Operations | Monitoring | ITSM | DevOps | Cloud

Compliance

Learn how to comply now before your next audit

Are you struggling to keep up with manual compliance across your infrastructure? In this 25-minute episode of the Pulling the Strings podcast, powered by Puppet, learn how Puppet Comply makes automating your configuration compliance easy -- with full view dashboards and the ability to assess, remediate and enforce all through the Puppet Enterprise solution. Listen in and discover:

Taming the compliance beast: achieve efficiency & reliability at scale

Regulatory compliance is time-consuming and expensive. A recent survey of IT security professionals found that, on average, organizations must comply with 13 different regulations and spend an average of $3.5M annually on compliance activities, with audit-related activities consuming 232 person hours per year. With a team of five people, that adds up to 1.5 months a year devoted to audit-related activity. That’s a lot of hours that could have been spent on initiatives driving customer value.

Best practices for monitoring authentication logs

If you are running a user-facing web application, you likely implement some form of authentication flow to allow users to log in securely. You may even use multiple systems and methods for different purposes or separate groups of users. For example, employees might use OAuth-based authentication managed by a company-provided Google account to log in to internal services while customers can use a username and password system or their own Google credentials.

Integrate Datadog Compliance Monitoring with your AWS Well-Architected workloads

Many of our customers rely on the Amazon Web Services (AWS) Well-Architected Framework as a guide to build safe, secure, and performant applications in the cloud. AWS offers the Well-Architected Review (WAR) Tool as a centralized way to track and trend adherence to Well-Architected best practices. It allows users to define workloads and answer a set of questions regarding operational excellence, security, reliability, performance efficiency, and cost optimization.

Puppet's journey into Continuous Compliance

During my tenure at Puppet, I’ve learned that almost everything we do is focused on two things — eliminating soul-crushing work, and the never-ending desire to solve really hard customer problems. Couple those with the positive and energetic attitude of the Puppet team, and we’re bound to have a profound impact on our customers. Maybe I’ve had too much Kool-Aid?

SOC 2 compliance for containers and Kubernetes security

This article contains useful tips to implement SOC 2 compliance for containers and Kubernetes. The Service Organization Controls (SOC) reports are the primary way that service organizations provide evidence of how effective their controls are for finance (SOC 1) or securing customer data (SOC 2, SOC 3). These reports are issued by the American Institute of Certified Public Accountants (AICPA).

How to build a risk-informed business

At the advent of the pandemic, how prepared was your organization to support customers and employees? Or to continue delivering critical products and services? How adaptable and effective was its technology, workforce, and supply chain? As the COVID era has shown, resilience can’t be summoned overnight. It requires business and technology transformation.

Event Log Management for Security and Compliance

Security log management is the process of collecting, storing, and correlating the network data that details all activity in your systems and networks. Every action in an organization’s network generates event data, including records produced by operating systems, applications, devices, and users. The Center for Internet Security (CIS) identifies log management as a basic control for detecting malicious actors and software hiding in networks and on machines.

VMware Tanzu Mission Control Achieves ISO/IEC 27001, SOC 2 Type 1, and CSA Star Certifications

Security and data breaches continue to be among the top concerns of organizations around the world. As a SaaS provider, we always make the information security of our customers our top consideration and build service and the operational controls around it, all while striving to adhere to the best security practices the industry has established.