Case study: Calico enables HanseMerkur to reduce infrastructure overhead and achieve ISO 27001 compliance

Established in 1875, HanseMerkur is one of the oldest private health insurance companies in Germany, with customers across Europe. The company ran multi-tenant clusters on premises with Kubespray, with around 150 internal software developers as users. As the company must handle personal information and confidential data, it adheres to ISO 27001, the German equivalent of SOC 2, as per industry standards.

The company’s legacy platform was based on Kubernetes 1.11 (released in 2018), and no updates could be made without completely rebuilding the platform. In fact, the company needed to build new clusters for each new product and also rebuild the existing clusters in order to update Kubernetes versions.

HanseMerkur’s clusters were virtualized on top of a legacy hypervisor, and resources had to be sized for traditional deployment on a per tenant basis. There were a number of issues with this set up, including high overhead, low flexibility, and over-consumption of hardware. As a result, the company’s platform team wanted to go bare metal and consolidate the company’s entire infrastructure into one place.

In an exclusive interview, HanseMerkur details how Calico helped solve the challenges of their consolidation project and helped the company enforce the security and observability capabilities needed to achieve ISO 27001 compliance.

Case study highlights

The consolidation project required HanseMerkur to solve three major challenges with their Kubernetes operations:

  1. Maintenance overhead and lack of workload isolation for compliance
  2. Long approval cycles for platform and security teams
  3. Lack of visibility for dev teams

Using Calico’s microsegmentation, policy lifecycle management, and observability capabilities, HanseMerkur successfully consolidated 16 clusters into 4 and remained ISO 27001 compliant.

“Calico simply stood out from the other solutions we were evaluating. Tigera gave us all promised deliverables on time. The solution’s robust security capabilities helped us remain compliant with ISO 27001, and allowed us to consolidate 16 clusters into 4. We’re glad we enlisted Tigera’s container and Kubernetes solution, Calico.”

—Thorben Theil, DevSecOps, DevOps & IT – Security, HanseMerkur

Read the case study:
Calico enables HanseMerkur to reduce infrastructure overhead and achieve ISO 27001 compliance.


Join our mailing list

Get updates on blog posts, workshops, certification programs, new releases, and more!