Category: Compliance

InCloud NativeComplianceficamicamIdentity ManagementKubernetesOpen SourceOpenShift
That’s right, except for one single use case, you shouldn’t ever use certificates for authentication to Kubernetes clusters.  Its simply not as secure as it appears, especially when OpenID Connect is available.  In this blog post we’re going to walk through a quick refresher of public key cryptography, detail why using it for authentication to…
InComplianceficamicamIdentity ManagementImplementation CostsOpen Sourcessouser provisioning
If you’ve done any work for or with the US federal government, you’ve heard the acronym ICAM or FICAM.  It stands for the Federal Identity, Credential and Access Management standards outlined at https://gsa.github.io/ficam-arch/.  These are a set of standards agencies should follow when it comes to identity management, items like using your PIV cards for authentication…
InCloudCloud NativeComplianceIdentity ManagementImplementation CostsOpen SourceOpenShiftRed Hat
The OpenShift team at Red Hat has put together a GREAT compliance guide for OpenShift.  This doc does a great job detailing each control in NIST 800-53.  There’s one major compliance issue that this document explicitly leaves to the “Organization” – identity management.  As you go through this document you’ll notice that nearly every control…