Every operating system has its quirks, and Linux security is no different. Whether you’re on Team Penguin or running mostly Windows boxes (or a bit of both), you’ll need to take different steps to manage security on different OSes. Like any OS, Linux security comes with its own peculiarities, pitfalls, and best practices.

It's expensive when you don't comply with the General Data Protection Regulation (GDPR) controls — take for example the €310 million fine (equivalent to $335 million dollars) that LinkedIn received from the GDPR. In this case, they shared users’ personal data for targeted advertising and behavioural analyses, without asking for user consent. Can you afford €310 million? It might be time to automate GDPR controls for 24/7 compliance.

In early 2025, Puppet will begin to ship any new binaries and packages developed by our team to a private, hardened, and controlled location. Our intention with this change is not to limit community access to Puppet source code, but to address the growing risk of vulnerabilities across all software applications today while continuing to provide the security, support, and stability our customers deserve.

Developer self-service can sound like a dream: A platform that developers can use to freely develop — unburdened by sprawling IT, tools they shouldn’t need to know how to use, and tickets that take forever to complete. But in DevOps, self-service is becoming a differentiator for organizations with growth goals, widening skill gaps, a need for visibility, or just an appetite for better DevOps efficiency.

A lot has changed for the National Institute of Standards and Technology NIST Framework since 2013, when former President Barack Obama signed Executive Order 13636 that directed the Executive Branch to: Since the creation of the NIST framework, we’ve seen an evolution in sophisticated cyberattacks on the rise with new challenges like AI.

In software development, even common IT operations tasks require specialized skills. Collaboration between specialized teams is the driving force of DevOps, more than any tooling or workflow. But self-service automation becomes valuable when common, routine tasks and processes start to restrict developers and burden operations teams.

The compliance landscape for organisations in the European Union (EU) is heating up again — this time with the second landmark Network and Information Security (NIS2) Directive, set to take effect on 17 October 2024. But what does NIS2 compliance entail? What's the difference between the original NIS1 vs. NIS2? Who needs to comply with NIS2, and what are the penalties for not complying with the new directive?

You probably used multi-factor authentication (MFA) to access the device you’re using right now. Maybe your phone scanned your face or fingerprint to unlock. Maybe you got a text with a verification code while logging into your work browser profile. Configuring MFA is a go-to measure for system hardening, but MFA enforcement can get unruly, especially at the scale required by enterprise IT.

Zero Trust adoption is critical, especially for U.S. government agencies. With changing policies and requirements, it can be tough to stay ahead of everything you need to know. We’ll provide a high-level overview of Zero Trust adoption + share how automation can help you achieve compliance.

Modernizing your IT infrastructure for FedRAMP certification is a complex journey — legacy systems, tight budgets, and the looming shadow of compliance can feel overwhelming. It doesn’t have to be that way: we're here to simplify the process and help you navigate the mandatory steps toward certification.