Container security company StackRox is giving customers the means to meet more compliance standards with its latest release of the StackRox Kubernetes Security Platform. Now, the solution offers ways for organizations to verify and provide evidence that they are complying with NIST SP 800-190, PCI DSS 3.2, and HIPAA standards.
Organizations will be able to use StackRox’s platform to automatically check for compliance, identify gaps or non-compliance, obtain clear and detailed remediation information, and gather evidence of compliance for audits.
The solution also includes pre-built reports and the ability to drill down into information, providing teams with the flexibility needed to meet the requirements set by audit, compliance, and security teams.
According to StackRox, the new compliance capabilities were designed with the understanding that compliance needs to be handled differently in DevOps teams.
The company believe there are three differences in the way DevOps teams need to address compliance:
- Compliance has to fit the DevOps way, which is all about moving fast, leveraging automation, and continuous improvement. Though compliance has not historically looked like that, StackRox has worked to make compliance checks seems like an “automatic, ongoing exercise rather than a big heavy lift you prep for a couple times a year.”
- DevOps needs to be involved in the compliance process, rather than just handing it off for the security team to worry about.
- Different compliance controls apply at the cluster, namespace, and node level of Kubernetes and other container environments. Different teams are typically responsible for those different layers, so it is important to be able to zero in on the compliance level by layer.
“Integration with Kubernetes is critical to delivering such a powerful and efficient compliance solution,” said Wei Lien Dang, vice president of product at StackRox. “The StackRox approach is embedded directly in the infrastructure and integrated with Kubernetes-specific configurations, which means security and DevOps speak the same language and share a common view of the compliance controls in their environments.”