How We Survived Our First PCI/HIPAA Compliant Check with Kubernetes
At a high level, Travis will go over what it took for Nav to pass their first compliance check with their application in Kubernetes.At a lower level, he'll discuss what PCI/HIPAA compliance is like …
| Talk Title | How We Survived Our First PCI/HIPAA Compliant Check with Kubernetes |
| Speakers | Travis Jeppson (Director of Engineering, Nav) |
| Conference | KubeCon + CloudNativeCon North America |
| Conf Tag | |
| Location | Seattle, WA, USA |
| Date | Dec 9-14, 2018 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
At a high level, Travis will go over what it took for Nav to pass their first compliance check with their application in Kubernetes. At a lower level, he’ll discuss what PCI/HIPAA compliance is like in a world of containers. How to translate, and prioritize, the requirements from a traditional model, using virtual machines, to using a containerized model. What tools are already provided with Kubernetes, such as taints and tolerances, which tools are plug-ins, such as network policies; and what is missing and requires an external service. He’ll briefly cover Nav’s build pipelines and why adding in security checks into the docker builds is important to maintaining a compliant environment. Finally, he’ll discuss how moving forward you can reach a point of attaining a state of constant compliance; there is no reason to struggle to “become” compliant on a quarterly, or yearly, cadence.
