Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Compliance in Cloud Native

Carol
November 24, 2020

Compliance in Cloud Native

Let's talk about security controls in Cloud Native environments, a checklist to comply with compliance such as ISO 27001, show tools that will help us in the security journey in the Kubernetes cluster.

Carol

November 24, 2020
Tweet

More Decks by Carol

Other Decks in Technology

Transcript

  1. A.10 Criptografia § Use of encryption (only TLS for public

    communication) § Key Management § Certs in Vault @krol_valencia
  2. A.12 Operations Security • Documented Operating Procedures • Event Logging

    • Management of Technical Vulnerabilities @krol_valencia
  3. A.12.5: Integrity of operational systems - Immutable Infrastructure • No

    SSH on workers • Build from scratch on every update - Rolling redeploy every week with newest K8s
  4. A.12.6: Technical Vulnerability Management - Explicit configured sync from selected

    public docker images only - Update Checker for system components - Planned: Container Image Scanning https://github.com/aquasecurity/trivy/ @krol_valencia
  5. A.17 Information Security Aspects of Business Continuity Management - High

    availability - Backup & Recovery https://banzaicloud.com/blog/etcd-multi/ @krol_valencia
  6. A.17 Information Security Aspects of Business Continuity Management - High

    availability - Backup & Recovery https://banzaicloud.com/blog/etcd-multi/ @krol_valencia
  7. CIS Benchmark - CIS Benchmark Linux - CIS Benchmark Docker

    - CIS Benchmark Kubernetes https://github.com/aquasecurity/kube-bench @krol_valencia
  8. References - KubeSec: https://kubesec.aquasec.com/enterprise_online_series - Iso 27001: https://www.isms.online/iso-27001 - Disaster

    Recovery: https://www.altoros.com/blog/enabling-high-availability-and-disaster- recovery-in-kubernetes - https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/get-started - Cryptografia - Casa Hacker: https://www.youtube.com/watch?v=9CoQpGt6aAg&feature=em-lbrm @krol_valencia