technology problems. Coded enterprises then manage complexity through a single path to production.