Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
StackRox / Kubernetes Security Platform / 15 Sep 2020
StackRox / Kubernetes Security Platform / 15 Sep 2020
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Enforcing compliance policies in container and Kubernetes environments

Description

No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).

A

Let's get into the use case for compliance and specifically pci compliance, and I'm going to imagine a scenario where my cco's asked me to measure how we're doing and also has asked me to put some policies in place to help us I'm going to go to this pci standard that we see in the top left under the compliance dashboard and for this demonstration, I'm going to focus on two of the controls, 6.1 and 6.5.6, and we see that 6.1 is really about establishing a process to identify vulnerabilities specifically within any cluster namespace or system.

A

That's going to be transmitting cardholder data and it really talks about evaluating processes to rank these vulnerabilities and ways to actually enforce it in the environment to make sure we're not introducing any critical vulnerabilities to our payment systems and that's really what 6.5.6 has to do with as well. Now. Not only do we bring in the exact language of the control, but stackrocks has actually done the interpretation for you. So we've we've measured a control guidance for how this translates to kubernetes and we've.

A

Given you a process with policies to actually go ahead and introduce ways to increase these scores, so one of the things that I'm going to do is I'm going to go over to my policies and I'm going to take a fixable cvss greater than 7 policy, which is exactly what I want, because it's going to address anything that's critical and is going over risk score of 7 for cvss, and I'm going to go down to the scope, and I'm specifically going to put this in my production cluster and scope it to my payments namespace when I click next, I can see that this has to do with fixable cvds greater than seven based on my criteria.

A

Click next, I get a quick dry run of everything. That's violating this for my visa processor and my mastercard processor, and now I'm going to turn this on at the build in the deploy stage, and this will essentially fail any build in my pipelines.

A

If there are risks present as the control states and the deploy level will actually use the admission controller to fail that at the api server for kubernetes and reject anything. That goes so I'm going to rescan the environment now for pci and you'll, see I'm at 81 right now and now I'm at 83, and if I go down to those controls I see. 6.1 is now at 100 6.5.6, also at 100.

A

This is an example of how to successfully establish a policy to increase the compliance score for apci control. Thank you.