Adopting cloud-native technologies like containers and Kubernetes presents new compliance challenges. Since containers are ephemeral in nature, determining if an environment is compliant can be tricky. The dynamic qualities of Kubernetes can also create problems when organizations try to implement governance and compliance measures.
Fairwinds Insights provides mappings to several industry compliance and security standards, with scope around Kubernetes and containers that is easy to understand and implement.
SOC 2: Systems and Organizations Controls (SOC 2) audit reports focus on a Service Organization's non-financial reporting controls as they relate to the security of a system. Based on the American Institute of Certified Public Accountants’ Trust Service Criteria, SOC 2 is intended to provide information that users need to assess and address the risks associated with service providers. It helps to ensure customer data is secure and organizations are complying with the latest in cybersecurity standards.
Health Insurance Portability and Accountability Act (HIPAA): The HIPAA Security Rule establishes national standards to protect individuals' electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.
ISO27001: ISO27001 is an international standard for information security management systems (ISMS). The ISO27001 standard provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining, and continually improving an information security management system.
NSA Hardening Guide: The Kubernetes Hardening Guide published by the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) provides comprehensive guidance to protect Kubernetes systems against security compromises. This guide provides recommendations to help teams adopt a strong defense-in-depth approach for their Kubernetes environments.
The newest addition to Fairwinds Insights’ Compliance offering is automated evidence collection for numerous checks across all of the above standards, making it faster and easier for teams to generate findings and measure their posture against industry best practices.
The automated checks generate a Pass or Fail result based on data collection and analysis in Insights. In the event of a failed check, the Action Items associated with failed resources serve as evidence and pinpoint where teams should take immediate action. Evidence can be “re-run” at any time to update findings. If you’d like to retain self-assessment instead of using automated evidence collection, the check can be set to the pre-existing functionality.
With automated compliance evidence gathering for many guidelines, you can spend less time reviewing risks and more time mitigating them — and demonstrating good security hygiene.
This new automated compliance evidence collection in Fairwinds Insights can help you track your progress on aligning your Kubernetes environment with compliance guidance. If you want to see how Fairwinds Insights can help you in your compliance journey but you are not currently a Fairwinds Insights customer, try our free tier for environments up to 20 nodes, two clusters, and one repo. (Not sure how to get started? This post walks you through the simple process.) If you are already a Fairwinds Insights user, log in to the user interface (UI) and click on the Compliance section to get started on your report so you can begin remediating any issues.
