Updates to Red Hat Advanced Cluster Security for Kubernetes Cloud Service strengthen your security posture

Making sure your Kubernetes environment is secure and compliant is a critical, ongoing challenge, especially for enterprise workloads in the hybrid cloud. To help you meet security requirements with greater confidence and efficiency, we’ve just rolled out key updates to Red Hat Advanced Cluster Security for Kubernetes Cloud Service. This latest release helps significantly strengthen your security posture with newly added industry-standard certifications, including ISO 27001 and PCI DSS 4.0, and deeper integration with key AWS services. These enhancements are designed to streamline compliance, improve threat detection and simplify security management across your hybrid cloud environment.

First among those updates are the addition of the following security certifications to Red Hat Advanced Cluster Security for Kubernetes Cloud Service:

Compliance

ISO/IEC 27001:2022

ISO/IEC 27017:2015

ISO/IEC 27018:2019

PCI DSS 4.0

SOC 2 Type 2

SOC 2 Type 3

Additionally, the Red Hat OpenShift AWS Security Maturity Model Guide will show how to use Red Hat Advanced Cluster Security for Kubernetes to implement AWS Security Maturity Model v2 to enhance your Kubernetes Security Posture Management (KSPM). This includes four levels of maturity for every aspect of the effort, from application security to data protection, with recommendations for all four phases (quick wins, foundational, efficient and optimized).

From that report:

Integration with AWS services

Red Hat Advanced Cluster Security Cloud Service can integrate with key AWS services to help organizations build and maintain a strong Kubernetes security posture. For monitoring and observability, Red Hat Advanced Cluster Security supports forwarding logs to Amazon CloudWatch or SecLake for centralized visibility into policy violations and runtime anomalies. Additionally, teams can integrate with SecLake to consolidate findings from Red Hat Advanced Cluster Security alongside other AWS-native security services, streamlining risk analysis across the entire cloud environment. For threat detection, Amazon GuardDuty complements Red Hat Advanced Cluster Security runtime detection capabilities by adding context from AWS infrastructure-level events.

Red Hat Advanced Cluster Security also supports audit log forwarding, helping organizations to capture API calls from both Red Hat Advanced Cluster Security and Kubernetes and send them to a centralized logging system for compliance tracking and incident response. Integration with identity systems, including AWS Identity and Access Management (IAM), allows organizations to apply consistent authentication policies. This includes configuring MFA through identity provider federation and applying IAM role assumptions or identity federation for centralized credential management. Red Hat Advanced Cluster Security supports temporary credentials for integrations and service tokens to limit long-term exposure.

Deployment architecture and capabilities

Red Hat Advanced Cluster Security can be deployed in a variety of architectural configurations to suit different operational and governance requirements.

Teams using a self-managed Kubernetes architecture can install and configure Red Hat Advanced Cluster Security on Red Hat OpenShift using its operator, and then use it to enhance the security focus of other Kubernetes deployments. Configuration can be automated with IaC practices, GitOps, or Red Hat Advanced Cluster Management workflows, allowing for consistent deployments across clusters and environments. Declarative configuration and API-powered management make Red Hat Advanced Cluster Security suitable for use in both connected and disconnected environments.

The platform also supports automated compliance reporting. Organizations can assess and track compliance against standards such as PCI-DSS, NIST, and HIPAA using built-in profiles. Reports can be scheduled and exported from the Red Hat Advanced Cluster Security dashboard to support audits or internal assessments. These capabilities help satisfy the AWS Cloud Adoption Framework (CAF) Security Perspective, which emphasizes continuous risk evaluation, auditability, and evidence-based control tracking.

In terms of workload protection, Red Hat Advanced Cluster Security offers network segmentation capabilities through Kubernetes-native network policies, in addition to vulnerability and supply chain risk detection. These policies allow teams to enforce zero trust access patterns, segment workloads, and restrict outbound traffic. Runtime threat detection is activated via behavioral analysis and baseline profiling for applications and services. Suspicious activity, such as privilege escalation or unusual process execution, can be automatically detected and responded to through policy enforcement and integrations with SIEM or SOAR platforms.

Red Hat at re:Inforce

If you’re heading to AWS re:Inforce in Philadelphia this week, be sure to stop by Red Hat’s booth #836 at the show. We’ll be demonstrating all the ways you can run Red Hat OpenShift on AWS, as well as the recent updates to Red Hat Advanced Cluster Security for Kubernetes Cloud Service.

We’ll also have speakers at the show. In the Lightning Theater in Expo Hall on Monday, June 16, 5:30-6PM, Red Hat’s Michael Foster, Principal Product Marketing Manager and Sudhir Prasad, Sr. Director Product Management will discuss “Proven techniques to build a trusted software supply chain for AI apps.” We hope you can attend.