SlideShare a Scribd company logo

Docker container webinar final

Download as PPTX, PDF
ControlCase
ControlCase

ControlCase will discuss compliance as it relates to new technologies including docker and container: About docker and container technologies Amazon Web Services docker/container compliance ControlCase CaaS solution for Amazon Q&A

Technology
1 of 25
© 2019 ControlCase All Rights Reserved Docker and Container Compliance Your IT Compliance Partner – Go Beyond the Checklist
© 2019 ControlCase All Rights Reserved Our Agenda 2 4 2 3 Your IT Compliance Partner – Go beyond the checklist ControlCase Introduction About Docker and Container Docker/ Container Compliance ControlCase Solution Why ControlCase5 1
© 2019 ControlCase All Rights Reserved ControlCase Introduction1
© 2019 ControlCase All Rights Reserved ControlCase Snapshot 4 Certification and ContinuousCompliance Services Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies • Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1000+ Clients 300+ Security Experts 10,000+ IT Security Certifications
© 2019 ControlCase All Rights Reserved Solution 5 Certification and Continuous Compliance Services Automation -DrivenSkyCAM Partnership Approach IT Certification Services Continuous Compliance Services “I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness.” Security and Compliance Manager, Data Center
© 2019 ControlCase All Rights Reserved Certification Services 6 OneAudit – Collect Once, Certify Many PCI DSS ISO 27001 & 27002 SOC 1, SOC 2, SOC 3, & SOC for Cybersecurity HITRUST CSF HIPAA PCI P2PE GDPR NIST 800-53 PCI PIN PCI PA-DSS FedRAMP PCI 3DS “You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business.” Sr. Director, Information Risk & Compliance, Large Merchant Automation- DrivenSkyCAM Partnership Approach IT Certification Services Continuous Compliance Services
© 2019 ControlCase All Rights Reserved About Docker and Container2
© 2019 ControlCase All Rights Reserved What is Container 8 Containerization refers to an operating system feature in which the kernel allows the existence of multiple isolated user-space instances. Popular Containerization Solutions: 1. AWS ECS 2. Google Kubernetes 3. Open Source Docker Technology
© 2019 ControlCase All Rights Reserved Docker and AWS ECS 9 Docker is an open platform for containerization and can be used to deploy containers for developers and sysadmins Amazon ECS is a highly scalable, high-performance container orchestration service to run Docker containers on the AWS cloud. Google Kubernetes Engine (GKE) is a managed production ready environment for deploying containerized applications
© 2019 ControlCase All Rights Reserved Recap of Terminology 1. Containerization is a “feature” 2. Docker is an “open source software” that enables the containerization feature 3. ECS is “Amazon’s implementation” of the containerization feature 4. GKE is “Google’s implementation” of the containerization feature 10
© 2019 ControlCase All Rights Reserved Hosting Models 11 1. Physical Client Hosted 2. Datacenter Managed Service 3. Cloud Service Client hosted 4. Cloud hosted Container Service Providers
© 2019 ControlCase All Rights Reserved Docker/ Container Compliance3
© 2019 ControlCase All Rights Reserved Compliance from Container Context 13 Physical Client Hosted Datacenter Managed Service Cloud Client Hosted Service Cloud Container Service Providers Hardware Client Responsibility Provider Responsibility Provider Responsibility Provider Responsibility OS Layer Client Responsibility Client Responsibility Client Responsibility Provider Responsibility Container Layer Client Responsibility Client Responsibility Client Responsibility Client Responsibility Application Layer Client Responsibility Client Responsibility Client Responsibility Client Responsibility Compliance Responsibility Matrix in case of Different Container Hosting Models
© 2019 ControlCase All Rights Reserved Compliance Responsibility Matrix using Amazon/Google Clouds 14 Compliance Area Responsibility Scoping Customer Network Shared Configuration Management Customer Data Encryption at rest Customer Data Encryption in transit Customer Anti-Malware Customer Application Security Customer Logical Access Customer Physical Security AWS Logging and Monitoring Customer Security Testing Customer Policies and Procedures, Risk Assessment, Third Party Management, Governance and Compliance and Incident Response Customer
© 2019 ControlCase All Rights Reserved Top 10 Best Practices for Compliance 15 Number Technology Difference Compliance Best Practice 1 Traditional development practices, patching techniques, and system upgrade processes may not apply to a containerized environment Ensure developers are trained in secure practices to develop, run, test and support applications using container technologies 2 When using a container-specific host OS, attack surfaces are typically much smaller than they would be with a general-purpose host OS, so there are fewer opportunities to attack and compromise a container-specific host OS. Whenever possible, you should use container-specific host OSs to reduce their risk. At the same time it is important to note that container-specific host OSs will still have vulnerabilities over time that require remediation. 3 Segmenting containers by purpose, sensitivity, and threat posture provides additional defense in depth. Group containers in this manner and you will make it more difficult for an attacker who compromises one of the groups to expand that compromise to other groups. 4 Weak orchestrator configurations can increase risk due to - Unauthorized hosts joining the cluster - Single point of failure - Unencrypted inter process communications Harden orchestrator configurations 5 Traditional tools are often unable to detect vulnerabilities within containers, leading to a false sense of safety Adopt tools and processes to validate and enforce compliance with secure configuration best practices for images. This should include having centralized reporting and monitoring of the compliance state of each image, and preventing non-compliant images from being run.
