Chef Blogs

Slalom’s approach to breaking down silos between DevOps and Security Teams

Jamie Bright | Posted on | Chef InSpec | compliance | DevOps | learnchef | partners

Part Automation, Part Culture

When you think about your technology choices, its important to consider how those choices will impact the overall goals of the organization and not just one team. The tools you choose should reinforce the behaviors you want to see. Ultimately, this new way of working transforms your culture.

Slalom Consulting, a Chef Professional Services Partner, has adopted the CLAMS model (culture, lean, automation, monitoring, and sharing) as a best practice for successfully implementing IT automation tools as part of a DevOps transformation. We recently sat down with Waleed Bekheet, a consultant at Slalom, to learn more about how they’re helping clients get from idea to production. You can watch a recording of the interview below.

“If you just do automation, you’ll have some temporary success, and then you’ll fall back into your old ways. … When Chef Automate was released we saw Chef as a differentiator… we saw it as a tool that breaks silos as well as fixing technical problems.”  — Waleed Bekheet, Slalom Consulting

Chef Automate is an IT automation tool that provides a common language and flexibility for collaboration across teams. When you enable collaboration and continuous automation across your infrastructure and applications, you can deliver software faster, more efficiently, and with less risk.

Connecting DevOps and Security Teams

Chef Automate includes compliance profiles that follow CIS benchmarks. This flexible approach allows teams to focus on managing their specific implementation of compliance controls while leveraging Chef’s ongoing management of industry-wide standards as an upstream source.

During a recent cloud migration project, Slalom involved their client’s security officer early on. Getting the DevOps and security team speaking the same language with DevOps principles in mind allowed them to grow a security roadmap organically.

“That first time you turn the compliance report on … it’s definitely scary, right? But it provides clarity as well. It kind of puts all the cards on the table. And it brings those people to the table to talk about it.”

When compliance is code, you can integrate automated tests that check for adherence to policy into any stage of your deployment pipeline. With Chef Automate and InSpec, the client’s release wasn’t held up by the security officer for approval. It allowed the security team to focus on other projects and empowered the developers to continue collaborating with the InfoSec team.

 

Learn More