Encrypted Flows on all traffic needs to be shown for Regulated Workloads

ibm-cloud-docs / vmwaresolutions

IBM Cloud for VMware Solutions Production URL:

https://cloud.ibm.com/docs/services/vmwaresolutions?topic=vmware-solutions-getting-started#getting-started-with-ibm-cloud-for-vmware-solutions

8 stars 41 forks source link

Encrypted Flows on all traffic needs to be shown for Regulated Workloads #958

Closed mark-buckwell closed 4 years ago

mark-buckwell commented 4 years ago

Many clients will have policies that require all traffic to be encrypted in transit. They will also ban self-signed keys and need a way of performing immediate revocation.

The Caveonix page lists communication over 808x rather than 443 which I assume is traffic using clear text.

The solution for ALL software needs to demonstrate ALL traffic is encrypted. This would include all syslog communication.

delia-rusu commented 4 years ago

Response from the document owner: Not possible to encrypt all flows since not all devices support this capability. Example - ESXi no support for fully encrypted traffic flows in all cases. vSAN as an example does not support encryption for traffic in transit. Many devices do not implement secure syslog. Compensating controls are necessary or the platform may not meet their requirements.