© 2019 ControlCase All Rights Reserved Top 10 Best Practices for Compliance 16 Numbe r Technology Difference Compliance Best Practice 6 Network and monitoring tools are not necessarily all container aware. Container-aware network monitoring and filtering would detect anomalous connections to other containers during the attempt to map other systems. 7 Process and file system activity is more interrelated than traditional segmented environments. The usage of mandatory access control capabilities can provide additional barriers to ensure that process and file system activity is still segmented within the defined boundaries. 8 Segmentation of workloads ensures that the scope of the compromise would be limited to apps of a common sensitivity level that are sharing the host. For example, a compromised runtime on a host only running web apps would not impact runtimes on other hosts running containers for financial apps. Segment workloads by type of applications and sensitivity of data 9 Traditional tools for software management (including management of images) do not necessarily work in a containerized environment. Ensuring software is implemented that allows only vetted, tested, validated, and digitally signed images are allowed to be uploaded to an organization’s registries. 10 Traditional environment segregation techniques may not work. You should institute separate environments for development, test, production, and other scenarios, each with specific controls to provide role-based access control for container deployment and management activities.
© 2019 ControlCase All Rights Reserved Top 10 Best Practices for Compliance Summary Container Compliance - Best Practices 1. Make developers aware to support the new way of developing, running, and supporting applications made possible by containers. 2. Use container-specific host OSs 3. Group containers with the same purpose, sensitivity, and threat posture on a single host OS 4. Harden Orchestrator configurations 5. Use container-specific vulnerability management tools 6. Implementing container-aware network, process monitoring and filtering and Malware filtering 7. Use of mandatory access control 8. Segmentation of workloads 9. Only vetted, tested, validated, and digitally signed images upload and run 10. Separate environments for development, test, production, and other scenarios 17
© 2019 ControlCase All Rights Reserved ControlCase Compliance Solutions for Docker/Containers4
© 2019 ControlCase All Rights Reserved Achieving Compliance in Cloud 19 Compliance Area Responsibility ControlCase Solutions Scoping Customer Network Shared Vulnerability Scanning Configuration Management Customer Config Scanning Data Encryption at rest Customer Data Encryption in transit Customer Anti-Malware Customer Application Security Customer Application Scanning Logical Access Customer Physical Security AWS Logging and Monitoring Customer Security Testing Customer Pen Testing Policies and Procedures, Risk Assessment, Third Party Management, Governance and Compliance Customer Policy Manager
© 2019 ControlCase All Rights Reserved ControlCase Cybersecurity Solutions 20
© 2019 ControlCase All Rights Reserved Automation-driven 21 SkyCAM IT Compliance Portal Automation-driven certification and continuous compliance SkyCAM IT Compliance Portal • Cut evidence collection time up to 70% • In the cloud or on-prem • Go beyond monitoring and alerting to predict, prioritize and remediate compliance risks before they become security threats Automated Evidence Collection Real-time Certification Dashboard Predictive Continuous Compliance (AI-powered) • Stay on top of progress with visibility into your certification process with drill down capability GRC Platform Integration • Integrate and extend capability of GRC platforms Automation- DrivenSkyCAM Partnership Approach IT Certification Services Continuous Compliance Services
© 2019 ControlCase All Rights Reserved Why ControlCase5
© 2019 ControlCase All Rights Reserved ControlCase Certification Outcomes 23 “It’s a challenge keeping up with the changing compliance landscape. Given that we had GDPR and now the California data privacy law, not to mention HIPAA and others, there are a lot of regulations and frameworks to keep up with and a lot of time spent preparing for audits. That puts a lot of overhead and strain on me and my team. We don’t just don’t have the expertise or time to keep up. Before ControlCase “We cut audit prep time by 70% using ConrolCase. It was their partner approach to us; a combination of their expertise, their responsiveness and automation. They brought us great ideas on how to streamline our process, and we were able to take advantage of automated data collection. And, their IT Compliance Portal gave us visibility throughout the entire process. Another thing - We don’t look at compliance as a once a year event, and now, with ControlCase’s Continuous Compliance services, we have the visibility into what’s in compliance and what’s not all year long. We can quickly remediate an issue before it becomes a security threat.” With ControlCase Cut audit prep time by 70%
© 2019 ControlCase All Rights Reserved Summary – Why ControlCase 24 “They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us.” Dir. of Compliance, SaaS company Your IT Compliance Partner – Go beyond the auditor’s checklist Partnership Approach SkyCAM IT Compliance Portal Automation driven Continuous Compliance Services
© 2019 ControlCase All Rights Reserved Email contact@controlcase.com Telephone Americas +1.703-483-6383 India: +91.22.50323006 Social Media Conection Suport www.facebook.com/user www.linkin.com/user Visit our website www.controlcase.com THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM

