Policy Matters! The Why, What, and How of Kubernetes Policy Management

The conference presentation discusses the importance of policy-based governance and automation in improving security and operational efficiency in Kubernetes.

• Customers need a policy management system that is multi-cluster and oriented towards splitting clusters into different application teams.
• Existing IT operational processes and tools should be combined with policy-based governance to achieve automated governance.
• Policy-based operations are becoming increasingly important in Kubernetes, especially for securing it and achieving compliance.
• Policy management is a configuration management problem that can help achieve desired configuration state for every control at every layer of the software stack.
• Customers are starting to convert homegrown scripts into policies and apply policy management techniques to automate security controls.

Customers are driven by enterprise security requirements and regulatory compliance requirements, which can be a pain point when dealing with audits. Policy management is becoming a way to manage configuration and achieve continuous security readiness and audit readiness. Customers are starting to convert homegrown scripts into policies and apply policy management techniques to automate security controls.

Policies help address several critical challenges with managing Kubernetes clusters and workloads. In the panel-style session moderated by Robert Ficcaglia, co-chair of the Kubernetes Policy Working Group, contributors from the working group will discuss why policies are important to enterprises and other organizations using Kubernetes. Attendees will have an opportunity to ask policy engine and compliance experts about real world use cases and effective techniques for managing policy-as-code from a small cluster to enterprise multi-cluster scale. Attendees will see examples of how to map real world threats to their systems to specific policy automation tools and how compliance automation helps defend against emerging risks and provides greater visibility and enforcement of best practices.