Mnemonic AS

Kubernetes Security Assessment

mnemonic's Kubernetes security assessment helps organizations identify and remediate vulnerabilities & attack paths in the complex world of Kubernetes deployments.

Features

• Assess the Kubernetes deployment using manual, consultant driven review
• Identify areas for improvement within the Kubernetes deployment
• Review the organisation's implementation of IAM within the Kubernetes deployment
• Identify dangerous attack paths within a Kubernetes deployment
• Identify and remediate configuration weaknesses
• Review a Kubernetes deployment architecture for deviation from best practices

Benefits

• Gain a broad overview of your Kubernetes deployment security posture
• Keep up with the constant pace of Agile devOps teams
• Receive advice for remediating dangerous, exploitable security issues
• Understand what securing a Kubernetes deployments entails for your organisation
• Receive a detailed report that includes findings and recommendations

£1,150 to £1,800 a unit a day

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nathan@mnemonic.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

407734841727407

Contact

Nathan Jones
+447891234688
nathan@mnemonic.co.uk

Planning

• Planning service: Yes
• How the planning service works: Mnemonic’s Kubernetes security assessment helps identify technical risks associated with your Kubernetes deployment. Whether your organisation has just started containerising services, or is already a devOps team with a large scaled deployment, or somewhere in between, our penetration testers and container security consultants can help identify security issues in your deployment. We also help you understand the potential impact a compromised Kubernetes platform can have for the organisation.; ; Our assessments provide detection of known vulnerabilities, weak security configuration and policy drifts in combination with actionable advice. This empowers your organisation to conduct quick, structured and prioritised remediation.; ; Additionally, deployments can always be tested and reviewed against common baselines such as Center of Internet Security’s (CIS) Kubernetes Benchmark, ensuring a measurable security baseline for your deployments.; ; Our expert Kubernetes security consultants are equipped with the knowledge and resources to evaluate your deployment in any of the major public cloud providers, including Microsoft Azure, AWS, and Google Cloud Platform. We can also evaluate deployments on bare metal, on-premise or private cloud platforms. We know that when it comes to Kubernetes security, one size definitely does not fit all, and consequently we always adapt our testing methods on a case-by-case basis.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • Other
• Other security testing certifications: SANS

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: N/A

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Support levels: All customers receive the same support level. At the start of each project, the customer is assigned a Technical Account Manager (TAM) from mnemonic whose responsibility is to coordinate and attend regular service meetings. The TAM serves as a trusted adviser to the customer to make recommendations on how to improve the service and security in general. This is all included in the service cost.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DNV GL - Business Assurance
• ISO/IEC 27001 accreditation date: 31/05/2005
• What the ISO/IEC 27001 doesn’t cover: The certificate is valid for the following scope: Security solutions sales, support and system integration. Security solutions consulting. Managed security services. Risk-based vulnerability analysis, penetration testing, security audit of applications, networks and security systems. In accordance with Statement of Applicability version 136, 2022-02-16.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: SRC - Security Research and Consulting, GmbH
• PCI DSS accreditation date: June 2018
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001:2015
  • NSM quality scheme for incident handling
  • SOC 2 - SOC for Service Organizations

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Wellbeing

  Fighting climate change

  mnemonic complies with national and international environmental legislation, and has operationalized its environmental commitment through specific measures as part of the certification as an Environmental Lighthouse.; ; With this, the company can document compliance with strict criteria within energy, transport, purchasing, waste, emissions, aesthetics and working environment. Eco-Lighthouse places strict demands on management and mnemonic's employees, and shows our suppliers, customers and partners that we take environmental work seriously. The certificate is valid for the period 2019-2022.; ; mnemonic moved its head office to Indekshuset, Oslo in August 2019. The building has a green profile with a high degree of waste recycling, activity-based lighting and ventilation that significantly reduces the climate footprint.

  Tackling economic inequality

  mnemonic acts in accordance with social legislation, including: Forced labor / slave labor (ILO Convention Nos. 29 and 105) Trade union organization and collective bargaining (ILO Convention Nos. 87, 98, 135 and 154) Child labor (UN Convention on the Rights of the Child, ILO Convention Nos. 138, 182 and 79, ILO Recommendation No. 146) Discrimination (ILO Conventions Nos. 100 and 111 and the UN Convention on the Elimination of All Forms of Discrimination against Women) Brutal treatment (UN Convention on Civil and Political Rights, Art. 7) Health, safety and the environment (ILO Convention No. 155 and Recommendation No. 164) Wages (ILO Convention No. 131) Working hours (ILO Convention Nos. 1 and 14) Regular employment (ILO Convention Nos. 95, 158, 175, 177 and 181) Marginalized population groups (UN Convention on Civil and Political Rights, Articles 1 and 2)

  Wellbeing

  Working environment is an important focus for the company, and is described in our Code of Conduct. We work actively to ensure good working conditions for our employees, which has yielded results. mnemonic is consistently rated amongst the top employers in Norway and Europe. In 2023 mnemonic was rated 1st in the “Great Place to Work” assessment for Norway. Based on a company culture with shared incentives for long term value, the employee retention rate has always been above 96%.

Pricing

• Price: £1,150 to £1,800 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nathan@mnemonic.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.