Nirmata Policy Manager (NPM), powered by the widely adopted open-source CNCF policy engine – Kyverno, enables platform engineering teams to enforce security, compliance, governance, and automation policies across Kubernetes clusters and workloads. At the recent CloudNativeSecurityCon in Seattle, the lack of security policies was discussed as a primary reason for an increase in vulnerabilities due to misconfigurations. An alarming 87% of container images running in production have critical or high-severity vulnerabilities, up from 75% a year ago. Nirmata Policy Manager is designed to address these issues including misconfigurations and software supply chain security with centrally managed policies.
Nirmata Policy Manager provides a simplified and scalable way to manage policies, get central visibility, and ensure compliance across multiple Kubernetes clusters. By leveraging open-source Kyverno as the underlying policy engine, Policy Manager eliminates any vendor lock-in and allows platform teams to benefit from the community innovation with a Kubernetes native policy as a code solution.
One of the key benefits of Nirmata Policy Manager is its ability to enable secure self-service for developers. With Policy Manager, the platform engineering teams can define policies that enable developers to work within predefined guardrails. Developers can make use of pre-approved and signed container images and configurations, while Policy Manager ensures that security and compliance policies are enforced. Policies can also be used to generate any default configurations required prior to onboarding new developers or applications. This helps developers to move faster while also ensuring that security and compliance are maintained.
In terms of security, Policy Manager policies can be used to enforce pod and workload security policies, manage service accounts, and limit container capabilities. For example, a Policy Manager policy can be defined to ensure that all containers run with a non-root user, which helps prevent privilege escalation attacks.
Similarly, Policy Manager policies can be used to enforce compliance with industry regulations, such as PCI DSS and HIPAA. In case policies are configured to block the creation of insecure configuration, platform teams are notified so that any corrective actions can be. For example, platform teams may want to create an “exception” for certain applications allowing them to be deployed with elevated privileges.
Nirmata Policy Manager can also be used to enforce Kubernetes governance policies, such as resource quotas and labels. For example, a policy can be defined to ensure that only authorized users can create, update or delete specific resources within a cluster. Similarly, policies can be used to ensure that all resources are labeled consistently, making it easier to manage and track resources across multiple clusters. Clean-up policies can be used to periodically delete any unused resources ensuring that your clusters are not overloaded.
Another benefit of Nirmata Policy Manager is its ability to automate operational workflows, eliminating the need for manual handoffs or ticketing systems. For example, policies can generate, and clean up, fine-grained and Just-In-Time (JIT) configurations such as roles and role bindings improving security and increasing productivity.
Policies can be defined to automatically remediate non-compliant resources or to generate alerts when non-compliant resources are detected. Policies can also be created to inject custom CA certificates or sidecars eliminating the need to write custom controllers for such workflows. This reduces the burden on platform engineers and ensures that policies are consistently enforced across multiple clusters.
Nirmata Policy Manager has been successfully adopted by several organizations to accelerate their platform engineering strategy. For example, a leading logistics company used Nirmata Policy Manager to enforce security and compliance policies across their fleet of Kubernetes clusters. Another company in the industrial IoT space uses NPM to establish guardrails for the developers to prevent misconfigurations and improve the overall security posture of their cloud service to meet the necessary compliance standards.
To summarize, Nirmata Policy Manager, powered by Kyverno, is a powerful solution that enables platform engineers to enforce Kubernetes governance, security, compliance, self-service, and automation policies on Kubernetes clusters.
By adopting Nirmata Policy Manager, organizations can accelerate their platform engineering strategy, reduce the risk of security and compliance issues, and gain a competitive advantage in their industry.
For in-depth understanding of Kubernetes policy management, download this free ebook: Policy-based security and governance for Kubernetes
For a quick overview of Nirmata Policy Manager, check out this video. You can also sign up for a free trial of Nirmata Policy Manager here.