Compliant Kubernetes

Kubernetes has changed the way we manage containerized workloads and services. Being an open-source platform, Kubernetes makes it easier and more efficient to coordinate different applications as well as update, scale, and deploy them.

While using Kubernetes may seem like a no-brainer for anyone wanting to deploy applications, in the past, for many working in the healthcare or finance industry, this open-source platform was not ideal. Kubernetes failed to fulfill the compliance and security restrictions set by HITRUST, PCI DSS and NIST cybersecurity frameworks that many healthcare companies and financial institutions were required to meet, to ensure their customer data were secured and not attainable.

Remarkably, that has changed in the past year as new updates and services have become available to help organizations meet their compliance and security restrictions using Kubernetes. Nowadays, worrying about Kubernetes being compliant is a thing of the past as its flexible container platform allows you to run it anywhere and function the same. In addition, you can implement constant security scanning for your containers and apply security updates regularly to ensure your applications are secure. This gives you the ability to make sure there are no vulnerabilities in your software.

Kubernetes also offers authorization plugins which control a user’s access to resources. This can lower the risk of malicious activities as well as reducing the impact of mistakes. Kubernetes platform allows you to create additional namespaces and connect users and specific resources to them so that if a user does something wrong it wouldn’t impact other resources or disrupt the entire application.

Through its flexible platform, Kubernetes in the recent years has officially changed how people deploy and update applications. With the recent security features and the open-source platform offers, have made the software compliant with many of the security restrictions set in place by HITRUST, PCI DSS and NIST cybersecurity frameworks.

For more information regarding Kubernetes check out our blog post on Lumen21.com
What Is Kubernetes And Why Would You Use It?

Lumen21 provides HITRUST compliant Kubernetes environment compliant with the following controls in a shared responsibility model between the Client, Lumen21 and Cloud provider.

  • Information Protection Program
  • Endpoint Protection
  • Portable Media Security
  • Mobile Device Security
  • Wireless Protection
  • Configuration Management
  • Vulnerability Management
  • Network Protection
  • Transmission Protection
  • Password Management
  • Access Control
  • Audit Logging & Monitoring
  • Education, Training & Awareness
  • Third Party Security
  • Incident Management
  • Business Continuity & Disaster Recovery
  • Risk Management
  • Physical & Environmental Security
  • Data Protection & Privacy

Solution Offering

Compliant Kubernetes enables the HITRUST, GDPR, PCI DSS and SSAE 16 compliant environment for covered entities which have distributed workloads supporting various healthcare plans and custom applications across many different geographical regions. The move to Kubernetes opens the ability for customers to deploy their software on the Lumen21 platform or on top of their own Azure or AWS cloud. Customers can use the pre-configured Lumen21 HITRUST Kubernetes to leverage the same HITRUST CSF certification which has passed the stringent audit and compliance requirements. Lumen21 Azure environment has been vetted and validated by Microsoft technology Architects as part of the Cloud Service Provider (CSP) program.

More information

Lumen21 recently completed its 4th external HITRUST Audit along with the external SSAE 16 SOC 2 Type II audit. Lumen21 does not outsource any of the compliance and management work as it is core to what we do. We have an in-house audit, compliance, and management teams that ensures compliance with our policies and procedures, including our facilities and employees. The Lumen21 workforce is mandated to take refresher compliance, privacy and security trainings annually to make sure everyone is updated on the latest industry and regulation changes. Lumen21 tracks all changes via IT ticketing system, including any changes to the environment with stringent change management policies. All activities are auditable and have just in time (JIT) access to all systems which are approved by Sr. Management to make sure no undue access is provided to the systems.

 

Reference Links:

https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/