Kubernetes Breaks Traditional Security Models

Kubernetes dynamically orchestrates workloads to maintain the desired state of your application. Every time a workload is launched, it receives a new IP address and could be located on another node. This works well for scaling your application and maintaining uptime, however it breaks the current security model that was designed for static resources like VMs and bare metal servers.


Kubernetes Requires a Modern Approach to Security and Compliance

Zero-Trust Network Security

With 40% or more of all breaches originating from within the network, you must always have to assume that something has been compromised. Applications running on Kubernetes make heavy use of the network for service to service communication. However, most clusters have been left wide open and are vulnerable to attack. A zero trust approach is the most secure way to lock down your Kubernetes platform.

Continuous Compliance

Kubernetes is dynamic and constantly changing. Moments after a compliance audit is completed the environment will have changed again. A continuous compliance solution is the only way to prove that your security controls have been implemented properly now and historically.

Visibility and Traceability

Applications running on Kubernetes Platforms have constantly changing IP addresses and locations that makes it impossible to use traditional flow logs to debug issues and investigate anomalous activity. The only accurate approach is to use Kubernetes labels and workload identity in your netflow logs.

Multi-cloud and Legacy

Many applications running on Kubernetes will not be greenfield. Applications often need to communicate securely with other systems outside of the cluster, such as on-premises or cloud-based VMs, bare metal servers and databases. To achieve zero trust security for Kubernetes, your security policies must be capable of expanding beyond the cluster.

Powered by Tigera

Modern Security for the Next Generation of Compliance Requirements

Kubernetes is being adopted by every major enterprise on the planet for deploying modern, containerized applications. However, containers are highly dynamic and break their existing security models. Tigera provides zero-trust network security and continuous compliance for Kubernetes platforms that enables enterprises to meet their security and compliance requirements.

Tigera’s technology is recognized and trusted as the de facto standard for Kubernetes network security. Our open source software, Tigera Calico, provides production-grade security, and our commercial offerings layer on advanced security capabilities, enterprise controls, and compliance reporting.