Adopting cloud-native technologies like containers and Kubernetes presents new compliance challenges. Organizations who rely on containerized workloads need to design in security and compliance from the start. These areas should be addressed starting in the development phase, with visibility and control all the way through to production.
The Fairwinds Insights Compliance Self-Assessment solution provides mappings to SOC 2, HIPAA and ISO27001, making the compliance scope around Kubernetes and containers easy to understand and implement.
K8s and Container Compliance
Understand your compliance stats actoss multiple clusters and compliance standards.
Kubernetes Guardrails for Security, Reliability, and Efficiency
Easily define policy and enforce Kubernetes compliance requirements across all clusters, from a single control plane.
Fairwinds differs from traditional compliance tools by focusing on Kubernetes and containers - and adding security controls throughout the development life cycle; including tooling for Infrastructure-as-Code (IaC) scanning, policy enforcement, vulnerability scanning and runtime threat detection.
More than compliance software, Insights is a full platform for security, cost optimization and policy enforcement. In one dashboard view, teams can gain SOC 2 compliance insights; assess security, app rightsizing and cost optimization; enforce policy and enable service ownership. DevOps teams no longer need to select multiple vendors to solve each problem.
“We use Fairwinds Insights, its Admission Controller and reporting to manage Kubernetes security and compliance at PagerDuty.”
Tristan Bates – Engineering Manager, PagerDuty
SOC 2 compliance for Kubernetes and containers
30+ Kubernetes-related questions that map to SOC 2 controls
Additional coverage for HIPAA and ISO27001
Tracked compliance status for each control
K8s configuration and compliance recommendations on meeting requirements
Controls for a number of SOC 2 requirements (e.g., vulnerability scanning) and a
PDF report that includes self-collected evidence
Detection on possible misconfigurations whether Insights is configured with the corresponding control - and provide automated verification
Policy enforcement
Built-in Kubernetes guardrails for secure configuration
Open Policy Agent (OPA) integration
Includes Admission Controller to deny deployments with privilege escalation enabled
Customizable policies to fit organizational needs
Example SOC 2 Common Criteria supported
CC 6.1: A component of CC 6.1 focuses on standardizing infrastructure configuration. With Fairwinds Insights, Kubernetes administrators can run multiple, automated vulnerability scanning tools to detect whether obvious security holes exist, and whether or not the cluster aligns with industry standards - like the CIS Kubernetes Benchmark.
CC 6.6: Part of CC 6.6 deals with vulnerability scanning of your infrastructure and application containers. Fairwinds Insights delivers runtime container scanning, as well as integrations in the CI/CD process.
Fairwinds Insights Compliance Self-Assessment for SOC 2
Automated verification to detect misconfiguration of workloads and meet specific controls
Automated evidence of SOC 2 compliance
See how Fairwinds Insights automates Kubernetes compliance
