December 3, 2020

Puppet + Compliance: Our Journey to Puppet Comply

Security & Compliance
Products & Services

Puppet Comply is just one part of Puppet's compliance journey. Here we'll explore how Puppet makes it easier to automate your compliance program and meet critical security benchmarks, so you can always be confident in your systems' compliance.

Table of Contents:

Puppet + Compliance: How It Started

During my tenure at Puppet, I’ve learned that almost everything we do is focused on two things — eliminating soul-crushing work, and the never-ending desire to solve really hard customer problems. Couple those with the positive and energetic attitude of the Puppet team, and we’re bound to have a profound impact on our customers. Maybe I’ve had too much Kool-Aid? But I really believe we’re onto something here…

Our newest solution, Puppet Comply, carries on this theme.

Customers have used Puppet for IT compliance long before Puppet Comply and before the CIS Compliance service launched earlier this year. That’s because Puppet Enterprise allows our customers to take a model-driven approach to configuration management. With PE, customers can define how a system is supposed to look, so that when it gets deployed, it’s automatically configured to the desired state. If the defined configuration changes, Puppet reverts the system back to desired state, eliminating the problem of configuration drift. That’s awesome.

Naturally, this approach to configuration lends itself very well to compliance. I can define how a compliant system looks based on regulatory frameworks and internal security policy, and have PE enforce it. This keeps me automatically and continuously compliant. While Puppet Enterprise is great at enforcing compliance with a defined policy, it doesn’t help you understand HOW compliant you are. There are still some missing puzzle pieces: What’s my overall level of compliance? Which systems are out of compliance, and what do I need to remediate? That might be okay for some, but it’s not okay for most.

Our customers have asked us to provide visibility into their compliance status because defining the model isn’t enough anymore. Companies have entire programs, teams, and resources dedicated to managing compliance programs, and all of the processes and activities within them. They need to have solid programs, and they need to be able to provide proof of compliance. I once heard a customer refer to this as the burden of proof. It’s serious stuff.

What Is Puppet Comply?

Puppet Comply is a tool that enables continuous compliance monitoring across hybrid infrastructure with less overhead and manual work.

Puppet Comply is a solution. It is the combination of a new product and our CIS Compliance Service, and it is available today.

I already know what you’re going to ask.

Why a combination of a product and services?

TL;DR: it’s hard.

Comply will provide customers with the required assessment capabilities through the product. We’ve partnered with the Center for Internet Security (CIS) for both the benchmark content and assessment technology to bring our customers the industry standard in benchmarking, joined by a purpose-built assessment tool directly from the source.

A screenshot of the Puppet compliance dashboard

Our expert services team will serve as an extension of a customer’s team, helping them bridge skill and resource gaps through CIS compliance assessment, remediation, and enforcement of CIS benchmarks. They’ll help customers craft Puppet compliance modules specifically for their environments, provide training on best practices, and enable them with all of the necessary tools for continued success.

Get Started With Puppet Compliance Tools

This is just the beginning of Puppet’s journey into compliance, and we’re excited. We’ve got lots of great features on the roadmap to help our customers drive successful outcomes in their compliance programs. We hope you’ll check out Puppet Comply and share your feedback.

To use Puppet Comply, you must configure it to integrate with Puppet Enterprise. To get started, sign up for a free trial of Puppet Enterprise today! With Puppet Enterprise, you'll have access to all the features of Puppet Comply, plus a host of other tools to help you manage your infrastructure.

Start a Trial

Learn more