Know what is going on in the container - legally compliant Kubernetes operation

Can we ensure that the applications running on container infrastructures are actually compliant, i.e. meet the requirements of ISO 270001, GDPR and industry-specific requirements such as PCI-DSS? An important challenge for data protectionists, IT managers and the management of companies that rely on cloud computing. With Elastisys Compliant Kubernetes, A1 Digital relies on the solution of a strong partner.

First, a quick look at the basics: Applications that run encapsulated and self-sufficiently in a container and draw resources from a underlying physical platform from which they are largely independent. Just like real containers, you can move them from one physical platform to another. That's the idea behind Kubernetes. This open-source technology to automate the deployment, scaling, and management of container applications is undoubtedly complex, but it's worth it. At A1 Digital, we are convinced of the advantages Kubernetes offers. And we want to make it as easy as possible for companies to use the technology.

Are all containers safe and compliant?

How can we know – and ensure – that only exactly those things happen in containers that are allowed to happen, for example that personal data is not lost or stolen? “The old methods, which simply log on to the server and look up no longer work”. This is stated by my colleague Janos Pasztor in his contribution ”Kubernetes – Yay or Nay”, which I recommend here for further reading. A major challenge, then, is to set up Kubernetes infrastructures according to our own security standards and GDPR. Finally, all applications must be operated “compliantly”, not least for reasons of liability. Even in larger companies, where a CISO operates, the responsibility for safety-relevant incidents always ultimately lies with management.

Know what's going on in the containers

In order to enable our customers to operate container infrastructures safely, we have set out to find a high-performance, reliable solution. Our partner Elastisys is the result of a research initiative at the University of Umea in Sweden. The company is a Kubernetes Certified Service Provider, Silver Member of the Cloud Native Computing Foundation and An OpenShift Red Hat Advanced Partner.

Elastisys Compliant Kubernetes' approach is to monitor containers throughout their lifecycle -- addressing the technical requirements of standards such as ISO27001 and PCI-DSS, as well as the legal requirements of GDPR or NIS. The system analyses the code during development, ensures that all stored processes are adhered to (for example, during configuration and deployment), and automatically determines whether the containers offer attack surfaces. In operation, it secures applications through web application firewalls and intrusion detection systems. And it offers clear dashboards and extensive automated documentation which are very important for us CISOs and data protectors.

Are you sure your cloud infrastructure is “compliant”!

As CISO it is my task to ensure the secure, legally compliant IT operation of my company. My job is to make innovation possible. Not to complicate them with excessive security requirements. To do this, I need the right tools.
With Elastisys Compliant Kubernetes, we have a flexible and versatile solution available on our Exoscale Cloud. Take a closer look at our solution with your development and operational colleagues and talk to our experts about your safety requirements.

We make digitalisation useful.