Understand Compliance Across your Organization
Running multi-cloud or hybrid environments using a single management interface to twist and turn controls is ideal when running your infrastructure anywhere, but unfortunately, not all vendor solutions play well with each other. The same management interface that you use for one cloud provider, can be totally different from the next leaving you and your team having to learn yet another system and toolset to achieve one set of uniform results.
When dealing with compliance, we have this same challenge. A provider’s compliance tool typically supports their own products and no other, putting you in an awkward position of having to match one solution’s features against another. Your choice to go multi-cloud, or hybrid, will then come down to each solution having feature parity with each other. This can be challenging since as of today, not all providers are created equal. Another problem can arise when translating configurations between disparate systems, continuing to challenge the skills of your practitioners.
To avoid a vendor lock-in scenario, Magalix is a centralized Policy-as-Code management and compliance offering that helps you instantly make sense of your compliance posture without the need to translate one set of policies across different providers or Kubernetes implementations. Having one set of policies applied across your entire cloud-native stack means you can compare apples to apples while remaining confident that the policies you are enforcing are the same regardless of where they are being applied.
Know What's Not Compliant
By default, Magalix applies our best practice out-of-the-box Policies to all connected clusters. Once the cluster is connected, view violations by Policy, or by Entity type, by cluster. For instance, let’s say you want to see all the entities that are violating the “Containers are missing Startup Probe” policy.
Drill down into your cluster, view by Violations, and find a Policy that’s in violation to see more details, like which entities are in violation, and when the violation was triggered.
If you want to zone in on a specific entity and understand it’s compliance state, you can do that as well. In the image below, you can see that the entity (deployment) telepresence-tony is violating 18 policies. 
Robust Reporting
Implementing DevSecOps requires multiple team members with different security perspectives coming together to keep your environments safe and sound. What’s important to a Security engineer might not be well understood by a DevOps engineer. What’s important to an auditor might not even be on a software engineer’s radar.
At Magalix, we spent a lot of time in the shoes of the various roles on your SecDevOps team. We also know that different information is relevant depending on what stage of the SDLC you are at.
For those trying to understand success metrics when shifting left, Magalix KubeGuard allows commit-time checks of your code against any policy you specify. Verify compliance before deploying so everyone contributing to your SecDevOps team can get fast governance feedback while being proactive.
For those trying to understand compliance post-deployment, or at run-time, our Violations dashboard presents a rich set of data points to help you track compliance and resolve any issues that may arise.
For those that abide by regulatory compliance such as PCI-DSS, Magalix offers unique reporting views that group all related policies and associates them with the specific regulatory requirements. In addition, attaching saved evidence to each violation builds robust reports for auditors with ease.
Conclusion
Implementing a governance solution is hard enough. Maintaining governance across cloud providers, multiple Kubernetes clusters, and other cloud-native tools in an ever-growing and changing landscape sounds impossible. It’s no surprise that many organizations struggle with implementing a robust and trusted solution.
Our goal at Magalix is to simplify your technical governance responsibilities by providing uniform governance and reporting that’s easy to customize and understand. Our rich library of policies supports DevOps best practices as determined by years of experience and community consensus, along with regulatory requirements such as the 12 requirements for PCI-DSS.
Comments and Responses