Kubernetes comes with a wide range of challenges, but for those in regulated industries or where companies want to differentiate, effective compliance is critical. Whether an organization needs to comply with SOC 2, CIS benchmark controls or PCI, codified policies drive proper Kubernetes governance, enabling
transparency and accountability while minimizing risk. These
specific policies can then be centralized and enforced across
Kubernetes clusters and applied to a dynamic, ever-changing
environment. This makes automated compliance possible
throughout the application life cycle as recommended through
the principles of DevSecOps.
This paper discusses SOC 2 compliance and Kubernetes. It
provides tips that Fairwinds learned from achieving SOC 2
compliance, including how Kubernetes governance software
can help your organization succeed in the cloud native world.
