Azure Container Platform Security: 6-Wk Assessment

Enterprise container and Kubernetes platforms require a new approach when designing and maintaining the right security posture. An Azure-hosted enterprise container platform (ECP) that must be secure, compliant and stable often results in new technologies, processes, policies, controls, governance, methods and security operations frameworks.

This assessment reviews container security at multiple layers including but not limited to:

• How the Azure container and chosen container orchestration platform is configured versus best practice including both Azure Kubernetes Service (AKS) and Azure Red Hat OpenShift (ARO)
• How role based access controls are being used to manage container platform security
• How privileged identity management tools are being deployed to managed identities
• Which native Azure tools are being used and how (e.g. Azure Policy, Defender, Sentinel)
• Whether industry standards such as CIS benchmarks are being used to manage ongoing compliance (e.g. with Azure Policy)
• How the supply chain for container deployment is being monitored for security threats
• How 3rd party tools are being used and whether they are being used effectively
• Whether or not SOC (security operations centre) processes have been adjusted

BlakYaks will assess how ready the customer is to secure the enterprise container platform and manage its security posture through its lifecycle. We will review existing plans, architectures, designs, operational frameworks and thinking to identify any key gaps that exist that would compromise platforms scalability and security. We will look for opportunity to optimise and will enhance the security posture and its compliance to standards, controls and policies on an ongoing basis.

The engagement will culminate in a detailed report with a table of focus areas categorised into technology, process, policy, controls and people with key recommendations and priorities clearly defined in terms of business benefit and risk mitigation.