Blog
July 16, 2026
Introducing Unified Compliance as a Foundational Part of Puppet's Future
Announcements & Events,
Security & Compliance
TL;DR
As AI accelerates change, infrastructure environments continue to diversify, and regulatory expectations increase, organizations face growing pressure to maintain security, compliance, and operational accountability at scale.
- Traditional compliance and governance approaches often struggle to keep pace with modern infrastructure, leaving teams with fragmented visibility, manual processes, and growing audit burdens.
- Organizations need more than automation. They need continuous control, with the ability to connect policy, enforcement, remediation, and evidence across the environments they manage.
- Perforce Unified Compliance, available with Puppet Enterprise Advanced, extends Puppet's infrastructure automation foundation with continuous governance capabilities designed to help organizations maintain that control.
- The result is greater confidence that systems remain secure, compliant, auditable, and aligned with business objectives, even as change continues to accelerate.
Back to top
Infrastructure Governance in the AI Era
The rise of AI is reshaping far more than software development. It is influencing how infrastructure is deployed, how applications are tested, how data is managed, and how organizations maintain compliance across increasingly diverse technology landscapes. As enterprises embrace AI-driven workflows and operational models, the conversation is shifting from how quickly teams can move to how confidently they can maintain control while doing so.
That challenge sits at the heart of Perforce's broader vision for the AI-driven software delivery lifecycle, or AI-SDLC. Recent announcements around Perforce Agentic Gateway and Perforce Unified Compliance reflect a larger industry shift toward governing AI-driven operations. For infrastructure teams, that shift reinforces a reality they have experienced for years: maintaining control has become just as important as accelerating change.
Today's infrastructure environments span an increasingly diverse mix of technologies that continuously evolve. Maintaining them requires more than deployment speed. Organizations need confidence that infrastructure remains secure, compliant, cost-aware, and aligned with business objectives, regardless of where workloads run or how quickly they change.
For many infrastructure teams, the symptoms are already familiar. Unsupported operating systems create security and compliance concerns. Configuration drift introduces operational risk. Cloud costs continue to rise without clear visibility into utilization. Audit preparation remains heavily manual. Tool sprawl makes it difficult to establish a consistent view of infrastructure posture. At the same time, executives increasingly expect proof that policies are enforced, risks are understood, and compliance obligations can be demonstrated on demand.
As environments become more diverse and change more rapidly, these challenges are becoming harder to manage through disconnected processes and periodic reviews alone.
Back to topAutomation Solved One Problem. A New One Has Emerged.
Few would argue with the impact automation has had on infrastructure operations. The ability to define desired state, automate provisioning, standardize configurations, and reduce manual effort fundamentally changed how organizations build and manage technology.
Yet, many of the processes surrounding governance, compliance, and operational oversight have not evolved at the same pace. Teams still spend considerable time interpreting policies, validating compliance, investigating configuration drift, gathering audit evidence, reviewing infrastructure costs, and proving that operational practices align with business and regulatory expectations. Too often, these efforts occur after changes have been made rather than as part of the operational process itself.
That creates a gap between organizational intent and operational reality. Policies may be defined, standards may be documented, and controls may be expected, but organizations still need a reliable way to understand whether those expectations are consistently reflected across the environments they depend on.
It’s true that speed creates value, but only when accompanied by visibility, accountability, and control.
Back to topGovernance Can No Longer Be Solved One Domain at a Time
Infrastructure no longer exists in isolation from the rest of the technology ecosystem.
The same business processes that govern infrastructure increasingly intersect with software development, testing, security, data management, and AI-assisted workflows. A compliance issue discovered in production may originate from configuration drift, an application dependency, an untested change, a data governance concern, or a combination of factors spanning multiple teams.
Viewed through that lens, governance becomes an operational challenge that spans technologies, teams, and business processes.
Organizations need visibility across infrastructure, code, testing, and data, but visibility by itself rarely changes outcomes. Effective governance requires the ability to connect policy, enforcement, remediation, and evidence across the environments where work actually happens.
