Network Security Dashboard
Taking into account the state of the art [...] the controller and the processor shall implement [...] as appropriate [...] encryption of personal data;
In assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed. [highlights added]
(2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.
Mapping to ISO 27001 Controls
Compliant Kubernetes Network Security Dashboard
The Compliant Kubernetes Network Security Dashboard allows to audit violations of NetworkPolicies (i.e., "firewall rules"). In the best case, denied traffic indicates a misconfiguration. In worst case, denied traffic indicates an ongoing security attack.
Significant or unexpected increases of allowed traffic should also be closely monitored. In best case, these may indicate inefficient application code which may cause capacity issues later. In worst case, these may indicate an attempt to exfiltrate large amounts of data or to use the cluster as a reflector for an amplification attack.
Therefore, this dashboard should be regularly reviewed, perhaps even daily.
Make sure you have a proper incident management policy in place. If an attack is ongoing, it might be better to take the system offline to protect data from getting in the wrong hands. Operators need to be trained on what events justify such an extreme action, otherwise, escalating the issue along the reporting chain may add delays that favor the attacker.
In less severe cases, simply contact the developers to investigate their code, fix needless communication attempts or update their NetworkPolicies accordingly to fix any potential misconfiguration.