Despite months of wake-up calls to cloud storage administrators about the consequences of insecure storage buckets lost in the shuffle, we keep hearing about companies inadvertently exposing sensitive data to the public internet. The latest version of Chef’s InSpec open-source project hopes to give those admins another preventative tool.
InSpec 2.0, released Monday, helps software development organizations imbue security principles at all stages of the software development process, as opposed to tacking on a security review at the end once everything is done. The latest version addresses, in part, the rash of unprotected storage buckets on Amazon Web Services’ S3 storage service, caused by administrators disabling security features or forgetting to close storage holes.
There can be valid reasons to temporarily disable security features on some storage buckets in the name of increased performance. But the average cloud storage user probably has lots of buckets to manage, and when it becomes time to close up shop, some buckets can get lost in the shuffle. Products like InSpec allow users to examine their cloud environment (AWS and Azure are supported with this release) and identify problematic configurations, making it easier to find and solve problems before they spiral out of control.
InSpec 2.0 also adds support for checking configuration statuses within other environments, such as Docker, web servers, and databases like PostgreSQL and MySQL. Users interested in taking it for a test drive can find more information here.
InSpec is one of three open-source projects supported by Seattle’s Chef, alongside the flagship Chef project and Habitat. Like many enterprise technology startups, Chef is banking on attracting users of those projects to its commercial product, Chef Automate, which helps companies deploy applications across cloud services and on-premises infrastructure.