21 Feb #RoadCast2017: CIS Docker Benchmark And Security Vs Compliance With @Cavirin
We just returned from Silicon Valley where we met with industry experts to discuss the latest technologies and the current state of enterprise IT. We stopped at Cavirin, a security and compliance company that offers a risk and compliance platform for managing both cloud and on-prem environments.
We met with Pravin Goyal, Director of Information Security and Compliance Engineering at Cavirin, to discuss the basics of CIS benchmarks to get a better understanding of why they’re so important.
CIS (Center for Internet Security) benchmarks offer unbiased, consensus-based industry best practices, Goyal explains in our video interview, which can help organizations assess their current security and figure out where improvements can be made. CIS benchmarks have a solid reputation and are recommended as system hardening procedures; they’re also used to meet various compliance requirements, including PCI and HIPAA.
Each CIS benchmark is created using a consensus review process, according to Goyal. Subject matter experts meet to discuss, test and agree upon the benchmarks and after they’re published the second phase of the consensus review process begins.
Goyal was involved in creating the CIS benchmark for Docker back in 2015. He saw the need for a better approach to Docker security, which stemmed from a lot of misinformation. Goyal said he found a lot of biased facts, untested evidence and fragmented advice around Docker security and he wanted to do something to fix it. A new Docker CIS project was born producing the CIS Docker Benchmark.
Cavirin as a company has been heavily involved in the project, maintaining the CIS Docker benchmark from the very start. Because of the fast pace of this emerging technology, the team at Cavirin has released a new benchmark for every new version of Docker, with the next major release coming in May 2017.
Security Vs Compliance
During a separate conversation we discussed security vs compliance, and Goyal offered great insight into what each process is truly about and what it means for organizations to be compliant and secure.
Visit cavirin.com to learn more about security, compliance and CIS benchmarking.