Cloud security is a collection of procedures and technology designed to address external and internal threats to business security. The organization needs cloud security as it moves toward its digital transformation strategy and incorporates cloud-based tools and services as part of its infrastructure. Chef progress is the leading platform and the first provider certified by CIS for all the major cloud providers.
Chef Cloud Security allows you to scan, monitor, and remediate configuration issues in your multi-cloud accounts across on-prem and cloud-native environments. Maintaining and enforcing compliance with the standards-based audit is easier than ever. You can tune baselines to adapt to the organization’s requirements and maintain visibility and control across hybrid environments.
Chef Cloud Security provides visibility through streamlined audits, maintaining continuous compliance, CSPM and Cloud-Native security, and a coded approach.
You can set up Cloud solutions in Chef Automate in three simple steps.
To start, you first need to connect your cloud-native environment (AWS) to Chef Automate UI.
Note that the node's status should always be reachable when you save your integration.
The next step is to select the security profile you want to apply to your AWS node.
You can also upload any InSpec2 compatible profile, including inherited profiles, to Chef Automate with the upload button on the Profiles page. Uploads use either the “.tar.gz” or zip archive file formats.
With the profile selection and node integration completed, you need to create a scan job that will scan the selected cloud nodes based on the security profile.
You can also schedule the time and date for scanning your cloud environment.
Each control file from the security profiles goes through your cloud account and checks for misconfiguration based on benchmarks and best practices as per CIS. To check for the results of the scans.
You can find all the detailed passed/failed results of the scanned node.
Example of the passed test case
To ensure the S3 bucket that is used to store logs is not publicly accessible.
The InSpec code will run at the backend and check each S3 bucket and its permissions. If either bucket is declared public, the code will throw an error in the compliance scan. You can also check the source of the code which says the buckets should be private.
You can also get an overview of all the control files with their results under the “Controls” section of the reports tab.
You can download the compliance report as a CSV or in JSON format. Also, you can integrate any third-party tools like ServiceNow and Splunk within the Automate UI, where this data can be fed. In addition to all these features, Chef also provides APIs for external support.
Get more details of Chef End-to-End Cloud Security Management here.
Watch the Technical Demonstration here.