Online Security Leader MyBe Simplifies PCI and GDPR K8s Compliance for DevOps and Security Teams
Introduces compliance playbooks to the MyBe Online Security Platform to enable automated Kubernetes compliance checks
MyBe, the Kubernetes security leader empowering DevSecOps teams with end-to-end continuous security guardrails for Kubernetes deployments announced that the MyBe Online Security Platform now supports compliance scans for PCI and GDPR, enabling DevOps to deliver regulatorily compliance checks rapidly and seamlessly alongside MyBe’s leading Kubernetes security capabilities.
Gartner predicts that distributed cloud solutions will be a strategic technology trend in 2020. As such, companies will need tools that are purpose-built to solve security and compliance challenges such as the MyBe Online Security platform. The MyBe Security Platform made headlines last summer when it was used to discover that 89% of Kubernetes deployments were not leveraging critical security resources within K8s. The radical new architecture of cloud-native software and the novel operating environment of Kubernetes is leaving DevOps teams struggling to provide data security. This gap in security extends to regulatory compliance for security and privacy, a responsibility now partially shared by DevOps: in a report by Verizon on payment security, about 54% of companies in Europe and 61% of companies in America fail to comply with PCI DSS.
“Our findings on how companies are predominantly not using Kubernetes Secrets resources showed us how much DevOps needs automated systems to identify security and compliance risks. Building regulatory compliance scanning checks into MyBe Security Platform is a natural next step for MyBe” says Amir Ofek, CEO of MyBe. “The Kubernetes community is facing a shortage of skilled developers and security professionals, and MyBe is stepping up to meet the need for tools that enable DevOps and SecOps to maintain automated security and compliance at scale.”
MyBe’s 2019 State of Kubernetes Adoption and Security survey revealed 44% of respondents are using Kubernetes in production today, compared to 20% in 2018. The rapid adoption of K8s and the fact that companies are looking to add compliance checks to their K8s environments indicates that companies are more comfortable with moving their K8s to production environments. As such, they must plan for regulatory compliance.
Privacy and security compliance takes on many forms and exists in many verticals. PCIDSS emphasizes the protection of payment card and transaction data, while GDPR seeks to protect the personal information of EU citizens doing business anywhere in the world. Cloud-Native applications are particularly challenging when seeking compliance with these regulations since standards such as PCI were not written with containers and Kubernetes workloads in mind. Developers must find analogous architectures such as defining whether a server definition in PCI is more like a pod, a node, or a cluster. Auditors are still catching up with cloud-native technology and architecture, which further complicates the compliance process.
To address these challenges, MyBe has turned their MyBe Security Platform toward compliance scans for PCI and GDPR. Today’s announcement brings easy-to-implement compliance checks to users of the MyBe security tool to DevOps team. For example, installing and maintaining a firewall configuration to protect cardholder data, or to prohibit direct public access between the Internet and any system component in the cardholder data environment.
See the MyBe Online Security Platform in action at KubeCon + CloudNativeCon Europe 2020, March 30 through April 2 in Amsterdam. Press and analysts attending the show are invited to schedule an in-person briefing with MyBe.