Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Looking for feedback - Chef/Inspec

From: "Burns, Denis" <denis.burns () MED FSU EDU>
Date: Wed, 12 Dec 2018 14:37:49 +0000
Hello all,

Advanced apology:  Sorry if you see this multiple times.  I am posting this questions to H-ISAC, EDUCAUSE(security), 
and a AAMC(GIR) listserve for the widest audience possible.

We are looking into using Chef (https://www.chef.io/) across our infrastructure for moving to infrastructure as code 
for the automation benefits. Our environment is made up of predominately Windows Servers.  On top of that, I am looking 
at their Inspec tool (https://www.chef.io/inspec/) for security control reporting and compliance.

Some questions for the group (please answer any/all that you are willing to):

1)      Have you or your organization evaluated Chef or Inspec in the past and are you willing to share any thoughts?

2)      If you currently use Chef (with, or without) Inspec:

a.       How do you like it?  Give me your gut reaction...
b.       Did your sysadmins find it difficult to shift to infrastructure as code?
c.       Were the automation benefits realized?
d.       Were the benefits worth the resources expended?

e.       Has it been reliable inside your enterprise?

f.        Are you using it in a cloud, local, or hybrid environment?

g.       Any rollout pitfalls that you care to share?

h.       Have you created your own 'cookbooks' for other frameworks? (NIST, Cobit, etc.)

i.         Have you created your own 'cookbooks' based on legal requirements? (HIPAA, FERPA, etc.)

Thanks to everyone for any insight that you can share.

If desired, I will compile all of the responses and share them (anonymized/off-list) to anyone with a non-commercial 
EDU or healthcare/provider related email address.  Please let me know (off-list) if you would like the compiled summary 
of responses.

Best,
-denis

Denis Burns
Information Security and Privacy Officer - College of Medicine - Florida State University
(850) 644-3648 - denis.burns () med fsu edu<mailto:denis.burns () med fsu edu>
*** Be a cyberhero! Build a safe cyberspace at Florida State. ***
Beware of "phishing" attempts for your username, and password,  we will NEVER ask for your username and password in an 
email.
Think before you click!
Previous By Date Next
Previous By Thread Next

Current thread: