Category: Compliance

InCloud NativeComplianceficamicamIdentity ManagementKubernetesLinuxOpen SourceSecuritysso
At Tremolo Security, everything we do is open source.  Our CTO, Marc Boorshtein, recently taught a class at BSidesDC on Kubernetes identity management.  He walked a class through integrating a cluster into Active Directory, adding authorization processes, enabling the audit log and building pod security policies.  We created a self contained lab for this class…
InCloudCloud NativeComplianceicamIdentity ManagementKubernetesOpen Sourcesso
  You’ve deployed Kubernetes and someone says “This requires privileged access, that means multi-factor authentication!” It makes sense. You don’t want a phishing email to compromise your cluster. A recent Google study showed that upwards of 90% of phishing attacks are stopped with multi-factor authentication. If your’e a cluster admin and you were to get…
InCloudCloud NativeComplianceIdentity ManagementKubernetesOpen Sourcesaml2Securityuser provisioning
Kubernetes Authentication Tremolo Security today released Orchestra, an open source portal for Kubernetes authentication and automation. Authentication and access management are two of the hardest to manage components of Kubernetes.  The Orchestra portal simplifies both these components with a simple to deploy solution that integrates both command line and dashboard access to your cluster. Orchestra's...
InCloud NativeComplianceficamicamIdentity ManagementKubernetesOpen SourceOpenShift
That’s right, except for one single use case, you shouldn’t ever use certificates for authentication to Kubernetes clusters.  Its simply not as secure as it appears, especially when OpenID Connect is available.  In this blog post we’re going to walk through a quick refresher of public key cryptography, detail why using it for authentication to…
InComplianceficamicamIdentity ManagementImplementation CostsOpen Sourcessouser provisioning
If you’ve done any work for or with the US federal government, you’ve heard the acronym ICAM or FICAM.  It stands for the Federal Identity, Credential and Access Management standards outlined at https://gsa.github.io/ficam-arch/.  These are a set of standards agencies should follow when it comes to identity management, items like using your PIV cards for authentication…
InCloudCloud NativeComplianceIdentity ManagementImplementation CostsOpen SourceOpenShiftRed Hat
The OpenShift team at Red Hat has put together a GREAT compliance guide for OpenShift.  This doc does a great job detailing each control in NIST 800-53.  There’s one major compliance issue that this document explicitly leaves to the “Organization” – identity management.  As you go through this document you’ll notice that nearly every control…