Docker and Container Compliance
•Download as PPTX, PDF•
1 like•622 views
Docker and Container Compliance
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Docker and Container Compliance
Similar to Docker and Container Compliance (20)
More from ControlCase
More from ControlCase (17)
Recently uploaded
Recently uploaded (20)
Docker and Container Compliance
- 1. 1 AWS/Docker and Container Compliance Speakers Ashish Kirtikar Satya Rane Senior Vice President, CaaS Senior Vice President, Innovation & QA
- 2. 2018 Data Security and Compliance Summit November 14th – 15 th | Sonesta Fort Lauderdale Beach D ON’T M ISS TH IS EXCLUSIVE EVENT! REGISTER NOW! • Learn from industry experts • Discuss your challenges and latest hot topics • Brainstorm with ControlCase execs and team members • Engage with your peers thru networking and round-table discussions https://www.controlcase.com/events/
- 3. 11th APAC & MEA annual global conference October 22nd – 23rd | J W Marriot Hotel, Dubai D ON’T M ISS TH IS EXCLUSIVE EVENT! REGISTER NOW! • Learn from industry experts • Discuss your challenges and latest hot topics • Brainstorm with ControlCase execs and team members • Engage with your peers thru networking and round-table discussions https://www.controlcase.com/events/
- 4. 4 ControlCase Introduction Amazon Web Services docker/container compliance About docker and container technologies ControlCase CaaS solution for Amazon AGENDA Q&A 4
- 5. 5 CORPORATE OVERVIEW ControlCase™ Making Compliance Effortless Over 500 clients across the US, CEMEA, Europe, Latin America and Asia/Pacific regions, including Major Retailers and Fortune 500 Companies Headquartered in the Washington, DC metro area (Fairfax, VA) ControlCase office or partnership locations include the US, Canada, Colombia, India, UK, KSA, Japan, Indonesia, Vietnam, Philippines, Kuwait, Malaysia, Brazil and Dubai Unique offerings brings Peace of Mind to Compliance 5
- 6. 6 PCI DSS Qualified Security Assessor (QSA) Company ASV: Authorized Security Vendor ISO 27001 & 27002 International Organization for Standardization SOC 1, SOC 2, SOC 3, & SOC for Cybersecurity Service Organization Controls (AICPA) HITRUST CSF Health Information Trust Alliance Common Security Framework (CSF) HIPAA Health Insurance Portability and Accountability Act NIST 800-53 National Institute of Standards and Technology GDPR General Data Protection Regulation MARS-E Minimum Acceptable Risk Standards for Exchanges EI3PA Experian Independent Third Party Assessment Microsoft SSPA Supplier Security and Privacy Assurance Third Party Risk Assessor Shared Assessments Program Certified product licensee for SIG and AUP PA-DSS Payment Application Qualified Security Assessor (QSA) CREDENTIALS 6
- 7. 7 About docker and container technologies
- 8. 8 What is a Container? Containerization refers to an operating system feature in which the kernel allows the existence of multiple isolated user-space instances. Popular Containerization Solutions: 1. AWS ECS 2. Docker
- 9. 9 Docker and AWS ECS Docker is an open platform for containerization and can be used to deploy containers for developers and sysadmins Amazon ECS is a highly scalable, high- performance container orchestration service to run Docker containers on the AWS cloud.
- 10. 10 Hosting Models 1. Physical Client Hosted 2. Datacenter Managed Service 3. Cloud Service Client hosted 4. Cloud hosted Container Service Providers
- 11. 11 Amazon Web Services docker/container compliance
- 12. 12 Compliance from Container Context Physical Client Hosted Datacenter Managed Service Cloud Client Hosted Service Cloud Container Service Providers Hardware Client Responsibility MSS Provider Responsibility MSS Provider Responsibility MSS Provider Responsibility OS Layer Client Responsibility Client Responsibility Client Responsibility MSS Provider Responsibility Container Layer Client Responsibility Client Responsibility Client Responsibility Client Responsibility Application Layer Client Responsibility Client Responsibility Client Responsibility Client Responsibility Compliance Responsibility Matrix in case of Different Container Hosting Models
- 13. 13 AWS ECS and Compliance Responsibilities Compliance Area Responsibility Scoping Customer Network Shared Configuration Management Customer Data Encryption at rest Customer Data Encryption in transit Customer Anti-Malware Customer Application Security Customer Logical Access Customer Physical Security AWS Logging and Monitoring Customer Security Testing Customer Policies and Procedures, Risk Assessment, Third Party Management, Governance and Compliance and Incident Response Customer
- 14. 14 Top 10 Best Practices for Compliance Container Compliance - Best Practices 1. Make developers aware to support the new way of developing, running, and supporting applications made possible by containers. 2. Use container-specific host OSs 3. Group containers with the same purpose, sensitivity, and threat posture on a single host OS 4. Harden Orchestrator configurations 5. Use container-specific vulnerability management tools 6. Implementing container-aware network, process monitoring and filtering and Malware filtering 7. Use of mandatory access control 8. Segmentation of workloads 9. Only vetted, tested, validated, and digitally signed images upload and run 10. Separate environments for development, test, production, and other scenarios
- 15. 15 ControlCase CaaS solution for Amazon
- 16. 16 Achieving Compliance on AWS with CaaS Compliance Area Responsibility Solutions Scoping Customer CaaS Network Shared Configuration Management Customer CaaS Data Encryption at rest Customer Data Encryption in transit Customer Anti-Malware Customer Application Security Customer CaaS Logical Access Customer Physical Security AWS Logging and Monitoring Customer CaaS Security Testing Customer CaaS Policies and Procedures, Risk Assessment, Third Party Management, Governance and Compliance Customer CaaS
- 17. 17 Achieving Compliance on AWS with CaaS Scoping: Capability to identify and document Container instances running in customer AWS ECS environment. Configuration Management: Method to identify security misconfiguration in Docker images. Application Security: Capability to conduct penetration testing on the applications hosted on AWS ECS Container platforms. Ability to scan the Docker images while getting developed on AWS platform to vet them before pushing to production repository Logging & Monitoring: This component can be integrated with the CloudWatch to collect, corelate and monitor logs 24X7 by ControlCase GSOC Team. Security Testing: Vulnerability scanning on the Docker images, application containers using pre-approved AMIs. CaaS also has the capability to support Risk Assessments, Policies & Procedures, Third- party Management as well as Governance & Compliance using a mix of technology and assessor presence.
- 18. 18 ControlCase – Compliance as a Service
- 19. 19 THANK YOU Q&A ControlCase: Making Compliance Effortless
- 20. 2018 Data Security and Compliance Summit November 14th – 15 th | Sonesta Fort Lauderdale Beach D ON’T M ISS TH IS EXCLUSIVE EVENT! REGISTER NOW! • Learn from industry experts • Discuss your challenges and latest hot topics • Brainstorm with ControlCase execs and team members • Engage with your peers thru networking and round-table discussions https://www.controlcase.com/events/
- 21. 11th APAC & MEA annual global conference October 22nd – 23rd | J W Marriot Hotel, Dubai D ON’T M ISS TH IS EXCLUSIVE EVENT! REGISTER NOW! • Learn from industry experts • Discuss your challenges and latest hot topics • Brainstorm with ControlCase execs and team members • Engage with your peers thru networking and round-table discussions https://www.controlcase.com/events/