Organizations are flocking to the cloud for app dev and deployment, but they face challenges around compliance, audit preparation, and security. Here’s how to address them.
With some 90% of organizations now relying on the cloud for application development and deployment, questions arise about how best to address challenges, including ensuring compliance, audit preparation, and security.[i] The answer is to choose platforms that can take advantage of tools native to both the application development and cloud platforms to deliver efficiency and speed.
The app dev and deployment challenges organizations face include:
- Reducing organizational cyber risk from using infrastructure that spans multiple clouds and on-premises environments
- Lack of consistent policy enforcement across hybrid environments
- Difficulty enforcing governance policies, accurately tracking compliance, and effectively dealing with audits
In the face of these challenges, it can be difficult to maintain the speed and agility that DevSecOps is intended to deliver. But automated tools can address these challenges and ensure compliance, while delivering important benefits.
Yes, Chef, please do automate
Chef, the systems management and cloud infrastructure automation platform, has long helped organizations automate compliance tasks associated with on-premises systems but is now poised to take on the cloud.
Chef is a configuration management tool that helps companies automate the configuration of hundreds or thousands of computers. It enables users to run periodic checks to ensure all systems remain in the desired, compliant state based on whatever standards they need to meet, including CIS Benchmarks, DISA STIGS, PCI-DSS, or custom rules. Should any deviation occur, the automated routine can alert an administrator to the issue.
Users can configure routines in several ways, including with Chef Cookbooks (or playbooks) that detail steps, or by sending shell commands directly to Linux systems or PowerShell commands to Windows systems. Additionally, Chef Inspec enables testing and auditing of applications and infrastructure to ensure they align with the desired state.
Continuous compliance checks, AWS-ready
Progress Software, which owns Chef, has some 750 different cloud configurations and resources for Amazon Web Services (AWS) alone. “You can validate that any AWS cloud resource should have a specific security group and other settings” says Mike Butler, principled sales engineer for Chef at Progress. “Inspec allows you to generate compliance profiles for cloud-native objects.”
With the profiles in hand, users can run compliance checks as often as they like to ensure there hasn’t been any drift from the compliant state. Most customers run them once per day, he says.
In addition to providing continuous compliance monitoring, the Chef-driven automation routine also makes it easy to supply any data auditors may need to prove compliance. “If an auditor wants evidence from a month ago, you can supply that,” Butler says.
Using Chef also makes for a highly scalable solution. Chef’s main purpose is to help automate tasks in large-scale environments. Most of the heavy lifting goes into building routines and pipelines. After that, “the larger you scale, the more value you get out of Chef,” Butler says.
Ensuring systems stay in compliance not only helps companies meet regulatory requirements, but it also helps with cybersecurity. Security and privacy are typically the main reasons behind regulatory standards, so ensuring your systems remain in compliance means they’re also generally free from any obvious vulnerabilities that can result in data breaches.
Chef can also use AWS metadata to build logical groups of systems inside Courier. If you need to deploy a security patch, for example, it can be performed by AWS zone, with filters applied. You could do the East group first and, once it completes with at least 90% success, the West zone starts.
As an added benefit, Chef can also help companies manage machine configurations as they move from on-prem to the cloud. “One thing Chef Infra does really well is manage the configuration of your operating system,” Butler says. “You can move objects from on-prem to AWS, and 95% of it is the same, so you have persistence.”
Learn more about how Chef can keep you safe and secure in the cloud. Visit us here.
[i] Gitnux, “Cloud Industry Statistics,” April 29, 2025, https://gitnux.org/cloud-industry-statistics/
