Mastering the “compliance end run” with Chainguard Images
I have lost count of how many prospects have come to us saying:
We gave the customer our software to run in their environment, and they sent it back with a list of vulnerabilities for us to fix.
This back and forth slows down procurement cycles, time to value, creates friction with product adoption, and can stoke a customer’s fears that your product is a liability in their environment. But why is this such a common occurrence? It is because of the “compliance end run” where companies have their customers run their product themselves because the customer is subject to stricter compliance than the company is certified for “as-a-Service.”
The basic idea is: frameworks like PCI DSS and FedRAMP are strict and expensive to implement, so instead of going through them many companies will let customers run a version of their stack themselves. But now the customer is accountable for that piece of software being compliant with their frameworks. This technique is a brilliant dodge of most of the controls, since they slot into the customer’s existing processes for many facets of compliance, but there’s one key facet this technique does not dodge: vulnerability management.
The compliance frameworks that this technique is most commonly used to dodge are also the frameworks with the strictest policies around vulnerability management! Both PCI DSS v4 and FedRAMP Rev 5 require vulnerabilities to be fixed with strict timelines. Companies that fall out of compliance can get hit with expensive fines (to the tune of millions of dollars), or worse still: lose their certification and wipe out an entire line of business.
Enter Chainguard Images. Our minimal, secure container images have helped companies achieve compliance with the most stringent frameworks out there, which makes them an ideal starting point for a successful “compliance end run.” What’s more, your images may come out looking better than most of what they are currently running! Generally, once our customers have on-boarded they see reductions far exceeding their initial vulnerability reduction goals.
If this compliance back and forth sounds familiar to you, head over to our Compliance & Risk Mitigation resource page to learn more about how Chainguard Images can help you with your compliance goals!
Share this article
Related articles
- Product
Introducing the Self-Serve Catalog Experience
Chainguard launches the Self-Serve Experience for Catalog customers: instantly add, rename, or remove container images from our catalog, no tickets required.
Tony Camp, Staff Product Manager
- Product
Custom Assembly Updates: Create Multiple, Customized Variants of a Chainguard Container
Customize Chainguard Containers with the latest Custom Assembly update. You can create, edit, and manage secure, zero-CVE image variants directly in the console.
Tony Camp, Staff Product Manager
- Product
Class in Session: Chainguard Contributes to the Higher Education Community
Catch up on what Chainguard is doing with higher education institutions to advance open source security and build the next generation of innovation.
Ewan Simpson, Higher Education Advocate, and SJ Cushing, Field Marketing Manager, Higher Education
- Product
Secure and Free MinIO Chainguard Containers
MinIO pulled its free images—but Chainguard has you covered. Get zero-CVE, continuously built MinIO and MinIO Client containers, free and secure from Chainguard.
Manfred Moser, Senior Principal Developer Relations Engineer, Dimitri John Ledkov, Senior Principal Software Engineer, Lisa Tagliaferri, Senior Director, Developer Enablement, and Aaditya Jain, Senior Product Marketing Manager
- Product
Chainguard Libraries for Python: Now Generally Available with CVE Remediation and Malware Protection
Chainguard Libraries for Python, trusted open source language libraries designed for CVE remediation and malware protection, is now generally available.
Bria Giordano, Director, Product Marketing, and Anushka Iyer, Product Marketing Manager
- Product
Shifting Left: Why I’m Building at Chainguard
Chainguard SVP of Product Patrick Donahue shares why he is excited to join Chainguard and how he plans to help build products developers love.
Patrick Donahue, SVP of Product