Importance of a Secure Cluster
Threats to your cluster can come from a variety of sources, so securing your cluster against all of these sources is important.
External attackers might gain access to your cluster and compromise sensitive data, malicious software might be implemented through known vulnerabilities, and insiders or third party vendors might misuse legitimate permissions if authorization is not appropriately implemented.
Governing bodies have implemented various data protection and privacy laws which you must implement into your cluster’s security. For example, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a United States federal law that requires protecting sensitive patient health information from being disclosed without the patient’s consent or knowledge. The General Data Protection Regulation (GDPR) is a regulation in European Union law aimed at enhancing individuals’ control and rights over their personal data both inside and outside the EU.
Additionally, if your business accepts credit card payments, you must comply with the Payment Card Industry Data Security Standard (PCI DSS). This global standard applies a series of security measures to ensure the safety of your customers’ credit card information.
It is therefore crucial to have a secure cluster that addresses all potential threats and vulnerabilities, and complies with all data protection and privacy laws. By actively reducing the threat surface on your environment, you actively manage the risk, likelihood, and impact of a security event.