- Calico Cloud
- Encryption
Overview
Not all threats originate from outside an organization. According to Gartner, nearly 75% of breaches are the result of insider behavior, people within the organization such as employees, former employees, contractors, or business associates who have inside information concerning the organization’s security practices, data, and computer systems. This level of exposure is unacceptable for organizations that have strict data protection and regulatory compliance requirements. Calico data-in-transit encryption provides category-leading performance and lower CPU utilization than legacy approaches like IPsec and OpenVPN tunneling protocols. No matter where a threat originates, data encrypted by Calico is unreadable to anyone except the legitimate keyholder, thus protecting sensitive data should a perimeter breach occur.
Benefits
Enables Compliance
Enables compliance with corporate and regulatory data protection requirements that specify the use of encryption, including SOX, HIPAA, GDPR, and PCI.
Leading Performance
Delivers better performance and lower CPU utilization than IPsec and OpenVPN tunneling protocols. Calico with encryption enabled is 6x faster than any other solution on the market.
Data Protection
Provides defense-in-depth when combined with existing Calico security solutions like workload access controls, extending firewalls to Kubernetes, and intrusion detection (IDS).
Capabilities
- Calico uses WireGuard to implement data-in-transit encryption. WireGuard runs as a module inside the Linux kernel and provides better performance and lower CPU utilization than IPsec and OpenVPN tunneling protocols.
- Calico encryption eliminates operational complexity for DevSecOps teams vs. standard approaches. TLS, for example, requires SSL certificates and results in more complexity and operational overhead for IT organizations that are already overburdened.
- Calico encryption can be used to address regulatory mandates that specify the use of encryption, including SOX, HIPAA, GDPR, and PCI.
- Independent benchmark tests of Kubernetes CNI’s show that Calico with encryption enabled is 6x faster than any other solution in the market.
How It Works
Encryption is a foundational element for environments that must meet regulatory compliance requirements for data privacy and protection. Calico encryption combines superior performance and reduced CPU utilization with operational simplicity.
