Rethinking Compliance in a Containerised World

Containers introduce new organisational challenges for compliance with standards like NIST 800, GDPR, PCI DSS. Vulnerability management, network security, threat analysis and mitigation, data protection, user access control: we address the main problem areas and how to achieve compliance by design.---Containers introduce a paradigm shift for application development. They drive increased use of open source software and accelerate the pace of software development, effectively posing a huge challenge for established security & compliance checkpoints. While NIST, DISA and CIS have released specific container security guides, additional security controls have to be introduced to ensure compliance to established standards like GDPR and PCI DSS. In this talk we will explore some of the common areas touched by these regulations and the new challenges posed by containers: - Vulnerability management - Network security - Threat analysis and mitigation - Data protection - User access control