Skip nav

Puppet Launches Turnkey Policy-as-Code Compliance Enforcement Modules

by 2023, 60 percent of organizations in regulated verticals will have integrated compliance as code into their DevOps toolchains

Puppet Launches Turnkey Policy-as-Code Compliance Enforcement Modules
Latest release helps companies comply to security standards and regulations as security threats and industry regulations grow exponentially

PORTLAND, Ore., Oct. 5, 2021 — Puppet, the industry standard for infrastructure automation, at Puppetize Digital 2021 launched Compliance Enforcement Modules to provide customers with turnkey compliance remediation and enforcement of policy-as-code directly aligned to Center for Internet Security Benchmarks (CIS) for both Windows and Linux. The Compliance Enforcement Modules will be bundled into Puppet Comply, which works with Puppet Enterprise to assess, remediate, and enforce infrastructure configuration compliance policies at scale across traditional and cloud environments.

With more new vulnerabilities reported in 2020 than in any year in history and an increased focus on industry regulatory standards that harden images and fortify security, there is a heightened focus on maintaining infrastructure security compliance across environments. Failure to comply with regulatory standards can lead to failed audits or risk assessments, putting an organization at risk of everything from lost business to exorbitant fines. The ability to automate the security compliance process to drive increased visibility and quick remediation is a top priority for companies within highly regulated environments or those that are experiencing increased attacks.

“Continuous changes in the technology and threat landscape drive organizations’ security and risk program evolution, which goes hand-in-hand with the importance of proper policy and governance,” said Jim Mercer, Research Director, DevOps & DevSecOps, IDC. “Ensuring infrastructure is secure is essential in today’s world and is building to be a higher priority for organizations at large.”

With the latest investments and innovations from Puppet, Puppet Comply customers can now more quickly identify the cause and source of compliance failures and determine the correct configuration changes within minutes rather than weeks. According to Gartner®, “by 2023, 60 percent of organizations in regulated verticals will have integrated compliance as code into their DevOps toolchains,improving their lead time by at least 20 percent.”[1]

“The need to automate policy and governance to manage infrastructure helps the infrastructure and operations team break free from reactive processes and puts them at the center of understanding what is out of compliance and how to fix it more easily and quickly,” said Abby Kearns, CTO of Puppet. “We’ve been developing solutions and technology in this space alongside our customers to help address current and future needs. This is a huge opportunity for us to help our customers get more time back and address the increased risks they face as security and compliance requirements become more complex, demanding, and sophisticated.”

The Compliance Enforcement Modules are part of Puppet’s continued investment to codify the processes of bringing infrastructure into compliance to help operators:
● Decrease the financial and security risk associated with non-compliance.
● Increase organization-wide visibility into compliance status and predictability of resolution.
● Reduce the time and resources needed to interpret scans, remediate compliance failures, and prepare for audits.
● Increase the percentage of infrastructure that is fully compliant.

CEM is available today for all Puppet Comply customers. To learn how to continuously enforce compliance to maintain infrastructure security compliance and prepare for audits with less overhead and manual work, please visit the website here.

Additional Resources
● Learn more about Puppet
● Follow Puppet on Twitter and LinkedIn
● Read our blog


1] Gartner, [“Innovation Insight for Continuous Compliance Automation,” Daniel Betts, et al August 11, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission.

About Puppet
Puppet helps enterprises modernize and manage their infrastructure with the solutions to automate anywhere, reliably scale, and integrate compliance and security across hybrid infrastructure. More than 40,000 organizations — including more than 80 percent of the Global 5000 — have benefited from Puppet’s open source and commercial solutions to ensure business continuity, optimize costs, boost compliance and ensure security, all while accelerating the adoption of DevOps practices and delivery of self-service. Headquartered in Portland, Oregon, Puppet is a privately held company with offices in London, Belfast, Singapore, Sydney and Timișoara. Learn more at puppet.com.

Media Contact
Martha de Monclin
martha@bijoupr.com
T: 0777 168 2434

###