Organizations can implement one or more of the controls listed below to ensure that their containerized workloads are compliant:
Enable fine-grained access controls between your microservices and external resources such as databases, cloud services, APIs, and SaaS applications. Enforce controls using DNS egress policies. Leverage egress gateway to integrate with existing network firewalls and address limited IP address availability. (Details here)
Get a detailed view of vulnerabilities in build images, providing a first line of defense against bad actors. Use a purpose-built service graph to visualize workload dependencies and communication to identify security and compliance gaps, performance and connectivity issues, anomalous behavior, and security policy violations. (Details here)
Logically isolate workloads into distinct security segments and define granular security controls for each unique segment. (Details here)
Build, stage, preview, and deploy security policies with minimal effort. Create your own custom security policies or use policy tiering to apply policies based organizational structure. (Details here)
Make data unreadable to everyone except the legitimate key holder,
thus protecting sensitive data should a security breach occur. (Details here)
Use on-demand reports to demonstrate compliance. Get the ability to say with reasonable certainty whether the organization was in compliance—and have the documentation to prove it. (Details here)
Scan locally when needed and assign a pre-defined risk category (pass, fail, warn) to container images. Export the results to share with the team to improve the cloud-native application’s security posture. Integrate the image scanner in CI/CD pipeline for a streamlined security operation model. (Details here)
Note: Make sure to address all of the above points to ensure compliance.
Copyright ©2022 Tigera, Inc.