Know Industry Compliance Standards Before Employing Container Security

By on November 27, 2018

November 27, 2018

More companies are focusing on container security to ensure that they don’t ship software with known vulnerabilities, to protect sensitive data, and to maintain compliance with industry-specific regulations such as HIPAA, PCI, or SOC 2. In theory, cybersecurity best practices around account security and the use of two factor/multi-factor authentication do not change in containerized infrastructures, but in practice, containers are co-located on the same host, and the surface area of a compromised container can have greater consequences. Also, as companies grow, there is greater liability associated with the absence of granular permissions and short-term credentials. In general, the more a company grows, the greater this tech debt becomes, and the more difficult it is to introduce effective access controls. Keep your industry’s compliance standards in mind as you adopt new solutions like containers. For example, HIPAA regulations require that personal health information be encrypted in transit or at rest when accessed by containers. Do your own research and ensure that your container solution of choice provides the functionality you need to stay compliant with industry standards.
Read the full article at:

Threat Stack

Leave a Reply

Your email address will not be published. Required fields are marked *

*