Continuous Compliance

Meet compliance requirements and simplify audits with continuous compliance

Modern applications are dynamic, rendering periodic audits ineffective at demonstrating ongoing compliance

IT auditors need to see a network diagram, security policies, and proof that those policies are enforced. Microservices are dynamic and constantly changing, making it difficult to demonstrate that policies have been enforced.

Modern Workloads Need an Identity

Traditional applications can be identified by IP address and network location, these criteria are used to define network security policies. This model does not apply to modern applications. Modern applications are ephemeral; containers have an average lifespan of 3 days and exist in multiple locations. Periodic audits are unable to demonstrate historical compliance.

Compliance Requires Cross-Functional Collaboration

Compliance requirements span Applications, Infrastructure, and Networks. Each functional area must be involved in the definition and enforcement of security policies, however they don’t speak the same language. This causes confusion that delays application deployments.

Tigera Continuous Compliance

Tigera Continuous Compliance delivers the following critical capabilities.

Workload Identity

Workloads authenticate and authorize based on multiple attributes including network identity and cryptographic identity. This is equivalent to two-factor authentication for workloads. All network flows are logged with workload identity and metadata information to demonstrate compliance to security policies.

Tiered Security Policies

Security policies are tiered, enabling enterprise teams to collaborate without stepping on each other’s toes. The infosec team may create policies preventing access to non-export countries and known bad actors. The networking team may prevent access between production and development nodes. The platform team may restrict access to their management consoles and APIs. The application teams define which services have access to other services URLs and HTTP Methods.

Compliance Dashboard and Reporting

Simplifies the process required to meet key security controls required by PCI, SOC 2, internal and other certifications and frameworks. Generate evidence reports required by auditors to meet internal and regulatory compliance requirements. Provides high-level and drill-down reports that filters to in-scope workloads.