Zero-Trust for Cloud-Native Workloads Maturity Assessment

Do you regularly scan your container images for vulnerabilities, threats, and misconfigurations before they are deployed?

Do you use an automated system that blocks the deployment of images that fail the security test?

Do you assess the configuration of your Kubernetes environment against industry benchmarks, such as CIS?

Do you follow security standards while providing access to critical Kubernetes resources such as api-server and etcd?

Do you encrypt all data in transit using certificates?

Do you manually configure the encryption service provider for data?

Do you configure security policies for your workloads prior to deploying them to production?

How do you specify your security policies?

Does your security tool’s policy engine let you review, stage, and preview security policies before deployment?

Do you have any of the following threat detection and mitigation tools for workload security?

select all that apply

Does your web application firewall (WAF) operate at the workload level and have protection and visibility into east-west traffic?

What is your current strategy on unknown threats?

What type of egress access controls do you have in place for zero-trust workload access?

select all that apply

Do you follow best practices for label selectors while configuring security policies?

Have you segmented your workloads based on workload identity?

Do you have pod-level, granular policy-creation capabilities?

Do you provide role-based views for policies based on application and location?

Are you able to microsegment your policies based on any of the following?

Choose all that apply

Do you have a security policy recommender for creating policies?

Does your platform team have access to application-level observability?

What level of automation does the security team have, to automate simple tasks related to threat mitigation and reducing false positives?