Zero-Trust for Cloud-Native Workloads Maturity Assessment

This survey will help you understand what you are missing and guide you through what is required to successfully start and continuously improve your security posture for zero-trust workloads

Take the Quiz Now

Build-time considerations:

Question 1/21

Do you regularly scan your container images for vulnerabilities, threats, and misconfigurations before they are deployed?

Question 2/21

Do you use an automated system that blocks the deployment of images that fail the security test?

Deploy-time considerations:

Question 3/21

Do you assess the configuration of your Kubernetes environment against industry benchmarks, such as CIS?

Question 4/21

Do you follow security standards while providing access to critical Kubernetes resources such as api-server and etcd?

Question 5/21

Do you encrypt all data in transit using certificates?

Question 6/21

Do you manually configure the encryption service provider for data?

Question 7/21

Do you configure security policies for your workloads prior to deploying them to production?

Question 8/21

How do you specify your security policies?

Question 9/21

Does your security tool’s policy engine let you review, stage, and preview security policies before deployment?

Runtime security considerations:

Question 10/21

Do you have any of the following threat detection and mitigation tools for workload security?

select all that apply

Question 11/21

Does your web application firewall (WAF) operate at the workload level and have protection and visibility into east-west traffic?

Question 12/21

What is your current strategy on unknown threats?

Question 13/21

What type of egress access controls do you have in place for zero-trust workload access?

select all that apply

Question 14/21

Do you follow best practices for label selectors while configuring security policies?

Question 15/21

Have you segmented your workloads based on workload identity?

Question 16/21

Do you have pod-level, granular policy-creation capabilities?

Question 17/21

Do you provide role-based views for policies based on application and location?

Question 18/21

Are you able to microsegment your policies based on any of the following?

Choose all that apply

Question 19/21

Do you have a security policy recommender for creating policies?

Question 20/21

Does your platform team have access to application-level observability?

Question 21/21

What level of automation does the security team have, to automate simple tasks related to threat mitigation and reducing false positives?


Your zero-trust assessment score:


Your security posture for zero trust:

Download the complete zero-trust recommendation guide today