Recommended

Integrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to ManyIntegrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to ManyControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)ControlCase
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesControlCase
 
Log Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringLog Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringControlCase
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1ControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECControlCase
 

Recommended

Integrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to ManyIntegrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to ManyControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)ControlCase
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesControlCase
 
Log Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringLog Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringControlCase
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1ControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECControlCase
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyControlCase
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as UsualControlCase
 
Integrated Compliance
Integrated ComplianceIntegrated Compliance
Integrated ComplianceControlCase
 
PCI DSS and Other Related Updates
PCI DSS and Other Related UpdatesPCI DSS and Other Related Updates
PCI DSS and Other Related UpdatesControlCase
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudControlCase
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS ComplianceControlCase
 
Performing PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesPerforming PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesControlCase
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management ComplianceControlCase
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceControlCase
 
Docker and Container Compliance
Docker and Container ComplianceDocker and Container Compliance
Docker and Container ComplianceControlCase
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) ControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECControlCase
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance ChecklistControlCase
 
Agiliance Wp Key Steps
Agiliance Wp Key StepsAgiliance Wp Key Steps
Agiliance Wp Key Stepsagiliancecommunity
 
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001ControlCase
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 
Introduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationIntroduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationControlCase
 
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTHealthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTControlCase
 
So you want to provision a test environment...
So you want to provision a test environment...So you want to provision a test environment...
So you want to provision a test environment...DevOps.com
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksDevOps.com
 

More Related Content

What's hot

OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyControlCase
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as UsualControlCase
 
Integrated Compliance
Integrated ComplianceIntegrated Compliance
Integrated ComplianceControlCase
 
PCI DSS and Other Related Updates
PCI DSS and Other Related UpdatesPCI DSS and Other Related Updates
PCI DSS and Other Related UpdatesControlCase
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudControlCase
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS ComplianceControlCase
 
Performing PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesPerforming PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesControlCase
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management ComplianceControlCase
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceControlCase
 
Docker and Container Compliance
Docker and Container ComplianceDocker and Container Compliance
Docker and Container ComplianceControlCase
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) ControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECControlCase
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance ChecklistControlCase
 
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001ControlCase
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 
Introduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationIntroduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationControlCase
 
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTHealthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTControlCase
 

What's hot (20)

OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as Usual
 
Integrated Compliance
Integrated ComplianceIntegrated Compliance
Integrated Compliance
 
PCI DSS and Other Related Updates
PCI DSS and Other Related UpdatesPCI DSS and Other Related Updates
PCI DSS and Other Related Updates
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
 
Performing PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesPerforming PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust Principles
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management Compliance
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
 
Docker and Container Compliance
Docker and Container ComplianceDocker and Container Compliance
Docker and Container Compliance
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
 
