We are proud to announce the release of Compliant Kubernetes 21-03.2, our second release in March. Among the most exciting features are dashboards for auditing Kubernetes network policies.
Network Policies: A tool to defend against data breaches
Data breaches are on the rise. Given the HIPAA Breach Notification rule, a healthy security diet can reduce the risk of bad PR and heavy fines. If you are an entity regulated by HIPAA, then you must ensure your user’s privacy, or you’ll face crippling fines and bad PR. And as the saying goes, it is impossible to have privacy without good security.
Okay, so what exactly do I need to do to be “secure”? Fortunately, the US National Institute of Standards and Technology issued a special publication on “Application Container Security”. One key ingredient is to segment your IT systems into “zones”, with clear rules on how zones are allowed to communicate. In Kubernetes, we achieve this via NetworkPolicies.
But a diligent Security Officer will not only ensure proper segmentation, they will also check for suspicious traffic that tries to escape its zone.
The new Compliant Kubernetes Network Policy dashboard allows you to do just that.
Documentation for Regulations and ISO 27000
As with all the other dashboards, the NetworkPolicy dashboard is accompanied by documentation which clarifies what are the relevant regulations to facilitate compliance with, what ISO 27000 controls it maps to and how to handle potential compliance violations.