Compliance

In the spectrum of deployment options available for cloud native applications, the most widely used option, at least presently, is running containers on VMs that use the Linux operating system (or less frequently, bare-metal servers running Linux).

One of the challenges organizations have in using cloud native technologies is in figuring out how compliance requirements translate into actionable control points. Most regulations predate containers and serverless technologies and don’t have specific articles governing the use of such technologies.

We recently …

Since the second half of 2017, Kubernetes has been gaining momentum in adoption as well as in its ecosystem support. We see more and more enterprises choosing Kubernetes for the orchestration of their cloud native deployments. This is in no small part thanks to the many enterprise-grade features added in versions 1.8 …

The General Data Protection Regulation (GDPR), set to replace the European Data Protection Directive 95/46/EC, comes into effect in May 2018. GDPR is intended to protect the privacy of EU citizens, and give regulatory bodies the power to act against non-compliant organizations. It affects member states in the EU, but …

Securing software supply chains requires strong governance and rich data, both to help ensure that only approved components are executed on production machines.

The term Personally Identifiable Information (PII) will be familiar to organizations who are required to comply with regulatory standards such as PCI-DSS.

NIST Special Publication 800-122[4] defines PII as "any information about an individual maintained by an agency, including (1) any information that can be used to …

The PCI Data Security Standard is no news. Any entity that collects, holds or processes credit card information is obliged by this standard. What is new is the adoption of containers for production applications that may directly impact PCI compliance. With a 40% increase in Docker adoption in one year, containers …

The Center for Internet Security provides a number of guidelines and benchmark tests for best practices in securing your code. As Michael Cherny recently described, the CIS has recently published a benchmark for Kubernetes, and now we’re pleased to tell you about our new open source implementation of these tests: …

Since 1996, the HIPAA act has mandated how personal health information (PHI) should be secured and protected from prying eyes. HIPAA requirements changed how companies in the healthcare industry treat patient data, as well as the processes governing it, the applications that handle it, and the infrastructure that runs …

Security is the enterprise’s foremost concern on its way to production adoption of container technology. However, security is never a one-off deal, and in the context of the still nascent container technology that’s especially true.