Zero-to-jupyterhub-k8s: Encryption in Transit for JupyterHub

Created on 6 Apr 2018  路  6Comments  路  Source: jupyterhub/zero-to-jupyterhub-k8s

From a brainstorm on how to choose "reasonable defaults" for within-deployment encryption, and making sure that it hits major security requirements.

  • [ ] Look into Istio for encryption within a deployment.
  • [ ] Investigate the FedRAMP guidelines for securing cloud resources
  • [ ] Talk to a few stakeholders who need FedRAMP for their deployments, get an idea for what they're concerned with, what narratives would be compelling to them.
  • [ ] Decide how we should enable within-deployment security in terms of Z2JH - do we write code / defaults with the helm chart? Do we just write documentation?
  • [ ] Write the code / documentation needed and convince people to use this.

cc @yuvipanda @willingc @ellisonbg @Carreau @ian-r-rose

picture choldgraf
👍1

Most helpful comment

What exactly is FedRAMP? There is lots of buzzwords on their webpage but after reading it I am confused if they are a service provider, set of guidelines, a standard, ..?

I'd be interested in figuring out what the european equivalent is and see if we can kill two birds with one stone.

picture betatim on 7 Apr 2018
👍2 🎉1

All 6 comments

What exactly is FedRAMP? There is lots of buzzwords on their webpage but after reading it I am confused if they are a service provider, set of guidelines, a standard, ..?

I'd be interested in figuring out what the european equivalent is and see if we can kill two birds with one stone.

betatim picture betatim on 7 Apr 2018
👍2 🎉1

I think that others could explain better than I - I was just trying to synthesize some notes from the meeting in San Diego, but my understanding was that fedramp is a set of federal rules that need to be met in order to consider "sensitive data" deployments as "secure". I agree we should get 2 birds with one stone wherever possible!

choldgraf picture choldgraf on 7 Apr 2018

@choldgraf Since this issue covers project-wide decisions and discussion, let's move this to the team-compass repo until we have concrete actions on this repo. I suppose we could move the general issue to the team-compass repo and leave "Work on proof of concept for Istio and z2jh" here

willingc picture willingc on 7 Apr 2018

@betatim Chris is basically on the mark re: FedRamp definition.

As the U.S. Federal Agencies began using more cloud services and their providers, the Office of Management and Budget (OMB) set down guidelines/rules for the agencies to follow when choosing cloud products or services. There's a process that each agency must follow to ensure security that includes:

  • identifying what must be secure (data, access, etc.)
  • selection of vendors who have certified products/services and/or proving that the product/service can meet the steps for certification
  • ongoing steps to make sure that security is maintained after deployment
willingc picture willingc on 7 Apr 2018

Would someone mind updating this to show what's still relevant?

manics picture manics on 10 Jun 2020

I would be fine with closing this as dated and a new issue created if needed.

willingc picture willingc on 11 Jun 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jonathanballs picture jonathanballs  路  3Comments
jgerardsimcock picture jgerardsimcock  路  4Comments
UsDAnDreS picture UsDAnDreS  路  4Comments
bleggett picture bleggett  路  3Comments
betatim picture betatim  路  4Comments