Agiliance Wp Key Steps
Agiliance Wp Key StepsAgiliance Wp Key Steps
Agiliance Wp Key Steps
 
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
 
Introduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationIntroduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) Certification
 
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTHealthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUST
 

Similar to Docker container webinar final

So you want to provision a test environment...
So you want to provision a test environment...So you want to provision a test environment...
So you want to provision a test environment...DevOps.com
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksDevOps.com
 
Building Cloud capability for startups
Building Cloud capability for startupsBuilding Cloud capability for startups
Building Cloud capability for startupsSekhar Mohanty
 
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 Amazon Web Services
 
POV - Practical Containerization
POV - Practical ContainerizationPOV - Practical Containerization
POV - Practical ContainerizationRobert Greiner
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
AWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container AdoptionAWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container AdoptionAlex Rhea
 
Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Pragmatic container security - DEM11-R - AWS re:Inforce 2019 Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Pragmatic container security - DEM11-R - AWS re:Inforce 2019 Amazon Web Services
 
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Amazon Web Services
 
IBM Multicloud Management on the OpenShift Container Platform
IBM Multicloud Management on the OpenShift Container PlatformIBM Multicloud Management on the OpenShift Container Platform
IBM Multicloud Management on the OpenShift Container PlatformMichael Elder
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedNorm Barber
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3EnterpriseGRC Solutions, Inc.
 
Implementing cloud based devops for distributed agile projects
Implementing cloud based devops for distributed agile projectsImplementing cloud based devops for distributed agile projects
Implementing cloud based devops for distributed agile projectsTom Stiehm
 
M.S. Dissertation in Salesforce on Force.com
M.S. Dissertation in Salesforce on Force.comM.S. Dissertation in Salesforce on Force.com
M.S. Dissertation in Salesforce on Force.comArun Somu Panneerselvam
 
Gomez Blazing Fast Cloud Best Practices
Gomez Blazing Fast Cloud Best Practices Gomez Blazing Fast Cloud Best Practices
Gomez Blazing Fast Cloud Best Practices Compuware APM
 

Similar to Docker container webinar final (20)

So you want to provision a test environment...
So you want to provision a test environment...So you want to provision a test environment...
So you want to provision a test environment...
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
 
Building Cloud capability for startups
Building Cloud capability for startupsBuilding Cloud capability for startups
Building Cloud capability for startups
 
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
 
POV - Practical Containerization
POV - Practical ContainerizationPOV - Practical Containerization
POV - Practical Containerization
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Cloud capability for startups
Cloud capability for startupsCloud capability for startups
Cloud capability for startups
 
AWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container AdoptionAWS TechConnect 2018 - Container Adoption
AWS TechConnect 2018 - Container Adoption
 
Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Pragmatic container security - DEM11-R - AWS re:Inforce 2019 Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Pragmatic container security - DEM11-R - AWS re:Inforce 2019
 
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
 
IBM Multicloud Management on the OpenShift Container Platform
IBM Multicloud Management on the OpenShift Container PlatformIBM Multicloud Management on the OpenShift Container Platform
IBM Multicloud Management on the OpenShift Container Platform
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
 
Implementing cloud based devops for distributed agile projects
Implementing cloud based devops for distributed agile projectsImplementing cloud based devops for distributed agile projects
Implementing cloud based devops for distributed agile projects
 
M.S. Dissertation in Salesforce on Force.com
M.S. Dissertation in Salesforce on Force.comM.S. Dissertation in Salesforce on Force.com
M.S. Dissertation in Salesforce on Force.com
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Gomez Blazing Fast Cloud Best Practices
Gomez Blazing Fast Cloud Best Practices Gomez Blazing Fast Cloud Best Practices
Gomez Blazing Fast Cloud Best Practices
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
How to Overcome the Challenges of Cloud Application
How to Overcome the Challenges of Cloud ApplicationHow to Overcome the Challenges of Cloud Application
How to Overcome the Challenges of Cloud Application
 

More from ControlCase

Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarControlCase
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfControlCase
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxIntegrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxControlCase
 
2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdfControlCase
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfControlCase
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfControlCase
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxControlCase
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdfControlCase
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfControlCase
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxControlCase
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxControlCase
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST CertificationControlCase
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC CertificationControlCase
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 

More from ControlCase (16)

Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxIntegrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptx
 
2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdf
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdf
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptx
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST Certification
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 

Docker container webinar final

  • 1. © 2019 ControlCase All Rights Reserved Docker and Container Compliance Your IT Compliance Partner – Go Beyond the Checklist
  • 2. © 2019 ControlCase All Rights Reserved Our Agenda 2 4 2 3 Your IT Compliance Partner – Go beyond the checklist ControlCase Introduction About Docker and Container Docker/ Container Compliance ControlCase Solution Why ControlCase5 1
  • 3. © 2019 ControlCase All Rights Reserved ControlCase Introduction1
  • 4. © 2019 ControlCase All Rights Reserved ControlCase Snapshot 4 Certification and ContinuousCompliance Services Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies • Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1000+ Clients 300+ Security Experts 10,000+ IT Security Certifications
  • 5. © 2019 ControlCase All Rights Reserved Solution 5 Certification and Continuous Compliance Services Automation -DrivenSkyCAM Partnership Approach IT Certification Services Continuous Compliance Services “I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness.” Security and Compliance Manager, Data Center
  • 6. © 2019 ControlCase All Rights Reserved Certification Services 6 OneAudit – Collect Once, Certify Many PCI DSS ISO 27001 & 27002 SOC 1, SOC 2, SOC 3, & SOC for Cybersecurity HITRUST CSF HIPAA PCI P2PE GDPR NIST 800-53 PCI PIN PCI PA-DSS FedRAMP PCI 3DS “You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business.” Sr. Director, Information Risk & Compliance, Large Merchant Automation- DrivenSkyCAM Partnership Approach IT Certification Services Continuous Compliance Services
  • 7. © 2019 ControlCase All Rights Reserved About Docker and Container2
  • 8. © 2019 ControlCase All Rights Reserved What is Container 8 Containerization refers to an operating system feature in which the kernel allows the existence of multiple isolated user-space instances. Popular Containerization Solutions: 1. AWS ECS 2. Google Kubernetes 3. Open Source Docker Technology
  • 9. © 2019 ControlCase All Rights Reserved Docker and AWS ECS 9 Docker is an open platform for containerization and can be used to deploy containers for developers and sysadmins Amazon ECS is a highly scalable, high-performance container orchestration service to run Docker containers on the AWS cloud. Google Kubernetes Engine (GKE) is a managed production ready environment for deploying containerized applications
  • 10. © 2019 ControlCase All Rights Reserved Recap of Terminology 1. Containerization is a “feature” 2. Docker is an “open source software” that enables the containerization feature 3. ECS is “Amazon’s implementation” of the containerization feature 4. GKE is “Google’s implementation” of the containerization feature 10
  • 11. © 2019 ControlCase All Rights Reserved Hosting Models 11 1. Physical Client Hosted 2. Datacenter Managed Service 3. Cloud Service Client hosted 4. Cloud hosted Container Service Providers
  • 12. © 2019 ControlCase All Rights Reserved Docker/ Container Compliance3
  • 13. © 2019 ControlCase All Rights Reserved Compliance from Container Context 13 Physical Client Hosted Datacenter Managed Service Cloud Client Hosted Service Cloud Container Service Providers Hardware Client Responsibility Provider Responsibility Provider Responsibility Provider Responsibility OS Layer Client Responsibility Client Responsibility Client Responsibility Provider Responsibility Container Layer Client Responsibility Client Responsibility Client Responsibility Client Responsibility Application Layer Client Responsibility Client Responsibility Client Responsibility Client Responsibility Compliance Responsibility Matrix in case of Different Container Hosting Models
  • 14. © 2019 ControlCase All Rights Reserved Compliance Responsibility Matrix using Amazon/Google Clouds 14 Compliance Area Responsibility Scoping Customer Network Shared Configuration Management Customer Data Encryption at rest Customer Data Encryption in transit Customer Anti-Malware Customer Application Security Customer Logical Access Customer Physical Security AWS Logging and Monitoring Customer Security Testing Customer Policies and Procedures, Risk Assessment, Third Party Management, Governance and Compliance and Incident Response Customer
  • 15. © 2019 ControlCase All Rights Reserved Top 10 Best Practices for Compliance 15 Number Technology Difference Compliance Best Practice 1 Traditional development practices, patching techniques, and system upgrade processes may not apply to a containerized environment Ensure developers are trained in secure practices to develop, run, test and support applications using container technologies 2 When using a container-specific host OS, attack surfaces are typically much smaller than they would be with a general-purpose host OS, so there are fewer opportunities to attack and compromise a container-specific host OS. Whenever possible, you should use container-specific host OSs to reduce their risk. At the same time it is important to note that container-specific host OSs will still have vulnerabilities over time that require remediation. 3 Segmenting containers by purpose, sensitivity, and threat posture provides additional defense in depth. Group containers in this manner and you will make it more difficult for an attacker who compromises one of the groups to expand that compromise to other groups. 4 Weak orchestrator configurations can increase risk due to - Unauthorized hosts joining the cluster - Single point of failure - Unencrypted inter process communications Harden orchestrator configurations 5 Traditional tools are often unable to detect vulnerabilities within containers, leading to a false sense of safety Adopt tools and processes to validate and enforce compliance with secure configuration best practices for images. This should include having centralized reporting and monitoring of the compliance state of each image, and preventing non-compliant images from being run.
