Fairwinds, a provider of Kubernetes software, has published its Kubernetes Benchmark Report 2023. The report shows a general trend of worsening configuration issues across the organizations surveyed. This includes an increase in the number of organizations running workloads that allow root access, workloads without set memory limits, and workloads affected by imaging vulnerabilities.

The Kubernetes Configuration Benchmark Report was created based on results from over 100,000 workloads and hundreds of organizations using the Fairwinds Insights Platform. It serves as a benchmarking tool for Kubernetes users.

Divided into three parts, the report focuses on:

• Reliability
• Security
• Efficiency

The adoption of cloud-based technologies such as Kubernetes poses new compliance challenges. Because containers can be stopped, destroyed, restored and replaced with minimal setup and configuration, it can be difficult to determine if users are compliant in the first place – or to know when a container is no longer compliant.

4 TOP TIPS FOR SOC 2
1. Take a look at your systems and the things you use.
Like Fairwinds, you may be a startup that creates software and probably uses dozens of vendors, like GitHub or GitLab for VCS. You probably have something that manages your page, and you probably have an HR system or knowledge base for documentation.

2. Establish your best practices and stick to them.
Demonstrate that you not only follow these policies, but that you have a process to enforce them. Sure, maybe you already follow best practices, in your architecture and system administration, but maybe you don’t do it everywhere.

3. Document your development and deployment process.
This step applies specifically to the development and DevOps teams. Does your organization have a documented process for how code goes into production from start to finish?

4. Document all your policies, not just those related to infrastructure.
Think about things like on and off employees. How do
do you accept suppliers? How do you assess risk to the company? Document it and codify it. Writing a policy is one thing, but following it is quite another.

UNDERSTANDING SOC 2 AND KUBERNETES
Although Kubernetes is a newer architectural paradigm, it actually has
some considerations within SOC 2. At the time of the audit, organizations
should determine which parts of Kubernetes are relevant to their organization around the scope of SOC 2.

ACHIEVING COMPLIANCE WITH FAIRWINDS INSIGHTS
Fairwinds Insights helps compliance managers automate, monitor, and enforce policy firewalls. The newest feature, Fairwinds Insights Compliance Self-Assessment for SOC 2, offers even greater reach, now providing DevSecOps teams with more than 30 assessment questions focused on SOC 2 compliance within Kubernetes.

Meeting Kubernetes compliance requirements doesn’t have to be complicated, time-consuming, or expensive. With the right third-party SaaS solution, such as Fairwinds Insights, organizations can continue to reap the benefits of Kubernetes technology while adapting to industry standards.

some considerations within SOC 2. At the time of the audit, organizations
should determine which parts of Kubernetes are relevant to their organization around the scope of SOC 2.