Chef Blogs

How CSG Decreased Audit Times by 80% Through Automation

Eric Calabretta Sam Danyal | Posted on | Chef InSpec | community | compliance | customers

When it comes to audits, many organizations face a dilemma: how to decrease the time and effort spent while improving results? In preparation for an annual PCI audit, Carter McHugh, Executive Director of Agile Architecture at CSG International, decided to partner with Chef Software to automate their audit processes. As a result, CSG reduced audit time by 80% while improving their compliance with PCI requirements

Like all enterprises, CSG has many snowflake servers in their environments. These snowflakes had deviated and their state was unknown, but there was no way to stop the business and do the clean up of server builds. With the audit looming, Carter wanted to leverage Chef’s continuous compliance capabilities while:

  • Giving CSG’s multi-disciplinary management the visuals to see their audits running in production
  • Grouping results by different characteristics
  • Taking stock on what CSG had in place today
  • Building a maintainable database of information that anyone – technical or not – could easily access

The creation of ACT

Carter set out to build the Asset Compliance Tracker (“ACT”). While Chef Automate continuously measured nodes for compliance to CSG’s audit specifications, ACT could take the aggregated compliance data from the Chef Automate platform and combine it with their business logic for actionable reports, like:

  • An executive score card
  • PCI compliance over time
  • Application specific spread
  • PCI score per area director
  • Top offenders

This tool now provides extra reporting for CSG management teams. ACT augments Chef Automate, tags information and allows the end user to filter by owner, group, server, etc., and provides end users the visibility and data filters needed to complete their audits.  (Watch Carter’s ChefConf 2018 presentation: Bid Farewell to “Compliance Theater” and Welcome Continuous Compliance)

Improve quality, reduce overhead

If you want to improve your audit quality and reduce your audit overhead, use Chef Automate to detect noncompliance, identify and prioritize issues, then quickly apply remediation across your entire fleet.

And now that CSG is open sourcing their tool, you can also connect Chef Automate’s compliance data to your business logic using ACT. Which directors have the most violations? Who are the top offenders over the past 24 hours? How does Chef Automate’s compliance data relate to your asset classifications? Go to GitHub and download ACT to find out! You can find the CSG ACT Tool at: http://bit.ly/csg-act

Learn more about Chef Automate for compliance audits: https://www.chef.io/solutions/compliance-audits/