Achieve and Maintain Compliance for Containers and Kubernetes

achieve_frame

What are the steps to achieve and maintain compliance?

Organizations can implement one or more of the controls listed below to ensure that their containerized workloads are compliant:

Trusted workload communication

Zero-trust workload access controls

Enable fine-grained access controls between your microservices and external resources such as databases, cloud services, APIs, and SaaS applications. Enforce controls using DNS egress policies. Leverage egress gateway to integrate with existing network firewalls and address limited IP address availability. (Details here)

Cluster Visibility

Identify security and compliance gaps

Get a detailed view of vulnerabilities in build images, providing a first line of defense against bad actors. Use a purpose-built service graph to visualize workload dependencies and communication to identify security and compliance gaps, performance and connectivity issues, anomalous behavior, and security policy violations. (Details here)

Workload isolation

Microsegmentation

Logically isolate workloads into distinct security segments and define granular security controls for each unique segment. (Details here)

Controls and enforcement

Security policy lifecycle management

Build, stage, preview, and deploy security policies with minimal effort. Create your own custom security policies or use policy tiering to apply policies based organizational structure. (Details here)

Encryption

Data encryption

Make data unreadable to everyone except the legitimate key holder,
thus protecting sensitive data should a security breach occur. (Details here)

Reports

Compliance reports

Use on-demand reports to demonstrate compliance. Get the ability to say with reasonable certainty whether the organization was in compliance—and have the documentation to prove it. (Details here)

Identify security vulnerabilities and assign a risk ranking

Image Assurance

Scan locally when needed and assign a pre-defined risk category (pass, fail, warn) to container images. Export the results to share with the team to improve the cloud-native application’s security posture. Integrate the image scanner in CI/CD pipeline for a streamlined security operation model. (Details here)

Note: Make sure to address all of the above points to ensure compliance.

Copyright ©2022 Tigera, Inc.