  • 16. © 2019 ControlCase All Rights Reserved Top 10 Best Practices for Compliance 16 Numbe r Technology Difference Compliance Best Practice 6 Network and monitoring tools are not necessarily all container aware. Container-aware network monitoring and filtering would detect anomalous connections to other containers during the attempt to map other systems. 7 Process and file system activity is more interrelated than traditional segmented environments. The usage of mandatory access control capabilities can provide additional barriers to ensure that process and file system activity is still segmented within the defined boundaries. 8 Segmentation of workloads ensures that the scope of the compromise would be limited to apps of a common sensitivity level that are sharing the host. For example, a compromised runtime on a host only running web apps would not impact runtimes on other hosts running containers for financial apps. Segment workloads by type of applications and sensitivity of data 9 Traditional tools for software management (including management of images) do not necessarily work in a containerized environment. Ensuring software is implemented that allows only vetted, tested, validated, and digitally signed images are allowed to be uploaded to an organization’s registries. 10 Traditional environment segregation techniques may not work. You should institute separate environments for development, test, production, and other scenarios, each with specific controls to provide role-based access control for container deployment and management activities.
  • 17. © 2019 ControlCase All Rights Reserved Top 10 Best Practices for Compliance Summary Container Compliance - Best Practices 1. Make developers aware to support the new way of developing, running, and supporting applications made possible by containers. 2. Use container-specific host OSs 3. Group containers with the same purpose, sensitivity, and threat posture on a single host OS 4. Harden Orchestrator configurations 5. Use container-specific vulnerability management tools 6. Implementing container-aware network, process monitoring and filtering and Malware filtering 7. Use of mandatory access control 8. Segmentation of workloads 9. Only vetted, tested, validated, and digitally signed images upload and run 10. Separate environments for development, test, production, and other scenarios 17
  • 18. © 2019 ControlCase All Rights Reserved ControlCase Compliance Solutions for Docker/Containers4
  • 19. © 2019 ControlCase All Rights Reserved Achieving Compliance in Cloud 19 Compliance Area Responsibility ControlCase Solutions Scoping Customer Network Shared Vulnerability Scanning Configuration Management Customer Config Scanning Data Encryption at rest Customer Data Encryption in transit Customer Anti-Malware Customer Application Security Customer Application Scanning Logical Access Customer Physical Security AWS Logging and Monitoring Customer Security Testing Customer Pen Testing Policies and Procedures, Risk Assessment, Third Party Management, Governance and Compliance Customer Policy Manager
  • 20. © 2019 ControlCase All Rights Reserved ControlCase Cybersecurity Solutions 20
  • 21. © 2019 ControlCase All Rights Reserved Automation-driven 21 SkyCAM IT Compliance Portal Automation-driven certification and continuous compliance SkyCAM IT Compliance Portal • Cut evidence collection time up to 70% • In the cloud or on-prem • Go beyond monitoring and alerting to predict, prioritize and remediate compliance risks before they become security threats Automated Evidence Collection Real-time Certification Dashboard Predictive Continuous Compliance (AI-powered) • Stay on top of progress with visibility into your certification process with drill down capability GRC Platform Integration • Integrate and extend capability of GRC platforms Automation- DrivenSkyCAM Partnership Approach IT Certification Services Continuous Compliance Services
  • 22. © 2019 ControlCase All Rights Reserved Why ControlCase5
  • 23. © 2019 ControlCase All Rights Reserved ControlCase Certification Outcomes 23 “It’s a challenge keeping up with the changing compliance landscape. Given that we had GDPR and now the California data privacy law, not to mention HIPAA and others, there are a lot of regulations and frameworks to keep up with and a lot of time spent preparing for audits. That puts a lot of overhead and strain on me and my team. We don’t just don’t have the expertise or time to keep up. Before ControlCase “We cut audit prep time by 70% using ConrolCase. It was their partner approach to us; a combination of their expertise, their responsiveness and automation. They brought us great ideas on how to streamline our process, and we were able to take advantage of automated data collection. And, their IT Compliance Portal gave us visibility throughout the entire process. Another thing - We don’t look at compliance as a once a year event, and now, with ControlCase’s Continuous Compliance services, we have the visibility into what’s in compliance and what’s not all year long. We can quickly remediate an issue before it becomes a security threat.” With ControlCase Cut audit prep time by 70%
  • 24. © 2019 ControlCase All Rights Reserved Summary – Why ControlCase 24 “They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us.” Dir. of Compliance, SaaS company Your IT Compliance Partner – Go beyond the auditor’s checklist Partnership Approach SkyCAM IT Compliance Portal Automation driven Continuous Compliance Services
  • 25. © 2019 ControlCase All Rights Reserved Email contact@controlcase.com Telephone Americas +1.703-483-6383 India: +91.22.50323006 Social Media Conection Suport www.facebook.com/user www.linkin.com/user Visit our website www.controlcase.com THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM

