How We Survived Our First PCI/HIPAA Compliant Check with Kubernetes - Travis Jeppson, Nav
Abstract
At a high level, Travis will go over what it took for Nav to pass their first compliance check with their application in Kubernetes. At a lower level, he’ll discuss what PCI/HIPAA compliance is like in a world of containers. How to translate, and prioritize, the requirements from a traditional model, using virtual machines, to using a containerized model. What tools are already provided with Kubernetes, such as taints and tolerances, which tools are plug-ins, such as network policies; and what is missing and requires an external service. He’ll briefly cover Nav’s build pipelines and why adding in security checks into the docker builds is important to maintaining a compliant environment. Finally, he’ll discuss how moving forward you can reach a point of attaining a state of constant compliance; there is no reason to struggle to “become” compliant on a quarterly, or yearly, cadence.