Operations | Monitoring | ITSM | DevOps | Cloud

Hello, Puppet friends! It’s been a few months since we rolled out the latest major version of the Puppet platform, bumping PuppetDB, Puppet Server and Puppet Agent to “7.0.0.” First, we’d like to extend our gratitude to our vibrant Puppet community, who helped us immensely in locating and fixing some annoying bugs that managed to sneak through the release. We promptly provided follow-up releases, so be sure to check out the latest available versions for your operating system.

YAML is a serialization language that was created in 2001, although it would take another few years before it became super popular. The acronym originally referred to Yet Another Markup Language but this was changed a few years later to YAML Ain’t Markup Language, to emphasize that developers should use it for storing data, instead of creating documents (like HTML or Markdown, for example).

Facter is a cross platform system profiling tool. It gathers nuggets of information about a system such as its hostname, IP address and operating system. We call these nuggets of information facts and they are used by other Puppet products like Puppet, Puppet Server and Bolt to make decisions in their automation process. You can extend Facter by writing custom facts or external facts and use them in Puppet manifests.

Misconfigured resources are a big contributor to compromised cloud security. If you have misconfigured Amazon S3 buckets, for example, malicious actors could access your data, then inappropriately or illegally distribute this private information, putting your company’s security at risk. Policies and regular best practices enforcement are key to reducing this security risk.

In the first post of this series, we provided guidance for managing the many facets of a compliance program — taming the “compliance beast.” While there are many factors to consider, I’d argue that none is more essential than a reliable means of enforcement.

Are you struggling to keep up with manual compliance across your infrastructure? In this 25-minute episode of the Pulling the Strings podcast, powered by Puppet, learn how Puppet Comply makes automating your configuration compliance easy -- with full view dashboards and the ability to assess, remediate and enforce all through the Puppet Enterprise solution. Listen in and discover:

Cloud environments are susceptible to security issues. A big contributor is misconfigured resources. Misconfigured S3 buckets are one example of a security risk that could expose your organization’s sensitive data to bad actors. Policies and regular enforcement of best practices are key to reducing this security risk. However, manually checking and enforcing security is time-consuming and can fall behind with all the demands a busy DevOps team faces every day.

Regulatory compliance is time-consuming and expensive. A recent survey of IT security professionals found that, on average, organizations must comply with 13 different regulations and spend an average of $3.5M annually on compliance activities, with audit-related activities consuming 232 person hours per year. With a team of five people, that adds up to 1.5 months a year devoted to audit-related activity. That’s a lot of hours that could have been spent on initiatives driving customer value.

Using the cloud reduces on-premises infrastructure costs and related maintenance. Instead of deploying more servers, storage, and networking components to your own datacenter, you are now deploying these as cloud resources. Using the cloud is supposed to reduce infrastructure and maintenance costs. However, deploying cloud resources also risks over-commissioning, under-usage, and keeping resources running that are not always needed or, even worse, no longer in use.

Come December, it’s traditional in the industry to meditate on emerging trends and make predictions about how these will shape the year to come. I have my fair share of prognostications for 2021, but I want to take this moment to reflect on a year that could never have been predicted.