That broader reality helps explain the strategic direction emerging across Perforce. Perforce Agentic Gateway and Perforce Unified Compliance reflect a growing need to bring governance, policy enforcement, and operational accountability closer to the systems and workflows that power modern business. For infrastructure leaders, that broader story starts with the environments they manage every day.
Product
Meet Perforce Unified Compliance
Transform policy into continuously enforced controls across infrastructure, data, and code. With evidence at every step.
AI Raises the Stakes for Governance
AI promises to accelerate decision-making, streamline operations, and reduce manual effort across the technology stack. Those benefits are significant, but they also increase the importance of governance.
As AI-assisted workflows enable more rapid change, organizations need greater confidence that policies remain enforced, risks remain visible, and compliance obligations continue to be met. Faster infrastructure changes, increasingly dynamic environments, and growing regulatory scrutiny create additional pressure on teams responsible for maintaining operational control.
The answer is not to slow innovation. Nor is it to introduce additional layers of manual review that undermine the efficiencies AI can provide. The organizations that succeed will be those capable of combining automation with governance, enabling teams to move quickly while maintaining confidence that systems remain aligned with business, security, and compliance requirements.
That is especially important as the AI-SDLC continues to mature. AI-driven development, testing, infrastructure operations, and data workflows will require more than productivity gains. They will require reliable systems of control that help organizations understand what is happening, enforce the policies that matter, and produce evidence that decisions and changes can be defended.
Back to topRegulatory Accountability Is Raising the Bar
The need for stronger governance is not being driven by technology alone.
Across Europe and other regulated markets, organizations are facing a growing wave of requirements focused on resilience, accountability, auditability, risk management, and operational oversight. Regulations such as NIS2, DORA, the Cyber Resilience Act, and the Corporate Sustainability Due Diligence Directive (CSDDD) differ in scope and intent, but they point to a common reality: organizations are increasingly expected to demonstrate that policies are not only documented butoperationally enforced.
This is changing the nature of compliance conversations.
Historically, audit readiness was often treated as a periodic exercise focused on collecting evidence after the fact. Increasingly, organizations are being asked to demonstrate not only that policies exist, but that they are consistently applied, that violations can be identified and remediated, and that defensible evidence exists to explain what changed, why it changed, and how compliance gaps were addressed.
That distinction matters. A report that shows a compliance issue existed at a point in time is useful. A connected process that helps teams identify the issue, remediate it, re-check the environment, and retain evidence of the outcome is more valuable.
The challenge is particularly significant in modern environments that span operating systems, cloud platforms, Kubernetes clusters, network infrastructure, hybrid environments, and air-gapped systems. Compliance obligations do not stop at technology boundaries, and risk rarely exists in a single domain.
As a result, organizations are looking beyond traditional reporting tools toward approaches that connect policy, enforcement, remediation, and evidence into a continuous operational process. Audit readiness is becoming less about preparing forinspections and more about maintaining confidence that systems remain aligned with organizational requirements every day.
Back to topInfrastructure Is More Diverse Than Ever
The infrastructure landscape itself continues to evolve.
Most organizations operate a combination of cloud services, traditional virtual machines, operating systems, containerized workloads, Kubernetes platforms, network infrastructure, on-premises resources, and increasingly hybrid or air-gapped environments. These technologies are no longer managed as separate islands. They represent a single operational environment supporting critical business services.
Risk, however, does not respect technology boundaries.
A misconfiguration can be just as impactful in a Kubernetes cluster as it is on a virtual machine. A compliance requirement often applies regardless of whether a workload runs in a public cloud, private data center, or hybrid environment. An unsupported operating system can introduce exposure even when the surrounding architecture appears modern. Rising cloud costs can indicate resource sprawl, weak visibility, or inconsistent operational discipline.
For infrastructure teams, the challenge is not simply managing more technologies. It is maintaining a trustworthy operating model across all of them.
Back to topPuppet's Role Is Evolving Alongside Infrastructure
For much of its history, Puppet has been associated with configuration management. While that remains a core capability, the needs of modern infrastructure teams have expanded considerably.
