Runtime Workload Monitoring #

Control ID: SDLC-CTRL-0016 | Type: Detective

Summary #

Production workloads are continuously monitored to detect and alert on any non-compliant or unauthorised changes in real time.

Mitigates Risk

Description #

Ensuring that risks are controlled in the value stream is the first level of software process compliance. Beyond this, it is important to have a monitoring process in place to ensure that unknown or non-compliant workloads are identified in production.

Runtime workload monitoring provides a forensic history of all changes to production environments, enabling retrospective analysis of what was running at any point in time. Combined with deployment controls, it creates a closed-loop compliance system that both prevents and detects unauthorised changes.

Requirements #

• All production workloads MUST be continuously monitored for compliance status
• Non-compliant or unauthorised workloads MUST generate alerts
• A forensic history of all workload changes MUST be maintained
• Monitoring MUST cover all runtime environments including containers, serverless functions, and storage
• Alert notifications MUST be delivered to the appropriate response channels

How we implement this control #

• A full forensic history of all container runtimes, lambda functions and S3 buckets are recorded using Kosli environments and can be found here: https://app.kosli.com/kosli/environments/
• Unauthorised or non-compliant workloads are recorded and create alerts in our Slack channels

Compliance Frameworks #

Links #

• Kosli — Environment Monitoring
• Kosli — A Flight Data Recorder for Your Runtime Environments