“With Aqua 3.0, users can create fine-grained user access control roles and policies. Access to kubectl commands can be specified to particular users, and governed by Aqua’s scalable labeling format. The Kubernetes controls also provides the ability to block unapproved images from running across entire cluster, as well as the ability to control network traffic based on Kubernetes namespaces, clusters or deployments.”
Plus, some policy drift report making. Done with a sidecar.
Original source: Aqua Extends Container Security Platform to Kubernetes, Cloud Services
Exciting new audit needs ahead, hoss: “Organisations should review their IT systems and procedures to check they comply with GDPR requirements for privacy by design, ensuring only the minimum amount of personal data necessary is processed. Privacy Impact Assessments (PIAs) should be completed when using new technologies and the data processing is likely to result in a high risk to individuals.”
Original source: GDPR compliance – here are the 14 things you actually need to do
Questions around audit and compliance always come up in discussions about improving software, and certainly when it comes to introducing things like continuous delivery, DevOps, and esp. something as big and different as Pivotal Cloud Foundry. To that end, I wrote up a way to approach those issues, along with a few tips for dealing with compliance and audit for my FierceDevOps column last month.
The onerous steps auditors want you to do were usually put in there for good reason, but, as I put it:
Unfortunately, the way that three-ring binder wielding ninjas and IT staff battle it out over these and other compliance check-lists often loses sight of the original, good intentions. Instead, it infects everyone with a bad case of table-flipping madness. Thanks to cloud technologies and the empathy over table-flipping approaches in DevOps, we’ve been finding ways to get over compliance hurdles and even, in some cases, make compliance projects easier and better.
There’s a summary on the Pivotal blog, and/or you can check out the full piece.
(Binders picture from tookapic)