Guest post by Jim Bugwadia

The CNCF Kubernetes Policy Working group (WG) has just released a new paper on policy based Governance, Risk, and Compliance to help educate the community about how cloud native best practices can be used to address key business risks.

This paper aims to provide a clear understanding of why Policy as Code is important for organizations to reduce toil and scale usage of cloud native technologies that accelerate delivery.

“Governance, Risk, and Compliance have remained manual processes for most organizations, whereas the cloud native approach is to codify and automate all things. This paper shows you how to transform and replace costly processes with open and composable solutions.”  

Robert Ficcaglia co-chair of the CNCF Kubernetes Policy Working Group.

The paper describes how Kubernetes policies can be used as a building block for automating security, compliance, and governance. Policies explicitly surface risks and build greater awareness across teams so that risks can be mitigated earlier. The paper also describes how policies can be applied to each phase of the cloud native lifecycle. 

“Policies, when combined with cloud native best practices such as GitOps, can be a game changer for organizations dealing with the complexity of securing and delivering modern applications, and complying to internal and external standards, across clouds, data centers and edge computing. This paper shows how policy as code can be used to provide secure self-service for developers, autonomy for operators, and a foundation for collaborative continuous compliance between them and the security and compliance teams.”

Jaya Ramanathan, Distinguished Engineer at Red Hat and a lead contributor to the CNCF Policy working group

Kubernetes working groups are organized to address specific topics that span SIGs. The Kubernetes Policy WG is focused on policy implementations, architectures, and best practices for Kubernetes. 

If you are interested in advancing Kubernetes policy management, join an upcoming meeting or message the group on the Slack channel.

The Kubernetes Policy Management paper is available on GitHub.