Audit and Compliance

Continuously monitor and enforce compliance controls, easily create custom reports for audit

 

Overview

Most businesses are subject to corporate and/or regulatory compliance requirements. From an operational perspective, this may involve isolation of workloads containing sensitive data, or restricting who is allowed to access specific resources. There may also be requirements to implement access control frameworks such as security zones (e.g. trusted, untrusted, and DMZ). Even more advanced controls are sometimes needed, like building a moat around PCI-DSS workloads, or logging all HIPAA data transactions.

Auditors need proof that you are enforcing these controls, but capturing the information required to show proof can be challenging, especially in a dynamic, distributed Kubernetes environment where workloads are ephemeral. For example, auditors will want to know what security controls are currently implemented, whether control changes be detected, and if compliance be verified for any given day and time. Calico continuously monitors your Kubernetes environment for compliance and retains a daily history of your compliance status. Calico also includes predefined compliance report formats, as well as a resource for creating customized reports.

Benefits

Automate and Simplify

Automates and simplifies compliance monitoring, enforcement, and audit by tracking all policy changes and retaining a daily history of your compliance status

Audit and Report

Enables you to easily access audit reports showing the network security rules in place, in order to demonstrate proof of compliance for your security team and auditors

Maintain Compliance

Helps DevSecOps teams maintain the security posture needed to meet compliance requirements mandated by legislation including PCI, SOC2, HIPAA, GDPR and more

Capabilities

Creating and Viewing Compliance Policies

  • Calico includes a web-based GUI that visually describes the security policies and compliance controls in place, in an easy-to-understand policy dashboard.
  • Calico compliance policies are Kubernetes-native and based on metadata and labels—not IP addresses—making them simple, scalable, and easy to enforce in the cluster environment.

Policy Monitoring

  • Calico includes a web-based GUI that visually describes the security policies and compliance controls in place, in an easy-to-understand policy dashboard.
  • Calico compliance policies are Kubernetes-native and based on metadata and labels—not IP addresses—making them simple, scalable, and easy to create and enforce in the cluster environment.

Compliance Reporting

  • Calico includes a GlobalReport resource that can be used to define custom compliance reports. Pre-defined compliance report formats are also included.
  • Calico runs reports on demand, and defaults to daily runs. A history of all reports is maintained so you can view the compliance status of your cluster for any point in time.
  • All compliance data can be exported as spreadsheets that are ready for auditor review

How It Works

 

Auditors need proof that you are enforcing these controls, but capturing the information required to show proof can be challenging—especially in a dynamic, distributed Kubernetes environment where workloads are ephemeral. Calico automates and simplifies compliance monitoring, enforcement, and audit, by tracking all policy changes and retaining a daily history of your compliance status.

Resources

Blog

Learn More

Free eBook

Learn More

Documentation

Learn More