We are excited to announce the release of Compliant Kubernetes 21-03. Among the most exciting features are dashboards for backup, capacity management, intrusion detection and use of cryptography.
New CISO Dashboards
Compliance is not only about drafting the right policies, but also about monitoring that they are effectively enforced. Auditing regularly is what makes the difference between a superficial compliance program and an effective one. It allows you to prove not only to your regulators, but also to yourself, that your organization as a whole complies with its own policies. How else could a Chief Information Security Officer sleep well at night?
The dashboards are implemented on top of Grafana, an open-source battle-tested solution for visualizing IT infrastructures.
The backup dashboard shows you when various cluster components were last backed up. Let’s say your disaster recovery policy requires daily backups. If a backup was taken 4 hours ago, then all is green, nothing to worry about. On the other hand, if backup information is missing or not fresh enough, that is definitely something to investigate right now. When it comes to backups, failure to prepare is preparing to fail.
Intrusion Detection Dashboard
Compliant Kubernetes ships with Falco for intrusion detection. It essentially monitors all application code — or Pods — for suspicious activity. For example, if a Pod makes an outbound SSH connection, you should definitely ask the owner of the Pod if that is intended. Otherwise, such activities are strong indicators of an ongoing security attack.
Capacity Management Dashboard
The capacity management dashboard allows you to prevent system downtime due to your Kubernetes clusters running out of capacity. This can happen either due to a node failing, which reduces overall capacity. Or perhaps a misconfiguration, such as a missing CPU request. Or, hopefully, because your application is now more popular and additional capacity needs to be provisioned. The dashboard allows you to find the cause of capacity issues and fix them, before they become a problem.
Use of Cryptography
Finally, the use of cryptography dashboard allows you to check that TLS certificates are properly rotated and are not expired. Seeing spooky TLS errors is not a good way to build trust with your customers.
Documentation for Regulations and ISO 27000
All dashboards are accompanied by documentation that clarify what are the relevant regulations they facilitate compliance with, what ISO 27000 controls they map to and how to handle potential compliance violations.