OpsMx announced new automated compliance capabilities
for Kubernetes environments that give customers immediate visibility into their
end-to-end application security posture. New auto-discovery of applications from
the existing software delivery process combined with an expanded library of
predefined rules, AI generation of new organization-specific policies, and
cross-team collaboration simplify adoption of industry best practices.
Integration with the recently announced
OpsMx
Deployment Firewall enables new application releases to be
automatically checked for compliance during the software delivery process,
while a new integration with Kubernetes admission controller can be used to
block out-of-compliance releases. The announcement was made at KubeCon
North America 2023 where OpsMx is demonstrating its secure software
delivery solutions.
"Customers need a better way to understand their current application
security posture using the tools, data, and processes they already have," said
Gopal Dommety, CEO and co-founder of OpsMx. "OpsMx is now bringing to market
the automation, rules and intelligence to first show customers where they
really stand and then help them take control of their application lifecycle
security without disrupting how they work today."
Automated Application Discovery and
Compliance Enforcement
As a first step in application delivery compliance, OpsMx can now auto-discover
the application and service structure directly from enterprise Kubernetes
services, including Google Kubernetes Engine (GKE), Amazon Elastic Kubernetes
Service (EKS), Microsoft Azure Kubernetes Service (AKS), self-managed
Kubernetes, and RedHat OpenShift. OpsMx can similarly integrate and
auto-discover from existing CI/CD pipelines running in ArgoCD, Jenkins,
Spinnaker, GitHub Actions, and Azure DevOps. Manual specification and
configuration is not required to get started.
For each application or service, OpsMx collects data from over ninety
common DevOps, security, and IT operations tools. Using this data, OpsMx
synthesizes a detailed view of each release, including all steps in the release
process, approvals and review, code provenance, and security checks to create a
Delivery Bill of Materials. DevSecOps, SRE, and Operations teams can get a
holistic view of the release process and its compliance status through the
OpsMx console or through integration of OpsMx data into the organization's
preferred Internal Developer Platform (IDP).
A new integration to Kubernetes admission controller gives customers the
ability to enforce software delivery compliance. If desired, Kubernetes
admission control can be used to block deployment of an application that is not
in compliance with the organization's defined policies.
Expanded Compliance Controls
To simplify compliance, with this announcement OpsMx is expanding its set of
pre-defined compliance controls based on the NIST 800-53 standard. This enables
customers to immediately see their current level of compliance against industry
best practices. Based on their specific requirements, customers can use this
visibility to generate alerts, track exceptions, or if desired stop the
deployment of out-of-compliance releases. The library of controls draws from
eight NIST 800-53 control families:
- Access Control (AC)
- Audit and Accountability (AU)
- Assessment and Authorization (CA)
- Configuration Management (CM)
- Identity and Authentication (IA)
- System and Services Acquisition (SA)
- System and Communications Protection (SC)
- System Integrity (SI)
The selected controls are those that can be effectively evaluated and
enforced as part of the application development, delivery, and deployment
process. Many of these same controls are also required for HIPAA, PCI DSS, and
other compliance standards.
Customers can easily supplement these predefined compliance policies with
organization-specific policies using the new Rules Genie. The Rules Genie uses
generative AI to convert plain language policy statements into "policy as code"
Rego scripts. Policies created with the Rules Genie can be used with any
solution that supports the Open Policy Agent (OPA). Customers can also directly
edit policy scripts for further customization, or can directly code their own
policies in Rego. The result is a specific, customized, and adaptable set of
compliance controls.
Availability
OpsMx is demonstrating these capabilities this week in Chicago at KubeCon
North America 2023, booth P14, along with the OpsMx deployment
firewall and other OpsMx solutions. New policies and the Rules Genie are
available later this month in the next release of the OpsMx Deploy Shield and
OpsMx SecureCD products.