Kubernetes Security Leader Alcide Simplifies PCI and GDPR K8s Compliance for DevOps and Security Teams

February 26, 2020 Deborah Schalm Alcide

Introduces compliance playbooks to the Alcide Kubernetes Security Platform to enable
automated Kubernetes compliance checks

TEL AVIV, Israel, February 26, 2020 – Alcide , the Kubernetes security leader empowering
DevSecOps teams with end-to-end continuous security guardrails for Kubernetes deployments,
today announced that the Alcide Kubernetes Security Platform now supports compliance scans
for PCI and GDPR, enabling DevOps to deliver regulatory compliance checks rapidly and
seamlessly alongside Alcide’s leading Kubernetes security capabilities.
Gartner predicts that distributed cloud solutions will be a strategic technology trend in 2020.
As such, companies will need tools that are purpose built to solve security and compliance
challenges such as the Alcide Kubernetes Security platform. The Alcide Security Platform made
headlines last summer when it was used to discover that 89% of Kubernetes deployments were
not leveraging critical security resources within K8s. The radical new architecture of cloud
native software and the novel operating environment of Kubernetes is leaving DevOps teams
struggling to provide data security. This gap in security extends to regulatory compliance for
security and privacy, a responsibility now partially shared by DevOps: in a report by Verizon on
payment security, about 54% of companies in Europe and 61% of companies in America fail to
comply with PCI DSS.

“Our findings on how companies are predominantly not using Kubernetes Secrets resources
showed us how much DevOps needs automated systems to identify security and compliance
risks. Building regulatory compliance scanning checks into Alcide Security Platform is a natural
next step for Alcide” says Amir Ofek, CEO of Alcide. “The Kubernetes community is facing a
shortage of skilled developers and security professionals, and Alcide is stepping up to meet
the need for tools that enable DevOps and SecOps to maintain automated security and
compliance at scale.”

Alcide’s 2019 State of Kubernetes Adoption and Security survey revealed 44% of respondents
are using Kubernetes in production today, compared to 20% in 2018. The rapid adoption of
K8s and the fact that companies are looking to add compliance checks to their K8s
environments indicates that companies are more comfortable with moving their K8s to
production environments. As such, they must plan for regulatory compliance.
Privacy and security compliance takes on many forms and exists in many verticals. PCIDSS
emphasizes protection of payment card and transaction data, while GDPR seeks to protect the
personal information of EU citizens doing business anywhere in the world. Cloud Native applications are particularly challenging when seeking compliance with these regulations, since
standards such as PCI were not written with containers and Kubernetes workloads in mind.
Developers must find analogous architectures such as defining whether a server definition in
PCI is more like a pod, a node, or a cluster. Auditors are still catching up with cloud native
technology and architecture, which further complicates the compliance process.

To address these challenges, Alcide has turned their Alcide Security Platform toward
compliance scans for PCI and GDPR. Today’s announcement brings easy-to-implement
compliance checks to users of the Alcide security tool to DevOps team. For example, installing
and maintaining a firewall configuration to protect cardholder data, or to prohibit direct public
access between the Internet and any system component in the cardholder data environment.

See the Alcide Kubernetes Security Platform in action at KubeCon + CloudNativeCon Europe
2020 , March 30 through April 2 in Amsterdam. Press and analysts attending the show are
invited to schedule an in-person briefing with Alcide.

For more information, contact Karine Regev below.
● Read our blog on PCI Compliance for DevOps and SecOps Teams
● Read about how the Alcide Kubernetes Advisor was able to discover 89% of Kubernetes
deployments do not leverage Secrets resources.
● The Alcide Kubernetes Advisor is available for a free download here .

Alcide is a Kubernetes security leader empowering DevOps teams to drive seamless security
guardrails to their CI/CD pipelines, and security teams to continuously secure and protect their
growing Kubernetes deployments. Alcide provides a single Kubernetes-native AI-driven
security platform for cross Kubernetes aspects: configuration risks, visibility across clusters, and
run-time security events. Combined with policies enforcement, and a behavioral anomaly
engine that detects anomalous and malicious network activity, Alcide ensures that the entire
Dev. to production pipeline is secured.