Enterprise Control and Continuous Compliance
Meet compliance requirements and simplify audits with continuous compliance
Modern applications are dynamic, rendering periodic audits ineffective at demonstrating ongoing compliance
IT auditors need to see a network diagram, security policies, and proof that those policies are enforced. Microservices are dynamic and constantly changing, making it difficult to demonstrate that policies have been enforced.
Modern Workloads Need an Identity
Traditional applications can be identified by IP address and network location, these criteria are used to define network security policies. This model does not apply to modern applications. Modern applications are ephemeral; containers have an average lifespan of 3 days and exist in multiple locations. Periodic audits are unable to demonstrate historical compliance.
Compliance Requires Cross-Functional Collaboration
Compliance requirements span Applications, Infrastructure, and Networks. Each functional area must be involved in the definition and enforcement of security policies, however they don’t speak the same language. This causes confusion that delays application deployments.
Tigera Enterprise Control & Continuous Compliance
Tigera Enterprise Control & Continuous Compliance delivers the following critical capabilities.
Workloads authenticate and authorize based on multiple attributes including network identity and cryptographic identity. This is equivalent to two-factor authentication for workloads. All network flows are logged with workload identity and metadata information to demonstrate compliance to security policies.
Tiered Security Policies
Security policies are tiered, enabling enterprise teams to collaborate without stepping on each other’s toes. The infosec team may create policies preventing access to non-export countries and known bad actors. The networking team may prevent access between production and development nodes. The platform team may restrict access to their management consoles and APIs. The application teams define which services have access to other services URLs and HTTP Methods.