Misconfigured resources are a big contributor to compromised cloud security. If you have misconfigured Amazon S3 buckets, for example, malicious actors could access your data, then inappropriately or illegally distribute this private information, putting your company’s security at risk. Policies and regular best practices enforcement are key to reducing this security risk.

In the first post of this series, we provided guidance for managing the many facets of a compliance program — taming the “compliance beast.” While there are many factors to consider, I’d argue that none is more essential than a reliable means of enforcement.

Are you struggling to keep up with manual compliance across your infrastructure? In this 25-minute episode of the Pulling the Strings podcast, powered by Puppet, learn how Puppet Comply makes automating your configuration compliance easy -- with full view dashboards and the ability to assess, remediate and enforce all through the Puppet Enterprise solution. Listen in and discover:

Cloud environments are susceptible to security issues. A big contributor is misconfigured resources. Misconfigured S3 buckets are one example of a security risk that could expose your organization’s sensitive data to bad actors. Policies and regular enforcement of best practices are key to reducing this security risk. However, manually checking and enforcing security is time-consuming and can fall behind with all the demands a busy DevOps team faces every day.

Regulatory compliance is time-consuming and expensive. A recent survey of IT security professionals found that, on average, organizations must comply with 13 different regulations and spend an average of $3.5M annually on compliance activities, with audit-related activities consuming 232 person hours per year. With a team of five people, that adds up to 1.5 months a year devoted to audit-related activity. That’s a lot of hours that could have been spent on initiatives driving customer value.

Using the cloud reduces on-premises infrastructure costs and related maintenance. Instead of deploying more servers, storage, and networking components to your own datacenter, you are now deploying these as cloud resources. Using the cloud is supposed to reduce infrastructure and maintenance costs. However, deploying cloud resources also risks over-commissioning, under-usage, and keeping resources running that are not always needed or, even worse, no longer in use.

Come December, it’s traditional in the industry to meditate on emerging trends and make predictions about how these will shape the year to come. I have my fair share of prognostications for 2021, but I want to take this moment to reflect on a year that could never have been predicted.

Cloud environments are always susceptible to security issues. A significant contributor to this problem is misconfigured resources. Traditional IT Infrastructure was somewhat static; server hardware only changed every few years. With few changes occurring, security was also more static. The modern cloud environment is a much different challenge. In cloud environments, servers, services, and storage are created with automation, resulting in a dynamic and potentially ever-changing server environment.

As a result of the COVID-19 pandemic, the majority of companies (52%) say application development is a high priority initiative at their organization. But teams focused on building or improving apps face a number of bottlenecks — the three biggest of which are people, processes, and technology. Puppet and Pulse surveyed 200 IT executives to discover how modern technologies and processes are helping app development teams overcome common roadblocks and adapt quickly to the changing economy.