The Compliance Business Case for Kubernetes in the EU: Get Ready for EUCS

The presentation discusses the European Union Cloud Security Certification Scheme (EUCS) and how it relates to the Open Policy Agent (OPA) as a unified framework for working with policy as code across all layers of the stack.

• The EUCS is a certification scheme for cloud service providers in the European Union that requires continuous compliance and automation at different assurance levels.
• The Medina project provides tools and processes for maintaining compliance with the EUCS.
• OPA is a policy engine that provides a unified framework for working with policy as code across all layers of the stack.
• OPA can be used to enforce EUCS requirements and ensure compliance.
• OPA is a graduated CNCF project that has been widely adopted in the industry.

The speaker mentioned that compliance with the EUCS is not a one-time assessment, but rather a continuous process that requires automation. They emphasized the importance of proving compliance at any point in time, not just relying on a past auditor's report. This highlights the need for tools like OPA to enforce EUCS requirements and ensure continuous compliance.

This session demonstrates how EU enterprise, government, health care, and education organisations can design and build cloud native apps on Kubernetes in compliance with new EU Cybersecurity Scheme for Cloud Services (EUCS) requirements. The session will help users to plan for, enforce and audit EUCS requirements in a Kubernetes cluster using Open Policy Agent (OPA) and other CNCF tools. All cloud native architects, application developers, IT systems operators and mission owners in the EU who plan to host critical workloads on Kubernetes in the cloud must understand these important new regulatory requirements and how OPA can relieve the headache of compliance by allowing policy-as-code collaboration across stakeholder SMEs. The EUCS defines EU-wide rules for the security controls, levels of assurance, and assessment processes. The EUCS is legislation under the EU Cybersecurity Act aiming to increase trust and security in cloud products and services, and to counter fragmentation between member states, facilitate trade and transparency of security features. This is a live, hands-on demo session showing real world examples of "governance ops" for both business and technical stakeholders to understand how to build on Kubernetes confidently with EUCS compliance in the EU.