Configuration management was never only about configuration. At enterprise scale, it was about establishing trusted, repeatable states across systems that could not be allowed to drift. Today, those same principles extend beyond individual servers and operating systems into a broader governance challenge that spans cloud resources, infrastructure cost, compliance posture, hybrid environments, modern application platforms, and AI-driven operations.
Perforce Unified Compliance builds on Puppet's infrastructure foundation by helping organizations move from point-in-time assessments toward a more continuous approach to governance and compliance. It supports the need to understand what infrastructure exists, evaluate whether systems align with policy, identify when conditions change, and connect compliance objectives to operational action.
For Puppet users, this is an important evolution. Puppet has long helped organizations define, enforce, and maintain desired infrastructure state. Unified Compliance extends that foundation into a broader model for continuous compliance, where infrastructure visibility, policy enforcement, remediation, and evidence are connected more directly to the way systems operate.
This matters because infrastructure remains one of the most concrete places where governance either succeeds or fails. Policies become real when they are translated into operational requirements. Compliance becomes defensible when teams can show that those requirements are being monitored, enforced, corrected, and evidenced over time.
Perforce Unified Compliance is part of that future. It leverages Puppet's strengths in infrastructure automation and desired state management while aligning those capabilities to the broader governance needs emerging across the AI-SDLC.
See it in Action
Puppet Enterprise Advanced
Want to implement Unified Compliance in your workflow? Learn how it integrates with Puppet Enterprise Advanced.
The Future Is Continuous Governance
As technology environments become more interconnected, infrastructure teams are increasingly being asked to answer four critical questions:
- What do we have?
- Is it operating as intended?
- What is the impact when something changes?
- Can we demonstrate compliance without launching a separate audit effort?
Those questions may sound straightforward, yet answering them consistently across infrastructure, applications, testing systems, data platforms, and AI-driven workflows remains one of the most significant operational challenges organizations face today.
This is where continuous governance begins to emerge as a strategic discipline rather than a compliance exercise. Security, resilience, operational efficiency, and regulatory alignment all depend on an organization's ability to continuously align technical execution with business intent.
For Puppet users, this moment represents something larger than the next step in infrastructure automation. It reflects the continued evolution of how organizations manage, secure, and govern increasingly diverse environments.
The infrastructure challenges facing enterprises today are fundamentally different from those of a decade ago. Cloud platforms, Kubernetes environments, AI-assisted operations, hybrid architectures, and expanding regulatory expectations have increased both opportunity and risk. Organizations need governance that is as scalable and adaptive as the systems it supports.
At the same time, infrastructure governance is only one chapter in a much larger transformation underway across the technology landscape. The same organizations responsible for infrastructure are also navigating software quality, AI oversight, test automation, data governance, compliance, and operational resilience. Increasingly, these priorities are converging into a single business requirement: ensuring innovation happens within trusted, accountable boundaries.
That broader vision is what makes this moment so significant. Puppet's evolution is part of a larger story unfolding across the Perforce portfolio, one focused on helping organizations govern the technologies, processes, and AI-driven workflows that power modern business. The future requires a more connected approach where policy, enforcement, remediation, and evidence work together across the software delivery lifecycle.
For infrastructure teams, this creates an opportunity to move beyond simply maintaining systems. It elevates their role as stewards of operational accountability, helping organizations establish confidence that technology remains secure, compliant, resilient, cost-aware, and aligned with business objectives even as change accelerates.
Puppet was built on the idea that infrastructure should be reliable, repeatable, and automated. Those principles remain as important as ever. The difference is that they now serve as the foundation for something bigger: continuous governance across the environments organizations depend on every day.
The future of infrastructure will be defined by the ability to combine innovation with control. Organizations need to move faster, but they also need confidence that governance, compliance, and operational accountability remain firmly in place.
That is the direction we see the industry heading. More importantly, it is the future we are actively building toward.
Back to topRelated Reading
Perforce Intelligence: Building the Control Plane for Enterprise AI