When it comes to audits, many organizations face a dilemma: how to decrease the time and effort spent while improving results? In preparation for an annual PCI audit, Carter McHugh, Executive Director of Agile Architecture at CSG International, decided to partner with Chef Software to automate their audit processes. As a result, CSG reduced audit time by 80% while improving their compliance with PCI requirements.
Like all enterprises, CSG has many snowflake servers in their environments. These snowflakes had deviated and their state was unknown, but there was no way to stop the business and do the clean up of server builds. With the audit looming, Carter wanted to leverage Chef’s continuous compliance capabilities while:
- Giving CSG’s multi-disciplinary management the visuals to see their audits running in production
- Grouping results by different characteristics
- Taking stock on what CSG had in place today
- Building a maintainable database of information that anyone – technical or not – could easily access
The creation of ACT
Carter set out to build the Asset Compliance Tracker (“ACT”). While Chef Automate continuously measured nodes for compliance to CSG’s audit specifications, ACT could take the aggregated compliance data from the Chef Automate platform and combine it with their business logic for actionable reports, like:
- An executive score card
- PCI compliance over time
- Application specific spread
- PCI score per area director
- Top offenders
This tool now provides extra reporting for CSG management teams. ACT augments Chef Automate, tags information and allows the end user to filter by owner, group, server, etc., and provides end users the visibility and data filters needed to complete their audits. (Watch Carter’s ChefConf 2018 presentation: Bid Farewell to “Compliance Theater” and Welcome Continuous Compliance)
Improve quality, reduce overhead
If you want to improve your audit quality and reduce your audit overhead, use Chef Automate to detect noncompliance, identify and prioritize issues, then quickly apply remediation across your entire fleet.
And now that CSG is open sourcing their tool, you can also connect Chef Automate’s compliance data to your business logic using ACT. Which directors have the most violations? Who are the top offenders over the past 24 hours? How does Chef Automate’s compliance data relate to your asset classifications? Go to GitHub and download ACT to find out! You can find the CSG ACT Tool at: http://bit.ly/csg-act
Learn more about Chef Automate for compliance audits: https://www.chef.io/solutions/compliance-audits/