StackRox Teams with Stratus Medicine for Kubernetes Security and Compliance on Google Cloud Platform
April 2019 by Emmanuelle Lamandé
StackRox and Kubernetes security announced that Stratus Medicine has deployed the StackRox Kubernetes Security Platform to secure healthcare data and achieve Health Insurance Portability and Accountability Act (HIPAA) compliance.
Stratus Medicine provides a platform-as-a-service for healthcare providers and technology suppliers to collaborate on innovative applications. Using the Stratus Platform running in Google Cloud Platform, these healthcare entities can test and validate new technologies while keeping patient and other sensitive data protected by Stratus. Stratus Medicine relies on StackRox to secure and protect critical customer and healthcare data running in its multi-tenant platform.
"Containers and Kubernetes enable us to deploy new applications rapidly while maintaining isolation, decreasing the risk of data breach," said Chris Mutzel, principal architect for Stratus Medicine. "StackRox enables us to protect patient data, ensure HIPAA compliance, and protect our systems from vulnerabilities in the applications that our customers upload. The StackRox platform continuously hardens our container and Kubernetes environments, and it automatically detects and prevents threats. As we evaluated vendors, we found that StackRox was the only solution that was both container-centric and Kubernetes-centric, which provides both deeper context for risk prioritization and Kubernetes-native policy enforcement."
Stratus Medicine is using the StackRox Kubernetes Security Platform across several
Visibility: StackRox finds and secures all deployments and pods across namespaces and clusters, allowing Stratus to run at the speed and scale of DevOps while protecting applications and development infrastructure.
Vulnerability Management: StackRox streamlines vulnerability management for Stratus’ Kubernetes environments by integrating with the CI/CD pipeline to prevent known vulnerabilities from ever getting deployed.
HIPAA Compliance: StackRox automates checks for HIPAA compliance, identifies gaps or non-compliance with controls, provides clear and detailed remediation information, and exports evidence of compliance ahead of audits.
Risk-based Prioritization: StackRox provides a dynamic, multi-factor risk assessment that enables Stratus to immediately prioritize and triage the highest-risk deployments in the environment at all times.
Threat Detection: StackRox leverages a combination of rules, whitelists, and behavioral modeling to automatically detect threats and leverage built-in controls in Kubernetes for response.
The StackRox Kubernetes Security Platform supports all Kubernetes deployments, including self-managed clusters; managed services such as Amazon EKS, Azure AKS, and Google GKE; and Kubernetes distributions such as Red Hat OpenShift and Docker Enterprise Edition. The latest StackRox update includes capabilities to enable organizations to verify and provide evidence for compliance with NIST SP 800-190, PCI DSS 3.2, and HIPAA standards.