Compliance for Kubernetes Requires a Different Approach to Security
Modern applications are architected as microservices, running on containers, and automated by an orchestrator like Kubernetes. These workloads are dynamically orchestrated and the location and IP address are unpredictable. Traditional approaches to securing these environments are no longer effective and compliance data is no longer accurate.
Application Modernization Requires a Modern Approach to Security and Compliance
Zero-Trust Network Security
90% of traffic for traditional applications is North/South. Modern Applications on Kubernetes inverts this model with 90% of traffic generated East/West. This traffic must be monitored and secured. A zero-trust model is the optimal way to secure those applications.
Periodic or point-in-time audit data is not relevant for applications running on Kubernetes because they change every few minutes. All policy and network flow data must be logged with the containers, pods, and metadata that identifies each workload in order to demonstrate compliance for applications running on Kubernetes.
Visibility, Traceability, Remediation
Modern applications are assembled and run on Kubernetes using reusable and ephemeral workloads that constantly change location and IP address. Traditional flow logging does not work for these applications. The only accurate approach is to log traffic based on authenticated workload identity.
Multi-cloud and Legacy
Kubernetes based applications often need to communicate with a legacy backend. These environments are very difficult to secure without a policy framework that spans Kubernetes and legacy environments.