Editor's Notes

  1. Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.  
  2. Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.  
  3. Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.  
  4. Proving and maintaining compliance places a significant burden on organizations. Taking people away from their core responsibilities to deal with the time and effort required to become certified and stay compliant strains already taxed resources. Organizations struggle with: Dealing with multiple regulations Keeping up with ever-changing regulations and compliance requirements Understanding and translating compliance frameworks into a language business people understand The time spent preparing for audits The lack of visibility into their compliance posture throughout the year
  5. Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.  
  6. Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.  
  7. Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.  
  8. Proving and maintaining compliance places a significant burden on organizations. Taking people away from their core responsibilities to deal with the time and effort required to become certified and stay compliant strains already taxed resources. Organizations struggle with: Dealing with multiple regulations Keeping up with ever-changing regulations and compliance requirements Understanding and translating compliance frameworks into a language business people understand The time spent preparing for audits The lack of visibility into their compliance posture throughout the year
  9. Proving and maintaining compliance places a significant burden on organizations. Taking people away from their core responsibilities to deal with the time and effort required to become certified and stay compliant strains already taxed resources. Organizations struggle with: Dealing with multiple regulations Keeping up with ever-changing regulations and compliance requirements Understanding and translating compliance frameworks into a language business people understand The time spent preparing for audits The lack of visibility into their compliance posture throughout the year
  10. Proving and maintaining compliance places a significant burden on organizations. Taking people away from their core responsibilities to deal with the time and effort required to become certified and stay compliant strains already taxed resources. Organizations struggle with: Dealing with multiple regulations Keeping up with ever-changing regulations and compliance requirements Understanding and translating compliance frameworks into a language business people understand The time spent preparing for audits The lack of visibility into their compliance posture throughout the year
  11. Arm you with the data and reports that make sense to business executives and tie to business goals
  12. Partnership Approach – Proactive expertise, responsive support and new, innovative ideas to streamline and improve compliance Right mix of size and responsiveness - We’re big enough to provide comprehensive compliance services, but agile enough to deliver responsive client care and support Automation-Driven – Take advantage of automation to cut time and costs and improve efficiencies in becoming certified and maintaining compliance ControlCase IT Compliance Portal Automated evidence collection – on prem or in the cloud Real-time Certification Dashboard AI-powered Predictive Compliance Go beyond monitoring and alerting to predict, prioritize and remediate compliance risk before they become security threats GRC Platform integration Continuous Compliance – Use ControlCase’s continuous compliance services to maintain compliance continuously in between annual certification efforts, because point-in-time, snap-shot compliance doesn’t effectively keep your company compliant or secure Predict, prioritize and remediate compliance risks before they become security threats